diff --git a/.gitignore b/.gitignore index 6701a887..fe0574ad 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ *.gz .vscode .DS_Store +data +conf +log \ No newline at end of file diff --git a/Changelog.md b/Changelog.md index 475fe080..617bc9c3 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,69 +1,267 @@ -Version 0.9.8-26-43 [15-Mar-2021] +Version 0.9.9-0-13 [2025-08-15] +================================================== +* Improvement: Activating FileManager licence for all users (credits to Official VestaCP) +* Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta) +* Improvement: Added support for PHP 8.3 and 8.4 +* SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP) +* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all .php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php) +* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot]) +* Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request') +* Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12 +* Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel +* Improvement: v-install-wordpress: Support for IDN format domains +* Security: Adding ProFTPD jail rule to Fail2Ban +* Introducing: v-make-main-apache-log - making one log file for PHP requests for all websites +* Security: Introducing a new command: v-fix-php-ini-disable-functions +* Improvement: Introducing myVesta rules for SpamAssassin (enhancing spam filtering) +* Improvement: When deleting a domain, also delete the database if the domain has a database +* Bugfix: Removing temporary Docker container network interfaces from RRD +* Introducing v-run-wp-cli-myvesta that knows the correct terminal width +* Introducing a new command: v-cd-www alias for v-change-dir-www +* Introducing a new command: v-clear-fail2ban +* Introducing a new command: v-get-dns-config (to print zone file in bind9 format) +* Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute) +* Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command +* Security: Enhance package validation, in v-change-user-package 'eval' replaced with 'parse_object_kv_list_non_eval' +* Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp' +* Improvement: v-install-wordpress: Almost always use https +* Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables in the command line +* Security: Jailing v-run-wp-cli (running WP-CLI as user, added open_basedir, disabling shell_exec() and other dangerous PHP functions) +* Security: v-commander: removing the ability to set a root password +* Bugfix: DKIM record deletion command in v-delete-mail-domain-dkim script +* Adding FTP / SFTP port for Remote Backup (credits to ikheetjeff) +* Introducing a new command: v-delete-mails - delete emails older than N days (credits to isscbta) +* Introducing new commands: v-blacklist-email-domain, v-blacklist-email-account, v-whitelist-email-domain, v-whitelist-email-account (credits to isscbta) +* Bugfix: v-move-folder-and-make-symlink: use 'mv' instead of 'rsync' +* Improvement: Calculate the size of directories on /hdd too +* Bugfix: v-move-domain-and-database-to-account: Update wordfence-waf.php +* Bugfix: v-add-letsencrypt-domain: Detecting valid status on wildcard variant +* Bugfix: db.sh and v-clone-website: mysqldump --max_allowed_packet=1024M +* Bugfix: web/index.php: Prevent recreation of token by shitty browser add-ons +* Bugfix: v-restore-user: permissions fix while restoring backup +* Bugfix: Add some loops due to 403 errors during LE request in some random cases +* Improvement: v-clone-website: adding --EXCLUDE_UPLOADS parameter +* Bugfix: vst-install-debian.sh - removing phppgadmin +* Bugfix: v-update-firewall: $FIREWALL_STATEFUL conf variable (for Infomaniak VPS servers) +* Bugfix: Awstats template for all systems does not have a closed bracket in line 27 (credits to gkirde) +* Bugfix: Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */ +* Bugfix: Small PHP syntax fixes in the admin panel +* Introducing nginx template 'wprocket-webp-express-force-https' (credits to Luka Paunovic) +* Improvement: Added functions to check if a domain or user is unsuspended in main.sh +* Introducing a new command: v-update-document-errors-files +* Improvement: new v-backup-user-now command does backup even if the system Load Average is above the limit, or the administrator configured backups to perform only at night +* Improvement: v-install-wp-cli and v-install-wp-cli-myvesta - automatically updates if wp-cli is 30 days old +* Bugfix: Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl +* Improvement: v-install-wordpress: avoid changing nginx proxy template in apache-less variant +* Added to .gitignore excludes for 'data', 'conf', and 'log' folders +* And many other minor bugfixes and improvements... + +Version 0.9.9-0-12 [2025-02-28] +================================================== +* SpamHaus DNSBL removed from exim4 +* A lot of small bugs fixed + +Version 0.9.9-0-11 [2024-05-30] +================================================== +* Introducing v-run-wp-cli command ( @isscbta ) +* Introducing v-add-wordpress-admin command ( @isscbta ) +* Few bugs fixed + +Version 0.9.9-0-10 [2024-04-11] +================================================== +* Introducing v-edit-php-ini command ( @isscbta ) +* Introducing v-edit-domain-php-ini command ( @isscbta ) + +Version 0.9.9-0-9 [2024-04-05] +================================================== +* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) +* Few bugs fixed + +Version 0.9.9-0-5 to 0.9.9-0-8 +================================================== +* Few bugs fixed + +Version 0.9.9-0-4 [2023-06-27] +================================================== +* Support for Debian 12 ( in mutual cooperation with @HestiaCP ) + +Version 0.9.9-0-2 [2023-06-12] +================================================== +* Hosting panel UI perfomance fix + +Version 0.9.9-0 [2023-06-05] +================================================== +* Redesign of hosting panel +* Fix for WP_CACHE_KEY_SALTs in v-clone-website command +* Fix for "Helo name contains a ip address" in Exim4 +* Fix for Exim4 for punycode domains (in collaboration with @HestiaCP ) + +Version 0.9.8-26-62 [2023-04-05] +================================================== +* Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP ) + +Version 0.9.8-26-61 [2023-04-04] +================================================== +* Many bugfixes +* Hotfix for LetsEncrypt to prevent Apache falling + +Version 0.9.8-26-60 [2023-02-12] +================================================== +* New script: v-commander (useful for maintaining the server) +* New script: v-activate-rocket-nginx (serve WP-Rocket cache directly from nginx) +* New script: v-update-myvesta (get the very latest build of myVesta) +* v-clone-website: By default cloning to database: user_domain_com (instead of cloning to database: user_old_db_migrated) +* Many minor bugfixes + +Version 0.9.8-26-59 [2023-02-01] +================================================== +* Support for PHP 8.2 +* New script: v-move-folder-and-make-symlink +* New script: v-lock-wordpress (to prevent PHP malware) and v-unlock-wordpress +* v-install-wordpress: Installing WordPress to user_domain_com database instead of installing to user_wp database +* Many minor bugfixes + +Version 0.9.8-26-58 [2022-07-12] +================================================== +* [Security] hash_equals() in /reset/mail/ (credits to @divinity76 ) +* Avoid out-of-memory while downloading large log files from panel (credits to @divinity76 ) +* Fix for an boring PHP Notice in vesta-php + +Version 0.9.8-26-57 [2022-07-06] +================================================== +* Fix for GMail SMTP timeouts on Debian11 +* [Security] Fix for Local Sed Injection Vulnerability ( credits to @cleemy-desu-wayo ) + +Version 0.9.8-26-56 [2022-05-28] +================================================== +* Adding Barracuda RBL to SpamAssassin +* Fixing insane HTML form bug in List backup items page +* Script for easy adding second IP address for SMTP authenticated users only (v-make-separated-ip-for-email) + +Version 0.9.8-26-55 [2022-04-26] +================================================== +* Support for MySQL 8 +* [Security] Preventing brute-force resetting password (thanks to HestiaCP @hestiacp for fix) +* Many minor bugfixes + +Version 0.9.8-26-54 [2021-12-17] +================================================== +* Checking if FreshClam is started after installation + +Version 0.9.8-26-53 [2021-12-12] +================================================== +* Support for PHP 8.1 +* Function to ensure that pool.d folders are not empty + +Version 0.9.8-26-52 [2021-11-23] +================================================== +* Fix for not to match wildcard "*domains" and "databases*" while restoring +* Added memcached to v-list-sys-services + +Version 0.9.8-26-51 [2021-11-14] +================================================== +* Many fixes for "List services" page (v-list-sys-services function) + +Version 0.9.8-26-50 [2021-11-07] +================================================== +* Many small bugfixes and CSRF fixes + +Version 0.9.8-26-49 [2021-07-17] +================================================== +* Support for Debian 11 + +Version 0.9.8-26-48 [2021-07-11] +================================================== +* Fixed two bugs in LetsEncrypt generating process + +Version 0.9.8-26-47 [2021-05-30] +================================================== +* Enabling TLS for ProFTPD FTPS +* More logical "Restore backup" template + +Version 0.9.8-26-46 [2021-04-17] +================================================== +* [Feature] Updating CloudFlare IP addresses + +Version 0.9.8-26-45 [2021-04-13] +================================================== +* [Feature] Logging whole LetsEncrypt process to /usr/local/vesta/log/letsencrypt.log and /usr/local/vesta/log/letsencrypt_cron.log +* [Feature] Warn admin once (by sending email) if LetsEncrypt renewing failed for server hostname +* [Bugfix] Correct truncating of CA LetsEncrypt certificate (thanks to HestiaCP @hestiacp for fix) + +Version 0.9.8-26-44 [2021-04-04] +================================================== +* [Security] Preventing denial-of-service in openssl library in vesta-nginx service (CVE-2021-3449) +* [Security] Preventing admin to install non-vesta packages from vesta admin panel user interface (Credits to: Numan Türle @numanturle) +* [Bugfix] Preventing multiple execution of v-backup-users +* [UserInterface] CSS fix for Apache status table (Credits to: Milos Spasic) + +Version 0.9.8-26-43 [2021-03-15] ================================================== * [Security] fix for: CSRF remote code execution in UploadHandler.php - CVE-2021-28379 (Credits to: Fady Osman @fady_othman) -* [Security] fix for: Local privilege escalation from user account to admin account user via v-add-web-domain (Credits to: Two independent security researchers, Marti Guasch Jiménez and Francisco Andreu Sanz, working with the SSD Secure Disclosure program) (and also thanks to HestiaCP @hestiacp for fix) +* [Security] fix for: Local privilege escalation from user account to admin account via v-add-web-domain (Credits to: Two independent security researchers, Marti Guasch Jiménez and Francisco Andreu Sanz, working with the SSD Secure Disclosure program) (and also thanks to HestiaCP @hestiacp for fix) * [Security] fix for: Local privilege escalation in v-generate-ssl-cert (potential user to admin or root escalation) (Credits to: Numan Türle @numanturle, thanks to HestiaCP @hestiacp for fix) * [Security] fix for: Local privilege escalation in /web/api/ via v-make-tmp-file (probably admin to root escalation) (Credits to: Numan Türle @numanturle, thanks to HestiaCP @hestiacp for fix) * [Security] fix for: Cross site scripting in /web/add/ip/ (admin to other admin XSS escalation) (Credits to: Numan Türle @numanturle, thanks to HestiaCP @hestiacp for fix) * [Security] fix for: Admin to root escalation in v-activate-vesta-license (Credits to: Numan Türle @numanturle) * [Security] Ensure HTML will not be displayed in list log page (Credits to: Kristan Kenney @kristankenney, thanks to HestiaCP @hestiacp for fix) -Version 0.9.8-26-42 [26-Feb-2021] +Version 0.9.8-26-42 [2021-02-26] ================================================== * [Feature] Support for PHP 8.0, see: https://forum.myvestacp.com/viewtopic.php?f=18&t=52 * [Bugfix] Making sure Apache is in mpm_event mode -Version 0.9.8-26-41 [11-Feb-2021] +Version 0.9.8-26-41 [2021-02-11] ================================================== * Few bugfixes -Version 0.9.8-26-40 [08-Feb-2021] +Version 0.9.8-26-40 [2021-02-08] ================================================== * Few bugfixes -Version 0.9.8-26-39 [12-Dec-2020] +Version 0.9.8-26-39 [2020-12-12] ================================================== * [Security] Fixing useless issue with tokens in "download backup" and "loginas" functions (thanks to HestiaCP for fixes) * [Security] Fixing XSS in /list/rrd/?period= value -Version 0.9.8-26-38 [05-Dec-2020] +Version 0.9.8-26-38 [2020-12-05] ================================================== * [Security] Fixing Apache status public access (thanks to HestiaCP for letting us know) -Version 0.9.8-26-37 [26-Oct-2020] +Version 0.9.8-26-37 [2020-10-26] ================================================== * [Bugfix] Fixing LetsEncrypt deprecated GET method for ACME v2 (thanks to @moucho) * [Bugfix] Fixing Roundcube to send via authenticated SMTP user instead via php -Version 0.9.8-26-36 [10-Sep-2020] +Version 0.9.8-26-36 [2020-09-10] ================================================== * [Bugfix] Checking necessary available disk space before doing backup * [Security] Disabling login with 'root' -Version 0.9.8-26-35 [23-Aug-2020] +Version 0.9.8-26-35 [2020-08-23] ================================================== * [Feature] Limiting max recipients per email to 15, in order to prevent mass spamming * [Bugfix] While restoring backup, only exclude logs folder from root, not in public_html -Version 0.9.8-26-34 [19-Aug-2020] +Version 0.9.8-26-34 [2020-08-19] ================================================== * [Bugfix] Split long DNS TXT entries into 255 chunks -Version 0.9.8-26-33 [16-Aug-2020] +Version 0.9.8-26-33 [2020-08-16] ================================================== * [Feature] Ability to set some domain to send emails from another IP (command: v-make-separated-ip-for-email-domain) -Version 0.9.8-26-32 [02-Aug-2020] +Version 0.9.8-26-32 [2020-08-02] ================================================== * [Feature] v-replace-in-file command introduced * [Security] Making sure new myVesta commands can be called only by root -Version 0.9.8-26-31 [30-Jul-2020] +Version 0.9.8-26-31 [2020-07-30] ================================================== * [Feature] v-import-cpanel-backup command moved to vesta-bin folder (becoming standard myVesta command) * Starting to log auto-update output -Version 0.9.8-26-30 [26-Jul-2020] +Version 0.9.8-26-30 [2020-07-26] ================================================== * New ASCII logo in installer * Deleted favicon when user don't know secret-url of hosting panel @@ -71,14 +269,14 @@ Version 0.9.8-26-30 [26-Jul-2020] * [bugfix] Minor fix of URL for templates in v-update-dns-templates * [bugfix] Minor fixes in installer -Version 0.9.8-26-29 [21-Jul-2020] +Version 0.9.8-26-29 [2020-07-21] ================================================== * [Feature] v-clone-website command moved to vesta-bin folder (becoming standard myVesta command) * [Feature] v-migrate-site-to-https command moved to vesta-bin folder (becoming standard myVesta command) * [Bugfix] Fix for ClamAV socket * Changing Vesta to myVesta in title of hosting panel pages -Version 0.9.8-26-28 [15-Jul-2020] +Version 0.9.8-26-28 [2020-07-15] ================================================== * [Feature] v-install-wordpress command introduced * [Feature] v-move-domain-and-database-to-account command introduced @@ -86,37 +284,37 @@ Version 0.9.8-26-28 [15-Jul-2020] * [Bugfix] Fix for LetsEncrypt issuing in apache-less variant (nginx + php-fpm variant) * [Bugfix] Fix for configuring phpMyAdmin DB in apache-less variant (nginx + php-fpm variant) -Version 0.9.8-26-27 [05-Jul-2020] +Version 0.9.8-26-27 [2020-07-05] ================================================== * [Feature] Admins now see changelog when they open myVesta panel after myVesta get updated (changelog will dissapear on next refresh) * [Bugfix] Better control of opened SMTP concurrent connections (preventing denial-of-service of SMTP) on fresh installed servers - https://github.com/myvesta/vesta/commit/c57b15b5daca2a0ea88ee6a89a2ff5a4ef47d2a3 * Second tuning of php-fpm pool.d config files (perfomances and limits) -Version 0.9.8-26-26 [27-Jun-2020] +Version 0.9.8-26-26 [2020-06-27] ================================================== * [Feature] Self-signed SSL will be automaticaly added when you add new domain (CloudFlare is fine with that, you don't need LetsEncrypt anymore if you use CloudFlare as reverse-proxy(CDN+Firewall), just set "Full" in SSL section on CloudFlare) * [Feature] Script for adding self-signed SSL to desired domain [v-install-unsigned-ssl] * From now, on fresh installed server, default backup cron goes at Saturday at 01 AM (instead of everyday at 05 AM) * New favicon for hosting panel -Version 0.9.8-26-25 [23-Jun-2020] +Version 0.9.8-26-25 [2020-06-23] ================================================== * [Security] Fixing unnecessary slash in nginx configs for phpmyadmin and roundcube (Credits to Bernardo Berg @bberg1984 for finding this issue!) * [Security] Adding escapeshellarg on few more places in php code (Credits to Talha Günay and @Lupul for finding these places) -Version 0.9.8-26-24 [22-Jun-2020] +Version 0.9.8-26-24 [2020-06-22] ================================================== * [Bugfix] nginx + php-fpm installer variant now finally works -Version 0.9.8-26-23 [14-Jun-2020] +Version 0.9.8-26-23 [2020-06-14] ================================================== * Adding label that LetsEncrypt can be added when you Edit domain -Version 0.9.8-26-22 [13-Jun-2020] +Version 0.9.8-26-22 [2020-06-13] ================================================== * [Bugfix] Checking (in order to delete) php7.4 pool config file while deleting domain -Version 0.9.8-26-21 [13-Jun-2020] +Version 0.9.8-26-21 [2020-06-13] ================================================== * [Feature] Blocking executable files inside archives in received emails (ClamAV) * [Bugfix] Removing ability to schedule LetsEncrypt issuing while adding new domain (because it can fall in infinite loop whole day) @@ -125,82 +323,82 @@ Version 0.9.8-26-21 [13-Jun-2020] * [Bugfix] Script that removes depricated 'ssl on;' in nginx templates * [Security] Ensure UPDATE_SSL_SCRIPT is not set in some config files -Version 0.9.8-26-20 [01-Jun-2020] +Version 0.9.8-26-20 [2020-06-01] ================================================== * [Bugfix] Script that will ensure that Apache2 will always stay in mpm_event mode * [Bugfix] Ensure config files will not be overwritten while updating vesta-nginx package * [Bugfix] Fixing URL in v-update-web-templates script * [Feature] Additional rates for nginx anti-denial-of-service templates -Version 0.9.8-26-19 [15-May-2020] +Version 0.9.8-26-19 [2020-05-15] ================================================== * [Bugfix] Do not match subdomains while restoring domain [v-restore-user] -Version 0.9.8-26-18 [15-May-2020] +Version 0.9.8-26-18 [2020-05-15] ================================================== * [Bugfix] Fixing NS parameters in v-add-dns-on-web-alias -Version 0.9.8-26-17 [15-May-2020] +Version 0.9.8-26-17 [2020-05-15] ================================================== * [Bugfix] Reverting default clamav socket path * [Bugfix] Put mail_max_userip_connections = 50 in dovecot -Version 0.9.8-26-16 [15-May-2020] +Version 0.9.8-26-16 [2020-05-15] ================================================== * [Bugfix] Allow quick restarting of nginx if acme-challenge should be added many times * [Bugfix] Enabling email notification to fresh installed servers about backup success status * [Bugfix] Timeout 10 sec for apache2 status -Version 0.9.8-26-15 [09-May-2020] +Version 0.9.8-26-15 [2020-05-09] ================================================== * [Feature] nginx templates that can prevent denial-of-service on your server * First tuning php-fpm pool.d config files (perfomances and limits) * New logo -Version 0.9.8-26-14 [08-May-2020] +Version 0.9.8-26-14 [2020-05-08] ================================================== * v-clone-website script switched to parameters * Display new version in console while updating myVesta -Version 0.9.8-26-13 [07-May-2020] +Version 0.9.8-26-13 [2020-05-07] ================================================== * [Feature] Put build date and version in right-bottom corner of control panel -Version 0.9.8-26-12 [07-May-2020] +Version 0.9.8-26-12 [2020-05-07] ================================================== * [Feature] Put build date and version while compiling myVesta * [Feature] Office365 DNS template * [Feature] Yandex DNS template * ProFTPD MaxIstances = 100 for fresh installed servers -Version 0.9.8-26-11 [01-May-2020] +Version 0.9.8-26-11 [2020-05-01] ================================================== * [Feature] Skipping LE renewing after 7 failed attempts * [Bugfix] Keep conf files during auto-update * [Bugfix] Do not restart apache while preparing letsencrypt acme challenge * [Bugfix] Set ALLOW_BACKUP_ANYTIME='yes' for fresh installed servers -Version 0.9.8-26-10 [11-Apr-2020] +Version 0.9.8-26-10 [2020-04-11] ================================================== * [Feature] Creating v-normalize-restored-user script (normalize NS1, NS2 and IP of account that is backuped on other server and restored on this server) * Tweak for hostname FPM conf * [Security] Forbid changing root password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com) * [Security] Importing system enviroment in v-change-user-password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com) -Version 0.9.8-26-9 [23-Mar-2020] +Version 0.9.8-26-9 [2020-03-23] ================================================== * [Security] Preventing manipulation with $SERVER['HTTP_HOST'] (Credits to @mdisec - Managing Partner of PRODAFT / INVICTUS A.Ş. Master ninja at pentest.blog) -Version 0.9.8-26-8 [23-Mar-2020] +Version 0.9.8-26-8 [2020-03-23] ================================================== * [Security] Temporary fix for parsing backup conf (Credits to @dreiggy - https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/) -Version 0.9.8-26-7 [18-Mar-2020] +Version 0.9.8-26-7 [2020-03-18] ================================================== * [Bugfix] Fix that avoid LetsEncrypt domain validation timeout * [Bugfix] Set timeout in v-list-sys-web-status script -Version 0.9.8-26-6 [21-Feb-2020] +Version 0.9.8-26-6 [2020-02-21] ================================================== * [Bugfix] mail-wrapper.php from now works * [Feature] Introducing NOTIFY_ADMIN_FULL_BACKUP, email notification about backup success status @@ -208,7 +406,7 @@ Version 0.9.8-26-6 [21-Feb-2020] * [Feature] Introducing force-https-webmail-phpmyadmin nginx template * [Feature] Trigger for /root/update_firewall_custom.sh -Version 0.9.8-26-5 [10-Feb-2020] +Version 0.9.8-26-5 [2020-02-10] ================================================== * [Security] sudoers fix for Debian10 * [Feature] [Script that will migrate your site from http to https, replacing http to https URLs in database](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/v-migrate-site-to-https) @@ -217,7 +415,7 @@ Version 0.9.8-26-5 [10-Feb-2020] * [Bugfix] Roundcube force https * [Bugfix] Exim compatibility with Loopia for Debian10 -Version 0.9.8-26-4 [07-Jan-2020] +Version 0.9.8-26-4 [2020-01-07] ================================================== * [Feature] Allow whitelisting specific IP for /api/ * [Feature] Allow whitelisting specific IP to avoid secret_url @@ -225,11 +423,11 @@ Version 0.9.8-26-4 [07-Jan-2020] * [Bugfix] apparmor install fix again * [Bugfix] Turning off MariaDB SQL strict mode -Version 0.9.8-26-3 [26-Nov-2019] +Version 0.9.8-26-3 [2019-11-26] ================================================== * [Bugfix] Better check if session cron already added -Version 0.9.8-26-2 [15-Nov-2019] +Version 0.9.8-26-2 [2019-11-15] ================================================== * [Feature] Support for sub-sub-sub-sub versions :)) * [Bugfix] Support for longer username of email accounts @@ -237,7 +435,7 @@ Version 0.9.8-26-2 [15-Nov-2019] * [Bugfix] Trying to fix ClamAV broken socket * Moving to myvestacp.com -Version 0.9.8-26 [28-Sep-2019] +Version 0.9.8-26 [2019-09-28] ================================================== * [Bugfix] Let's Encrypt HTTP/2 support (by @serghey-rodin) * [Bugfix] Fixing broken autoreply output diff --git a/README.md b/README.md index 7a3e5866..a2e7a3de 100644 --- a/README.md +++ b/README.md @@ -1,110 +1,95 @@ -News -================================================== -We finally have normal homepage: -- https://myvestacp.com/ +

myVesta

-Forum: -- https://forum.myvestacp.com/ +
-Knowledge base: -- https://wiki.myvestacp.com/ +[![Screenshot of myVesta](https://www.myvestacp.com/screenshot1.png)](https://www.myvestacp.com/) -Changelog: -- https://github.com/myvesta/vesta/blob/master/Changelog.md +
-myVesta Control Panel -================================================== +

About

-* myVesta is a fork of [VestaCP](https://vestacp.com/) -* Focused on security and stability -* Therefore, only Debian is supported - keeping focus on only one eco-system - not wasting energy on compatibility with other Linux distributions -* However, it will be always synchronized with official VestaCP commits -* VestaCP commercial plugins will be only available for purchase on official [vestacp.com](https://vestacp.com/) website - we will NOT take their earnings, since we are not making this fork for monetary reasons. Instead, we are doing this with open source in mind - to enhance security and to build new features, without being interlocked with official VestaCP release cycles, and without affecting or heavily diverting from the VestaCP's planned development milestones -* With previous in mind, all features that are built for this fork (myVesta), will be offered to official VestaCP, via pull requests +

myVesta is a security and stability-focused fork of VestaCP, exclusively supporting Debian in order to maintain a streamlined ecosystem. Boasting a clean, clutter-free interface and the latest innovative technologies, our project is committed to staying synchronized with official VestaCP commits. We work independently to enhance security and develop new features, driven by our passion for contributing to the open-source community rather than monetary gain. As such, we will offer all features built for myVesta to the official VestaCP project through pull requests, without interfering with their development milestones.

-Features of myVesta -================================================== +

View Changelog +

-+ Support for Debian 10 (previous Debian releases are also supported, but Debian 10 is recommended) +

Links

+ -+ [nginx templates](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh) that can prevent denial-of-service on your server - -+ [Support for multi-PHP versions](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/multi-php-install.sh) - -+ You can limit the maximum number of sent emails (per hour) [per mail account](https://github.com/myvesta/vesta/blob/master/install/debian/10/exim/exim4.conf.template#L109-L110) and [per hosting account](https://github.com/myvesta/vesta/blob/master/install/debian/10/exim/exim4.conf.template#L72-L73), preventing hijacking of email accounts and preventing PHP malware scripts to send spam. - -+ You can see [what PHP scripts are sending emails](https://github.com/myvesta/vesta/blob/master/install/debian/10/php/php7.3-dedi.patch#L50), when and to whom - -+ You can completely "lock" myVesta so it can be accessed only via **secret URL**, for example https://serverhost:8083/?MY-SECRET-URL - + During installation you will be asked to choose a secret URL for your hosting panel - + Literally no PHP scripts will be alive on your hosting panel (won't be able to get executed), unless you access the hosting panel with secret URL parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - attackers won't be able to access it without knowing your secret URL - PHP scripts from VestaCP will be simply dead - no one will be able to interact with your panel unless they have the secret URL. - + You can see for yourself how this mechanism was built by looking at: - + https://github.com/myvesta/vesta/blob/master/src/deb/for-download/php/php.ini#L496 - + https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php - + If you didn't set the secret URL during installation, you can do it anytime. Just execute in shell: - + `echo " /usr/local/vesta/web/inc/login_url.php` - -+ We [disabled dangerous PHP functions](https://github.com/myvesta/vesta/blob/master/install/debian/10/php/php7.3-dedi.patch#L9) in php.ini, so even if, for example, your customer's CMS gets compromised, hacker will not be able to execute shell scripts from within PHP. - -+ Apache is fully switched to mpm_event mode, while PHP is running in PHP-FPM mode, which is the most stable PHP-stack solution - + OPCache is turned on by default - -+ Auto-generating LetsEncrypt SSL for server hostname (signed SSL for Vesta 8083 port, for dovecot (IMAP & POP3) and for Exim (SMTP)) - -+ You can change Vesta port during installation or later using one command line: **v-change-vesta-port [number]** - -+ ClamAV is configured to block zip/rar/7z archives that contains executable files (just like GMail) - -+ Backup will run with lowest priority (to avoid load on server), and can be configured to run only by night (and to stop on the morning and continue next night) - -+ You can compile Vesta binaries by yourself - https://github.com/myvesta/vesta/blob/master/src/deb/vesta_compile.sh - + You can even create your own APT repository in a minute - + We are using latest nginx version for vesta-nginx package - + With your own APT infrastructure you can take security of Vesta-installer infrastructure in your own hands. You will have full control of your Vesta code (this way you can rest assured that there's 0% chance that you'll install malicious packages from repositories that may get hacked) - + Binaries that you compile are 100% compatible with official VestaCP from vestacp.com, so you can run official VestaCP code with your own binaries (in case you don't want the source code from this fork) - -Useful tools -================================================== - -+ [Script that will convert Vesta to myVesta](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/convert-vesta-to-myvesta.sh) - -+ [Wordpress installer in one second](https://github.com/myvesta/vesta/blob/master/bin/v-install-wordpress) - -+ [Script for importing cPanel backups to Vesta](https://forum.myvestacp.com/viewtopic.php?f=24&t=63) - -+ [Cloning script that will copy the whole site from one domain to another (sub)domain](https://github.com/myvesta/vesta/blob/master/bin/v-clone-website) - -+ [Script that will migrate your site from http to https, replacing http to https URLs in database](https://github.com/myvesta/vesta/blob/master/bin/v-migrate-site-to-https) - -+ [Script that will install multiple PHP versions on your server](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/multi-php-install.sh) - -+ [Script that will install nginx templates that can prevent denial-of-service on your server](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh) - -+ [Official Vesta Softaculous installer](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/install-softaculous.sh) - - -How to install ----------------------------- +

Features of myVesta

+ + +

How to install

Download the installation script: -```bash + +```shell curl -O http://c.myvestacp.com/vst-install-debian.sh ``` + Then run it: -```bash + +```shell bash vst-install-debian.sh ``` -About VestaCP -================================================== +Or use our installer generator. -* [Vesta](https://vestacp.com/) is an open source hosting control panel. -* Vesta has a clean and focused interface without clutter. -* Vesta has the latest of very innovative technologies. +

Useful scripts

+ -Special thanks to vestacp.com and Serghey Rodin for open-source VestaCP project -License ----------------------------- -Vesta is licensed under [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license +

Licence

+myVesta is licensed under GPL v3 license. + diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..32d7405f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +Please report security issues to info@myvestacp.com diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx new file mode 100644 index 00000000..8b562c9b --- /dev/null +++ b/bin/v-activate-rocket-nginx @@ -0,0 +1,144 @@ +#!/bin/bash +# info: Install rocket-nginx extension for certain domain +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + +if [ ! -d "/etc/nginx/rocket-nginx" ]; then + echo "rocket-nginx is not installed"; + echo "Do you want to install it now (y/n)?" + read answer + if [ "$answer" == "y" ]; then + echo "Installing rocket-nginx..." + curl -sL https://c.myvestacp.com/tools/install-rocket-nginx.sh | bash - + else + echo "Exiting script" + exit 1; + fi +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Changing Proxy Template +# Check if the proxy template is already set correctly +current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}') +if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then + echo "Proxy Template is already set up correctly" +else + # Prompt the user to choose whether to force HTTPS or not + echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):" + read answer + + # Change the proxy template based on the user's choice + if [ "$answer" == "h" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting" + elif [ "$answer" == "f" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" + elif [ "$answer" == "w" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https" + fi + + echo "Proxy Template is ready" +fi + +# Disabling wp-cron in wp-config.php +cd /home/$user/web/$domain/public_html +checkstring_disable="define('DISABLE_WP_CRON', true)" +checkstring_enable="define('DISABLE_WP_CRON', false)" +string_disable="define( 'DISABLE_WP_CRON', true );" +line="/home/$user/web/$domain/cron.log" | grep -v "grep") + +if [ ! -z "$existing_cron" ]; then + echo "There is already a cron job added for user $user and domain $domain." +else + echo "Adding cron job..." + # Add the cron job + fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") + touch /home/$user/web/$domain/cron.log + chown $user:$user /home/$user/web/$domain/cron.log + + case $fpm_ver in + 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) + /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1" + ;; + esac +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# +echo "Installation is completed." +echo "Checking RESPONSE HEADERS (You should see x-rocket-nginx-serving-static if the WP Rocket plugin is activated):" +curl -I https://$domain + +exit diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index a1eed13e..80143132 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -72,6 +72,13 @@ $iptables -I fail2ban-$chain 1 -s $ip \ # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block.conf + systemctl reload nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-add-firewall-rule b/bin/v-add-firewall-rule index 6fb867d3..b815778b 100755 --- a/bin/v-add-firewall-rule +++ b/bin/v-add-firewall-rule @@ -83,6 +83,16 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 15361ffb..a7c7fbb8 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -17,6 +17,12 @@ aliases=$3 # LE API API='https://acme-v02.api.letsencrypt.org' +if [[ "$LE_STAGING" = 'yes' ]]; then + API='https://acme-staging-v02.api.letsencrypt.org' +fi + +deb_release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh @@ -56,8 +62,12 @@ query_le_v2() { # Save http response to file passed as "$4" arg or print to stdout if not provided # http response headers are always sent to stdout local save_to_file=${4:-"/dev/stdout"} - curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" -} + if [ "$deb_release" -gt 8 ]; then + curl --location --user-agent "myVesta" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" + else + curl --location --user-agent "myVesta" --insecure --retry 5 --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" + fi + } @@ -73,11 +83,16 @@ is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain" get_domain_values 'web' + +echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log +echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log + # check if alias is the letsencrypt wildcard domain, if not, make the normal checks if [[ "$aliases" != "*.$domain" ]]; then for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)" if [ -z "$check_alias" ]; then + echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log check_result $E_NOTEXIST "domain alias $alias doesn't exist" fi done @@ -88,11 +103,14 @@ fi; #----------------------------------------------------------# # Registering LetsEncrypt user account +echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log $BIN/v-add-letsencrypt-user $user +echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log if [ "$?" -ne 0 ]; then touch $VESTA/data/queue/letsencrypt.pipe sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe send_notice "LETSENCRYPT" "Account registration failed" + echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "LE account registration" >/dev/null fi @@ -101,9 +119,11 @@ source $USER_DATA/ssl/le.conf # Checking wildcard alias if [ "$aliases" = "*.$domain" ]; then + echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log wildcard='yes' proto="dns-01" if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then + echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log check_result $E_NOTEXIST "DNS domain $domain doesn't exist" fi else @@ -111,14 +131,21 @@ else fi # Requesting nonce / STEP 1 -answer=$(curl -s -I "$API/directory") +echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log +echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log +answer=$(curl --user-agent "myVesta" -s -I "$API/directory") +echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') +echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') +echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 200 ]]; then + echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt nonce request status $status" fi # Placing new order / STEP 2 +echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log url="$API/acme/new-order" payload='{"identifiers":[' for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do @@ -127,38 +154,79 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do done payload=$(echo "$payload"|sed "s/,$//") payload=$payload']}' +# validation='pending' +# # Start counter to avoid infinite loop +# i=0 +# while [ "$validation" = 'pending' ]; do +# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log +echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log +echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$url" "$payload" "$nonce") +echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') +echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"') +echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"') +echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log +order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n') +echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') +echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log +validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"') +echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 201 ]]; then + echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt new auth status $status" fi +# # Exit the loop after 5 attempts +# i=$((i + 1)) +# if [ $i -gt 5 ]; then +# break +# fi +# sleep 2 +# done # Requesting authorization token / STEP 3 +echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log for auth in $authz; do payload='' + echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log + echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$auth" "$payload" "$nonce") + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log url=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \") + echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 200 ]]; then + echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status" fi - # Accepting challenge / STEP 4 + # Configuring challenge / STEP 4 + echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log + echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log if [ "$wildcard" = 'yes' ]; then record=$(printf "%s" "$token.$THUMB" |\ openssl dgst -sha256 -binary |encode_base64) old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT') old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1) for old_record in $old_records; do - $BIN/v-delete-dns-record $user $domain $old_record + $BIN/v-delete-dns-record "$user" "$domain" "$old_record" done - $BIN/v-add-dns-record $user $domain "_acme-challenge" "TXT" $record - check_result $? "DNS _acme-challenge record wasn't created" + $BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record" + exitstatus=$? + echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log + if [ "$exitstatus" -ne 0 ]; then + echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log + fi + check_result $exitstatus "DNS _acme-challenge record wasn't created" + systemctl restart bind9 else if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then @@ -167,27 +235,35 @@ for auth in $authz; do acme_challenge="$well_known/acme-challenge" mkdir -p $acme_challenge echo "$token.$THUMB" > $acme_challenge/$token + echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log chown -R $user:$user $well_known else # default nginx method conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt" sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt" - if [ ! -e "$conf" ]; then + # if [ ! -e "$conf" ]; then echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \ > $conf echo ' default_type text/plain;' >> $conf echo ' return 200 "$1.'$THUMB'";' >> $conf echo '}' >> $conf - fi + # fi + echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log if [ ! -e "$sconf" ]; then ln -s "$conf" "$sconf" fi + echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log $BIN/v-restart-proxy if [ -z "$PROXY_SYSTEM" ]; then # apache-less variant + echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log $BIN/v-restart-web fi - check_result $? "Proxy restart failed" >/dev/null + exitstatus=$? + if [ "$exitstatus" -ne 0 ]; then + echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log + fi + check_result $exitstatus "Proxy restart failed" >/dev/null fi else well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known" @@ -195,13 +271,16 @@ for auth in $authz; do mkdir -p $acme_challenge echo "$token.$THUMB" > $acme_challenge/$token chown -R $user:$user $well_known + echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log # $BIN/v-restart-web # check_result $? "Web restart failed" >/dev/null fi fi # Requesting ACME validation / STEP 5 + echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log validation_check=$(echo "$answer" |grep '"valid"') + echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log if [[ ! -z "$validation_check" ]]; then validation='valid' else @@ -211,22 +290,54 @@ for auth in $authz; do # Doing pol check on status i=1 while [ "$validation" = 'pending' ]; do - payload='{}' - answer=$(query_le_v2 "$url" "$payload" "$nonce") - validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") - nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') - status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + i=0 + while true; do + echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log + payload='{}' + echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log + answer=$(query_le_v2 "$url" "$payload" "$nonce") + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log + url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log + validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") + echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log + nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log + status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then + break + fi + if [ "$wildcard" = 'yes' ]; then + if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then + break + fi + fi + i=$((i + 1)) + if ((i > 30)); then + break + fi + sleep 2 + done if [[ "$status" -ne 200 ]]; then + echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt validation status $status" fi i=$((i + 1)) if [ "$i" -gt 10 ]; then + echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt domain validation timeout" fi - sleep $((i*2)) + echo "[$(date)] : curl: $url2 :" >> /usr/local/vesta/log/letsencrypt.log + get_answer=$(curl --user-agent "myVesta" --silent -S "$url2") + echo "[$(date)] : get_answer=$get_answer" >> /usr/local/vesta/log/letsencrypt.log + sleeping=$((i*2)) + echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log + sleep $sleeping done if [ "$validation" = 'invalid' ]; then + echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt domain verification failed" fi done @@ -237,42 +348,102 @@ ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\ "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}') # Sending CSR to finalize order / STEP 6 +echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log + csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64) payload='{"csr":"'$csr'"}' +echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$finalize" "$payload" "$nonce") +echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') +echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') +echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"') +echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 200 ]]; then + echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt finalize bad status $status" fi -# Downloading signed certificate / STEP 7 +if [ "$nonce" = "" ]; then + echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty after step 6" >> /usr/local/vesta/log/letsencrypt.log + check_result $E_CONNECT "Let's Encrypt 'nonce' is empty after step 6" +fi + +if [ "$certificate" = "" ]; then + validation="processing" + i=1 + while [ "$validation" = "processing" ]; do + echo "[$(date)] : --- Polling server waiting for Certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log + answer=$(query_le_v2 "$order" "" "$nonce") + i=$((i + 1)) + + nonce=$(echo "$answer" | grep -i nonce | cut -f2 -d \ | tr -d '\r\n') + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log + status=$(echo "$answer" | grep HTTP/ | tail -n1 | cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"') + echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log + certificate=$(echo "$answer" | grep 'certificate":' | cut -f4 -d '"') + echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log + sleep $((i * 2)) # Sleep for 2s, 4s, 6s, 8s + if [ $i -gt 10 ]; then + check_result "$E_CONNECT" "Certificate processing timeout ($domain)" + fi + done +fi + +if [ "$certificate" = "" ]; then + echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty after step 7" >> /usr/local/vesta/log/letsencrypt.log + check_result $E_CONNECT "Let's Encrypt 'certificate' is empty after step 7" +fi + +# Downloading signed certificate / STEP 8 +echo "[$(date)] : --- Downloading signed certificate / STEP 8 ---" >> /usr/local/vesta/log/letsencrypt.log +echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem") +echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') +echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 200 ]]; then [ -d "$ssl_dir" ] && rm -rf "$ssl_dir" + echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status" fi # Splitting up downloaded pem -crt_end=$(grep -n END $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:) +# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log +crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:) +# echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ') -ca_end=$(grep -n "BEGIN" $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :) +# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log +ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :) +# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log ca_end=$(( pem_lines - crt_end + 1 )) +# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca +# Temporary fix for double "END CERTIFICATE" +if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then + sed -i '1,2d' $ssl_dir/$domain.ca +fi + # Adding SSL ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME') $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1 +echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log $BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home -if [ "$?" -ne '0' ]; then +exitstatus=$? +echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log +if [ "$exitstatus" -ne '0' ]; then touch $VESTA/data/queue/letsencrypt.pipe sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe + echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log send_notice 'LETSENCRYPT' "$domain certificate installation failed" - check_result $? "SSL install" >/dev/null + check_result $exitstatus "SSL install" >/dev/null fi # Adding LE autorenew cronjob @@ -301,7 +472,7 @@ sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe # Notifying user send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully" - +echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log # Logging log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-add-letsencrypt-user b/bin/v-add-letsencrypt-user index 11aec113..d2338e82 100755 --- a/bin/v-add-letsencrypt-user +++ b/bin/v-add-letsencrypt-user @@ -15,6 +15,10 @@ user=$1 # LE API API='https://acme-v02.api.letsencrypt.org' +if [[ "$LE_STAGING" = 'yes' ]]; then + API='https://acme-staging-v02.api.letsencrypt.org' +fi + # Includes source $VESTA/func/main.sh source $VESTA/conf/vesta.conf @@ -41,7 +45,7 @@ query_le_v2() { post_data=$post_data'"payload":"'"$payload_"'",' post_data=$post_data'"signature":"'"$signature_"'"}' - curl -s -i -d "$post_data" "$1" -H "$content" + curl --user-agent "myVesta" -s -i -d "$post_data" "$1" -H "$content" } diff --git a/bin/v-add-mail-account b/bin/v-add-mail-account index 44925680..81da9e71 100755 --- a/bin/v-add-mail-account +++ b/bin/v-add-mail-account @@ -61,8 +61,14 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then fi str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota" echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd + userstr="$account:$account:$user:mail:$HOMEDIR/$user" + echo $userstr >> $HOMEDIR/$user/conf/mail/$domain/accounts fi +# Create mail account folder (mailbox) +mkdir $HOMEDIR/$user/mail/$domain/$account +chown $user:mail $HOMEDIR/$user/mail/$domain/$account +chmod 700 $HOMEDIR/$user/mail/$domain/$account #----------------------------------------------------------# # Vesta # diff --git a/bin/v-add-mail-domain b/bin/v-add-mail-domain index 7c9dbc36..c26dadb2 100755 --- a/bin/v-add-mail-domain +++ b/bin/v-add-mail-domain @@ -91,6 +91,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then touch $HOMEDIR/$user/conf/mail/$domain/aliases touch $HOMEDIR/$user/conf/mail/$domain/passwd touch $HOMEDIR/$user/conf/mail/$domain/fwd_only + touch $HOMEDIR/$user/conf/mail/$domain/accounts ln -s $HOMEDIR/$user/conf/mail/$domain \ /etc/$MAIL_SYSTEM/domains/$domain_idn @@ -119,6 +120,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then # Set ownership chown -R $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain chown -R dovecot:mail $HOMEDIR/$user/conf/mail/$domain/passwd + chown $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain/accounts chown $user:mail $HOMEDIR/$user/mail/$domain_idn fi diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim new file mode 100644 index 00000000..4b7789ea --- /dev/null +++ b/bin/v-add-srs-support-to-exim @@ -0,0 +1,77 @@ +#!/bin/bash + +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + +eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') +if (( $(echo "$eximversion < 4.96" | bc -l) )); then + echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." + echo "You have Exim $eximversion" + exit 1; +fi + +echo "=== Addind SRS support to Exim4 ===" +# SRS support is taken from HestiaCP + +if [ ! -f "/etc/exim4/srs.conf" ]; then + echo "= Generating SRS KEY" + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf +fi + +if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then + echo "= Backing up /etc/exim4/exim4.conf.template" + cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs +fi + +if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf" + v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Patching \"dnslookup:\" block" + /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' ' no_more' 'dnslookup:\n driver = dnslookup\n # if outbound, and forwarding has been done, use an alternate transport\n domains = ! +local_domains\n transport = ${if eq {$local_part@$domain} \\n {$original_local_part@$original_domain} \\n {remote_smtp} {remote_forwarded_smtp}}\n no_more' +fi + +if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks" + v-sed 'aliases:' 'inbound_srs:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which are converted to SRS, and decode them\n condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n data = $srs_recipient\n\ninbound_srs_failure:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which look converted to SRS but are invalid\n condition = ${if inbound_srs {$local_part} {}}\n allow_fail\n data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"remote_forwarded_smtp:\" block" + v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' +fi + +touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_email_account_max_recipients +touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_hosting_account_max_recipients + +echo "= Restarting exim4 service" +systemctl restart exim4 + +if [ $? -ne 0 ]; then + systemctl status exim4 + cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template + systemctl restart exim4 + echo "=== Patching failed, old exim conf returned, exim4 restarted again." + exit 1 +fi +echo "=== SRS support was added successfully. ===" + +exit 0 diff --git a/bin/v-add-user-package b/bin/v-add-user-package index 0cab1a3d..e9fe210a 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -28,7 +28,7 @@ is_package_new() { } is_package_consistent() { - source $pkg_dir/$package.pkg + parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg) if [ "$WEB_DOMAINS" != 'unlimited' ]; then is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi @@ -63,6 +63,9 @@ is_package_consistent() { is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } diff --git a/bin/v-add-web-domain b/bin/v-add-web-domain index aab09e6a..72de559a 100755 --- a/bin/v-add-web-domain +++ b/bin/v-add-web-domain @@ -90,7 +90,7 @@ done # Changing file owner & permission chown -R $user:$user $HOMEDIR/$user/web/$domain chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf -sudo -u $user chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* +chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/* sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.* diff --git a/bin/v-add-web-domain-ssl b/bin/v-add-web-domain-ssl index 2c0f78ae..6d9deb9b 100755 --- a/bin/v-add-web-domain-ssl +++ b/bin/v-add-web-domain-ssl @@ -149,6 +149,13 @@ if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then eval "$UPDATE_SSL_SCRIPT $user $domain" fi +UPDATE_SSL_SCRIPT2='' +source $VESTA/conf/vesta.conf +if [ ! -z "$UPDATE_SSL_SCRIPT2" ]; then + eval "$UPDATE_SSL_SCRIPT2 $user $domain" +fi + + # Logging log_history "enabled ssl support for $domain" log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin new file mode 100644 index 00000000..60778fb2 --- /dev/null +++ b/bin/v-add-wordpress-admin @@ -0,0 +1,76 @@ +#!/bin/bash +# info: Add a WordPress admin user to a specific domain +# options: DOMAIN USERNAME PASSWORD EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +if [ "$#" -lt 4 ]; then + echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +username=$2 +password=$3 +email=$4 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes; + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; diff --git a/bin/v-backup-user b/bin/v-backup-user index 2e245156..f6629c9e 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -22,6 +22,9 @@ source $VESTA/func/domain.sh source $VESTA/func/db.sh source $VESTA/conf/vesta.conf +if [ ! -z "$NOW" ]; then + BACKUP_LA_LIMIT=50 +fi #----------------------------------------------------------# # Verifications # @@ -41,6 +44,11 @@ is_backup_enabled wait_for_backup_if_it_is_not_time_for_backup +# Override backup path +if [ ! -z "$OVERRIDE_BACKUP_PATH" ]; then + BACKUP=$OVERRIDE_BACKUP_PATH +fi + # Set backup directory if undefined if [ -z "$BACKUP" ]; then BACKUP=/backup @@ -146,6 +154,25 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then format_domain_idn get_domain_values 'web' + # backuping php-fpm conf file + if [[ $TPL == "PHP-FPM-"* ]]; then + fpm_tpl_ver=${TPL:8:2} + fpm_ver="${TPL:8:1}.${TPL:9:1}" + fpm_folder="$fpm_ver/fpm/pool.d" + fpm_path="$fpm_ver/fpm/pool.d/$domain.conf" + if [[ $TPL == *"-ioncube" ]]; then + fpm_folder="$fpm_ver/fpm/pool.d-ioncube" + fpm_path="$fpm_ver/fpm/pool.d-ioncube/$domain.conf" + fi + fpm_original_path="/etc/php/$fpm_path" + fpm_dest_path="$tmpdir/web/$domain/php/$fpm_path" + fpm_dest_folder="$tmpdir/web/$domain/php/$fpm_folder" + if [ -f "$fpm_original_path" ]; then + mkdir -p $fpm_dest_folder + cp $fpm_original_path $fpm_dest_path + fi + fi + # Backup web.conf cd $tmpdir/web/$domain/ conf="$USER_DATA/web.conf" @@ -227,6 +254,11 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then if [ ! -z "$exlusion" ]; then xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" for xpath in $xdirs; do + # Add ./ at the beginning of the path if the path is in old pattern + if [[ $xpath != ./* ]]; then + xpath=(./$xpath) + fi + if [ -d "$xpath" ]; then fargs+=(--exclude=$xpath/*) echo "$(date "+%F %T") excluding directory $xpath" @@ -241,7 +273,7 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then set +f # Backup files - tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz + tar --anchored -cpf- ${fargs[@]} --exclude={'./','../'} . |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz done # Print total diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now new file mode 100644 index 00000000..10eecd87 --- /dev/null +++ b/bin/v-backup-user-now @@ -0,0 +1,6 @@ +#!/bin/bash + +export ALLOW_BACKUP_ANYTIME='yes' +export NOW='yes' + +nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 diff --git a/bin/v-backup-users b/bin/v-backup-users index 640c1916..05550ded 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -4,6 +4,13 @@ # # The function backups all system users. +scriptname="v-backup-users" +for pid in $(pidof -x "$scriptname"); do + if [ $pid != $$ ]; then + echo "[$(date)] : $scriptname : Process is already running with PID $pid" + exit 1 + fi +done #----------------------------------------------------------# # Variable&Function # @@ -30,11 +37,11 @@ fi log=$VESTA/log/backup.log -$BIN/v-check-vesta-license >/dev/null +# $BIN/v-check-vesta-license >/dev/null +touch $log if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then mv $log $log-`date +"%Y-%m-%d--%H:%M:%S"` - touch $log fi # Auto-repair all databases before backuping all accounts diff --git a/bin/v-blacklist-email-account b/bin/v-blacklist-email-account new file mode 100644 index 00000000..59ec9cf8 --- /dev/null +++ b/bin/v-blacklist-email-account @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Add a specific email address to exim4 and spamassassin blacklist +# usage: v-blacklist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-blacklist-email EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Prepare entries for Exim4 and SpamAssassin +EXIM_ENTRY="$EMAIL" +SPAMASSASSIN_ENTRY="blacklist_from $EMAIL" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then + add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE." +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 diff --git a/bin/v-blacklist-email-domain b/bin/v-blacklist-email-domain new file mode 100644 index 00000000..a72a17a9 --- /dev/null +++ b/bin/v-blacklist-email-domain @@ -0,0 +1,133 @@ +#!/bin/bash +# info: Add a domain to exim4 and spamassassin blacklist +# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a domain already exists in a file +check_domain_exists() { + local domain=$1 + local file=$2 + grep -qE "^${domain}$" "$file" +} + +# Function to check if a SpamAssassin entry already exists +check_spamassassin_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add domain to file +add_domain_to_file() { + local domain=$1 + local file=$2 + echo "$domain" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for Exim4 +EXIM_ENTRY_MAIN="$DOMAIN" +EXIM_ENTRY_SUB="*.$DOMAIN" + +# Prepare entries for SpamAssassin +SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}" +SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE." + else + echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE." + fi +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 diff --git a/bin/v-change-database-owner b/bin/v-change-database-owner index d84d8eb2..983f7cb1 100755 --- a/bin/v-change-database-owner +++ b/bin/v-change-database-owner @@ -60,6 +60,10 @@ if [ ! -z "$check_db" ]; then exit $E_EXISTS fi +if [ ! -d "/backup" ]; then + echo "There is no /backup folder, creating it now..." + mkdir /backup +fi #----------------------------------------------------------# # Action # diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress new file mode 100644 index 00000000..1a364307 --- /dev/null +++ b/bin/v-change-database-password-for-all-wordpress @@ -0,0 +1,65 @@ +#!/bin/bash +# info: change db password to all wordpress databases +# options: +# +# The command is used for changing db password to all wordpress databases on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +only_user=''; +if [ ! -z "$1" ]; then + only_user=$1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +touch /root/remember-db-user-pass.txt + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + if [ ! -z "$only_user" ]; then + if [ "$only_user" != "$user" ]; then + continue; + fi + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user + echo "--------------------------------" + fi + done + + if [ ! -z "$only_user" ]; then + break; + fi + +done + +# cat /root/remember-db-user-pass.txt +if [ -f "/root/remember-db-user-pass.txt" ]; then + rm /root/remember-db-user-pass.txt +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress new file mode 100644 index 00000000..7f31b181 --- /dev/null +++ b/bin/v-change-database-password-for-wordpress @@ -0,0 +1,132 @@ +#!/bin/bash +# info: change database password for wordpress +# options: +# +# The command is used for changing database password for wordpress. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user + +if [ -z "$user" ]; then + echo "ERROR: Domain $domain not found" + exit 1; +fi + +if [ ! -d "/home/$user" ]; then + echo "ERROR: User $user doesn't exist"; + exit 1; +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "ERROR: Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo "=== Domain: $domain" + wp_config_path="/home/$user/web/$domain/public_html/wp-config.php" + if grep -q $'\r' $wp_config_path; then + echo "=== removing CRLF from wp-config.php" + tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path + chown $user:$user $wp_config_path + fi + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") + if [ -z "$db_name" ]; then + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+") + fi + if [ -z "$db_user" ]; then + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+") + fi + new_password='' + found_existing_password=0 + if [ -f "/root/remember-db-user-pass.txt" ]; then + db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt) + if [ -n "$db_user_pass" ]; then + new_password=$(echo "$db_user_pass" | cut -d':' -f2) + echo "= Using existing password for $db_user" + found_existing_password=1 + fi + fi + + if [ -z "$new_password" ]; then + new_password=$(generate_password) + fi + + echo "DB name: $db_name" + echo "DB user: $db_user" + echo "New DB password: $new_password" + if [ $found_existing_password -eq 0 ]; then + touch /root/remember-db-user-pass.txt + echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt + chown root:root /root/remember-db-user-pass.txt + chmod 600 /root/remember-db-user-pass.txt + fi + /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" + if [ $? -ne 0 ]; then + echo "*************** ERROR: Failed to change database password ***************" + exit 1; + fi + line="define('DB_PASSWORD', '$new_password');" + chattr -i $wp_config_path + sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path + new_password_line=$(grep "DB_PASSWORD" $wp_config_path) + echo "New DB password line: $new_password_line" + if [ "$new_password_line" != "$line" ]; then + echo "*************** ERROR: line in wp-config.php is not what we expected ***************" + echo "Expected: $line" + echo "Actual : $new_password_line" + echo "*************** ERROR: Please check wp-config.php manually ***************" + exit 1; + fi +else + echo "ERROR: WP-config.php not found" + exit 1; +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit 0; diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www new file mode 100644 index 00000000..1f230099 --- /dev/null +++ b/bin/v-change-dir-www @@ -0,0 +1,71 @@ +#!/bin/bash +# info: Change directory to the public_html folder of a domain +# usage: source v-cd-www DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + echo "This script must be sourced to change the current directory." + echo "Usage: source v-cd-www DOMAIN" + exit 1 +fi + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + return 1 +fi + +# Importing system environment +source /etc/profile +PATH=$PATH:/usr/local/vesta/bin && export PATH + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) + +if [ -z "$user" ]; then + echo "Domain $domain doesn't exist" + return 1 +fi + +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User $user doesn't exist" + return 1 +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain $domain doesn't have a public_html directory" + return 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "/home/$user/web/$domain/public_html" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +return 0 diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 8f267307..ed5fa5a4 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user #----------------------------------------------------------# # Action # @@ -57,11 +60,11 @@ if [ ! -z "$web_data" ]; then ssl_key=$VESTA/data/users/$owner/ssl/$domain.key ssl_ca=$VESTA/data/users/$owner/ssl/$domain.ca ssl_pem=$VESTA/data/users/$owner/ssl/$domain.pem - mv $ssl_crt $VESTA/data/users/$user/ssl/ - mv $ssl_key $VESTA/data/users/$user/ssl/ - mv $ssl_ca $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1 - mv $ssl_pem $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1 - rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* + cp $ssl_crt $VESTA/data/users/$user/ssl/ + cp $ssl_key $VESTA/data/users/$user/ssl/ + cp $ssl_ca $VESTA/data/users/$user/ssl/ > /dev/null 2>&1 + cp $ssl_pem $VESTA/data/users/$user/ssl/ > /dev/null 2>&1 + # rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* fi # Check ftp user account @@ -79,10 +82,23 @@ if [ ! -z "$web_data" ]; then # Move data mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/ + if [ -d "/hdd/home/$owner/web/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain + fi + # Change ownership find $HOMEDIR/$user/web/$domain -user $owner \ -exec chown -h $user:$user {} \; + if [ "$SSL" = 'yes' ]; then + sleep 10 + rm $ssl_crt + rm $ssl_key + rm $ssl_ca > /dev/null 2>&1 + rm $ssl_pem > /dev/null 2>&1 + rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* + fi + # Rebuild config $BIN/v-unsuspend-web-domain $user $domain no >> /dev/null 2>&1 $BIN/v-rebuild-web-domains $owner no @@ -140,6 +156,10 @@ if [ ! -z "$mail_data" ]; then # Move data mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/ + if [ -d "/hdd/home/$owner/mail/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain + fi + # Change ownership find $HOMEDIR/$user/mail/$domain -user $owner \ -exec chown -h $user {} \; diff --git a/bin/v-change-firewall-rule b/bin/v-change-firewall-rule index d2502bce..aad2ec38 100755 --- a/bin/v-change-firewall-rule +++ b/bin/v-change-firewall-rule @@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'" str="$str TIME='$time' DATE='$date'" +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting old rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf @@ -74,6 +76,14 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + NEWIP=$ip + parse_object_kv_list_non_eval "$oldvalues" + sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-sys-config-value b/bin/v-change-sys-config-value index 10657656..3681075c 100755 --- a/bin/v-change-sys-config-value +++ b/bin/v-change-sys-config-value @@ -28,6 +28,7 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin" check_args '2' "$#" 'KEY VALUE' is_format_valid 'key' +format_no_quotes "$value" 'value' #----------------------------------------------------------# # Action # diff --git a/bin/v-change-user-package b/bin/v-change-user-package index d0de98db..1e088bcc 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -16,6 +16,7 @@ force=$3 # Includes source $VESTA/func/main.sh +source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf is_package_avalable() { @@ -23,7 +24,7 @@ is_package_avalable() { usr_data=$(cat $USER_DATA/user.conf) IFS=$'\n' for key in $usr_data; do - eval ${key%%=*}=${key#*=} + parse_object_kv_list_non_eval $key done WEB_DOMAINS='0' @@ -35,7 +36,7 @@ is_package_avalable() { pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\ grep -v DATE) - eval $pkg_data + parse_object_kv_list_non_eval $pkg_data # Checking usage agains package limits if [ "$WEB_DOMAINS" != 'unlimited' ]; then @@ -73,11 +74,15 @@ is_package_avalable() { check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage" fi fi + + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } change_user_package() { - eval $(cat $USER_DATA/user.conf) - eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") + parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf) + parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") echo "FNAME='$FNAME' LNAME='$LNAME' PACKAGE='$package' diff --git a/bin/v-change-user-rkey b/bin/v-change-user-rkey new file mode 100644 index 00000000..38777e4c --- /dev/null +++ b/bin/v-change-user-rkey @@ -0,0 +1,60 @@ +#!/bin/bash +# info: change user rkey +# options: USER +# +# The function changes user's RKEY value. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +if [ "$user" = "root" ]; then + check_result $E_FORBIDEN "Changing root password is forbiden" +fi + +check_args '1' "$#" 'USER' +is_format_valid 'user' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +hash=$(generate_password) +d=$(date +%s) + +# Changing RKEY value +update_user_value "$user" '$RKEY' "$hash" + +#check if RKEYEXP exists +if [ -z "$(grep RKEYEXP $USER_DATA/user.conf)" ]; then + sed -i "s/^RKEY/RKEYEXP='$d'\nRKEY/g" $USER_DATA/user.conf +else + update_user_value "$user" '$RKEYEXP' "$d" +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_history "changed rkey" +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-vesta-port b/bin/v-change-vesta-port index 09cff31d..7ea7827e 100755 --- a/bin/v-change-vesta-port +++ b/bin/v-change-vesta-port @@ -41,12 +41,14 @@ is_int_format_valid "$port" 'port number' #----------------------------------------------------------# sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf +sed -i "s|$oldport ssl;|$port ssl;|g" $VESTA/nginx/conf/nginx.conf if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php fi sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf $VESTA/bin/v-update-firewall systemctl restart fail2ban.service +sed -i "s| $oldport | $port |g" /etc/iptables.rules systemctl restart vesta #----------------------------------------------------------# diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords new file mode 100644 index 00000000..bca23ad8 --- /dev/null +++ b/bin/v-change-wordpress-admin-passwords @@ -0,0 +1,201 @@ +#!/bin/bash +# info: interactively delete or change WordPress admin passwords for a given domain +# options: DOMAIN +# +# d → delete user (with content reassignment) +# c → change password (random 10-char alnum) +# s → skip +# x → exit + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +# WP-CLI wrapper +if [ ! -z "$PHP" ]; then + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +else + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +fi + +# random 10-char password +gen_pass() { tr -dc 'A-Za-z0-9' > /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + else + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + echo "Failed to change password for $TARGET." + fi + break + ;; + [Ss]* ) + echo "Skipping $TARGET." + break + ;; + [Xx]* ) + echo "Exiting." + exit 0 + ;; + * ) echo "Please answer d, c, s, or x." ;; + esac + done +done <<< "$ADMIN_LIST_CSV" + +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "" + echo "" + echo "-------------------------------------" + echo "For website $DOMAIN - new wp-admin passwords have been set." + echo "-------------------------------------" + cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + echo "-------------------------------------" + echo "" + echo "" + read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty + if [ -z "$SAVE_PASSWORDS" ]; then + SAVE_PASSWORDS="n" + fi + if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then + rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + fi +fi + +#----------------------------------------------------------# +# flush cache and refresh all security salts # +#----------------------------------------------------------# + +echo "-------------------------------------" +echo +echo "Flushing cache and refreshing salts..." + +RUN="$WP_RUN cache flush" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts" +eval "$RUN" + +echo "Cache flushed and salts refreshed." + +echo +echo "Done." + +exit 0 diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage new file mode 100644 index 00000000..11e29122 --- /dev/null +++ b/bin/v-clean-garbage @@ -0,0 +1,133 @@ +#!/bin/bash +# info: Clean all unnecessary files like logs +# options: NONE +# +# The function is cleaning all unnecessary files like logs + +#----------------------------------------------------------# +# Verifications & Variable & Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +echo "===== Before cleaning =====" +df -h +echo "===========================" + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# turn off tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') +fi + +find /tmp/ -type f -mtime +7 -delete +rm /var/backups/* > /dev/null 2>&1 +rm /var/cache/apt/archives/* > /dev/null 2>&1 +cd /var/log +truncate -s 0 xferlog lastlog faillog btmp syslog; +find /var/log/ -name "*.log" -not -path "/var/log/apt/*" -type f -exec truncate -s 0 {} \; +find /var/log/ -name "*.err" -type f -exec truncate -s 0 {} \; +find /var/log/ -name "errors" -type f -exec truncate -s 0 {} \; +find /var/log/ -name "*.info" -type f -exec truncate -s 0 {} \; +find /var/log/ -name "*.warn" -type f -exec truncate -s 0 {} \; +find /var/log/ -type f -name "*.1" -delete +find /var/log/ -type f -name "*.2" -delete +find /var/log/ -type f -name "*.3" -delete +find /var/log/ -type f -name "*.4" -delete +find /var/log/ -type f -name "*.5" -delete +find /var/log/ -type f -name "*.6" -delete +find /var/log/ -type f -name "*.7" -delete +find /var/log/ -type f -name "*.8" -delete +find /var/log/ -type f -name "*.9" -delete +find /var/log/ -name "*.gz" -type f -delete +find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; +find /usr/local/vesta/log/ -type f -not -name "*.log" -delete +find /var/log/exim4/ -type f -exec truncate -s 0 {} \; +truncate -s 0 /*.log > /dev/null 2>&1 +rm /panic-*.log > /dev/null 2>&1 +rm /var/log/panic-*.log > /dev/null 2>&1 + +clean_home() { + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1 + find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/ai1wm-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; + nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; + nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; +} + +clean_home "/home" +if [ -d "/hdd/home" ]; then + clean_home "/hdd/home" +fi + +# Cleaning fail2ban database +fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') +if [ $fail2ban_running -eq 1 ]; then + systemctl stop fail2ban +fi +if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then + rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + systemctl restart nginx + fi + fi +fi +if [ $fail2ban_running -eq 1 ]; then + systemctl start fail2ban +fi + +# turn on tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 & +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & +fi + +exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim') +if [ $exim_installed -gt 0 ]; then + systemctl restart exim4 +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +echo "" +echo "***** Garbage cleaned *****" +echo "" +echo "===== After cleaning ======" +df -h +echo "===========================" + + +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-clear-fail2ban b/bin/v-clear-fail2ban new file mode 100644 index 00000000..ab3ab30c --- /dev/null +++ b/bin/v-clear-fail2ban @@ -0,0 +1,59 @@ +#!/bin/bash +# info: Clean fail2ban database +# options: NONE +# +# The function is cleaning fail2ban database + +#----------------------------------------------------------# +# Verifications & Variable & Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# check if fail2ban is installed +fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban') +if [ $fail2ban_installed -eq 0 ]; then + echo "Fail2ban is not installed" + exit 1 +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Cleaning fail2ban database +fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') +if [ $fail2ban_running -eq 1 ]; then + echo "== Stopping fail2ban" + systemctl stop fail2ban +fi +if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then + echo "== Cleaning fail2ban database" + rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + echo "== Cleaning nginx block.conf" + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting nginx" + systemctl restart nginx + fi + fi +fi +if [ $fail2ban_running -eq 1 ]; then + echo "== Starting fail2ban" + systemctl start fail2ban +fi + +echo "== Done, fail2ban database cleaned" + +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-clone-website b/bin/v-clone-website index ed7344ab..9bebbffd 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -9,16 +9,18 @@ if [ $# -lt 2 ]; then echo "USAGE: v-clone-website FROM_DOMAIN TO_DOMAIN" echo "Available parameters:" - echo "--DATABASE_SUFIX=... (default is '_migrated')" + echo "--DATABASE_SUFIX=... (will be added to database name)" echo "--TO_DATABASE=... (this will override --TO_DATABASE_NAME, --TO_DATABASE_USERNAME and --DATABASE_SUFIX)" echo "--FROM_DATABASE_NAME=..." echo "--FROM_DATABASE_USERNAME=..." echo "--FROM_DATABASE_PASSWORD=..." - echo "--FROM_CONFIG_FILE=..." + echo "--CONFIG_FILE=..." echo "--TO_USER=..." echo "--TO_DATABASE_NAME=..." echo "--TO_DATABASE_USERNAME=..." echo "--TO_DATABASE_PASSWORD=..." + echo "--SITE_SUBFOLDER=..." + echo "--EXCLUDE_UPLOADS=1 (or do not set it)" exit 1 fi @@ -41,6 +43,7 @@ source /etc/profile # Includes source /usr/local/vesta/func/main.sh source /usr/local/vesta/func/db.sh +source /usr/local/vesta/conf/vesta.conf FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' @@ -50,8 +53,13 @@ TO_DATABASE_NAME='' TO_DATABASE_USERNAME='' TO_DATABASE_PASSWORD='' DATABASE_SUFIX='_migrated' +SITE_SUBFOLDER='' +SEARCH_FOR_CONFIGS_DATABASE_NAME='' +SEARCH_FOR_CONFIGS_DATABASE_USERNAME='' -source /usr/local/vesta/func/handle_parameters.sh +if [ ! -z "$MAX_DBUSER_LEN" ] && [ "$MAX_DBUSER_LEN" -ge 80 ]; then + DATABASE_SUFIX='' +fi #----------------------------------------------------------# # Verifications # @@ -63,9 +71,21 @@ is_domain_format_valid "$TO_DOMAIN" FROM_USER=$user -r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain "$FROM_DOMAIN") +# take --parameters +source /usr/local/vesta/func/handle_parameters.sh + +if [ -z "$SITE_SUBFOLDER" ]; then + r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain "$FROM_DOMAIN") +else + r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain "$FROM_DOMAIN" "$SITE_SUBFOLDER") +fi +#echo $r +#exit eval $r +# take --parameters +source /usr/local/vesta/func/handle_parameters.sh + FROM_FOLDER=$SITE_FOLDER if [ ! -z "$CONFIG_FILE" ]; then @@ -154,36 +174,46 @@ CHECK_PUBLIC_SHTML=$(/usr/local/vesta/bin/v-list-web-domain "$TO_USER" "$TO_DOMA if [ $CHECK_PUBLIC_SHTML -eq 1 ]; then TO_FOLDER="/home/$TO_USER/web/$TO_DOMAIN/public_shtml" fi +if [ ! -z "$SITE_SUBFOLDER" ]; then + TO_FOLDER="$TO_FOLDER/$SITE_SUBFOLDER" +fi TO_CONFIG_FILE_FULL_PATH="$TO_FOLDER/$FROM_CONFIG_FILE" -LENGTH_OF_DATABASE_SUFIX=${#DATABASE_SUFIX} -if [ -z "$TO_DATABASE_NAME" ]; then - LENGTH_OF_TO_DATABASE_NAME=${#FROM_DATABASE_NAME} - START_FROM=$((LENGTH_OF_TO_DATABASE_NAME-LENGTH_OF_DATABASE_SUFIX)) - CHECK_PREFIX=${FROM_DATABASE_NAME:START_FROM} - if [ "$CHECK_PREFIX" = "${DATABASE_SUFIX}" ]; then - TO_DATABASE_NAME="${TO_USER}_${FROM_DATABASE_NAME_WITHOUT_PREFIX}" - LENGTH_OF_TO_DATABASE_NAME=${#TO_DATABASE_NAME} - CUT_TO=$((LENGTH_OF_TO_DATABASE_NAME-LENGTH_OF_DATABASE_SUFIX)) - TO_DATABASE_NAME=${TO_DATABASE_NAME:0:CUT_TO} - else - TO_DATABASE_NAME="${TO_USER}_${FROM_DATABASE_NAME_WITHOUT_PREFIX}${DATABASE_SUFIX}" - fi -fi -if [ -z "$TO_DATABASE_USERNAME" ]; then - LENGTH_OF_TO_DATABASE_USERNAME=${#FROM_DATABASE_USERNAME} - START_FROM=$((LENGTH_OF_TO_DATABASE_USERNAME-LENGTH_OF_DATABASE_SUFIX)) - CHECK_PREFIX=${FROM_DATABASE_USERNAME:START_FROM} - if [ "$CHECK_PREFIX" = "${DATABASE_SUFIX}" ]; then - TO_DATABASE_USERNAME="${TO_USER}_${FROM_DATABASE_USERNAME_WITHOUT_PREFIX}" - LENGTH_OF_TO_DATABASE_USERNAME=${#TO_DATABASE_USERNAME} - CUT_TO=$((LENGTH_OF_TO_DATABASE_USERNAME-LENGTH_OF_DATABASE_SUFIX)) - TO_DATABASE_USERNAME=${TO_DATABASE_USERNAME:0:CUT_TO} - else - TO_DATABASE_USERNAME="${TO_USER}_${FROM_DATABASE_USERNAME_WITHOUT_PREFIX}${DATABASE_SUFIX}" +if [ ! -z "$MAX_DBUSER_LEN" ] && [ "$MAX_DBUSER_LEN" -ge 80 ] && [ -z "$DATABASE_SUFIX" ]; then + TO_DATABASE_NAME=$(echo "$TO_DOMAIN" | sed 's#\.#_#g') + TO_DATABASE_NAME="${TO_USER}_$TO_DATABASE_NAME" + TO_DATABASE_USERNAME=$TO_DATABASE_NAME +else + LENGTH_OF_DATABASE_SUFIX=${#DATABASE_SUFIX} + if [ -z "$TO_DATABASE_NAME" ]; then + LENGTH_OF_TO_DATABASE_NAME=${#FROM_DATABASE_NAME} + START_FROM=$((LENGTH_OF_TO_DATABASE_NAME-LENGTH_OF_DATABASE_SUFIX)) + CHECK_PREFIX=${FROM_DATABASE_NAME:START_FROM} + if [ "$CHECK_PREFIX" = "${DATABASE_SUFIX}" ]; then + TO_DATABASE_NAME="${TO_USER}_${FROM_DATABASE_NAME_WITHOUT_PREFIX}" + LENGTH_OF_TO_DATABASE_NAME=${#TO_DATABASE_NAME} + CUT_TO=$((LENGTH_OF_TO_DATABASE_NAME-LENGTH_OF_DATABASE_SUFIX)) + TO_DATABASE_NAME=${TO_DATABASE_NAME:0:CUT_TO} + else + TO_DATABASE_NAME="${TO_USER}_${FROM_DATABASE_NAME_WITHOUT_PREFIX}${DATABASE_SUFIX}" + fi + fi + if [ -z "$TO_DATABASE_USERNAME" ]; then + LENGTH_OF_TO_DATABASE_USERNAME=${#FROM_DATABASE_USERNAME} + START_FROM=$((LENGTH_OF_TO_DATABASE_USERNAME-LENGTH_OF_DATABASE_SUFIX)) + CHECK_PREFIX=${FROM_DATABASE_USERNAME:START_FROM} + if [ "$CHECK_PREFIX" = "${DATABASE_SUFIX}" ]; then + TO_DATABASE_USERNAME="${TO_USER}_${FROM_DATABASE_USERNAME_WITHOUT_PREFIX}" + LENGTH_OF_TO_DATABASE_USERNAME=${#TO_DATABASE_USERNAME} + CUT_TO=$((LENGTH_OF_TO_DATABASE_USERNAME-LENGTH_OF_DATABASE_SUFIX)) + TO_DATABASE_USERNAME=${TO_DATABASE_USERNAME:0:CUT_TO} + else + TO_DATABASE_USERNAME="${TO_USER}_${FROM_DATABASE_USERNAME_WITHOUT_PREFIX}${DATABASE_SUFIX}" + fi fi fi + if [ ! -z "$TO_DATABASE" ]; then TO_DATABASE_USERNAME=$TO_DATABASE TO_DATABASE_NAME=$TO_DATABASE @@ -217,35 +247,44 @@ if [ $FROM_DOMAIN_HAS_SSL -eq 1 ] && [ $TO_DOMAIN_HAS_SSL -eq 0 ]; then SHOULD_INSTALL_SSL=1 fi +FROM_FPM_VER="" +if [[ $FROM_DOMAIN_TPL == "PHP-FPM-"* ]]; then + FROM_FPM_TPL_VER=${FROM_DOMAIN_TPL:8:2} + FROM_FPM_VER="${FROM_DOMAIN_TPL:8:1}.${FROM_DOMAIN_TPL:9:1}" +fi + # ----------- CHECK ------------- if [ $IT_IS_WP -eq 0 ]; then - if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then - echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/" - exit 13 - fi - if [ ! -f "/usr/bin/php7.0" ]; then - echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0" - exit 14 - fi -else - if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp + if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then + if [ ! -f "/usr/bin/git" ]; then + apt-get update > /dev/null 2>&1 + apt-get -y install git > /dev/null 2>&1 + fi + cd /root + git clone https://github.com/interconnectit/Search-Replace-DB.git fi fi +CREATE_TO_DATABASE=0 +object=$(grep "DB='$TO_DATABASE_NAME'" $VESTA/data/users/$TO_USER/db.conf) +if [ -z "$object" ]; then + CREATE_TO_DATABASE=1 +fi + # ----------- PRINT ------------- echo "===============================================================================" -echo "FROM_DOMAIN = $FROM_DOMAIN" -echo "TO_DOMAIN = $TO_DOMAIN" -echo "FROM_USER = $FROM_USER" -echo "TO_USER = $TO_USER" -echo "FROM_FOLDER = $FROM_FOLDER" -echo "TO_FOLDER = $TO_FOLDER" -echo "IT_IS_WP = $IT_IS_WP" +echo "FROM_DOMAIN = $FROM_DOMAIN" +echo "TO_DOMAIN = $TO_DOMAIN" +echo "FROM_USER = $FROM_USER" +echo "TO_USER = $TO_USER" +echo "SITE_SUBFOLDER = $SITE_SUBFOLDER" +echo "FROM_FOLDER = $FROM_FOLDER" +echo "TO_FOLDER = $TO_FOLDER" +echo "CMS_TYPE = $CMS_TYPE" +echo "IT_IS_WP = $IT_IS_WP" +echo "CONFIG_FILE = $CONFIG_FILE" echo "FROM_CONFIG_FILE_FULL_PATH = $FROM_CONFIG_FILE_FULL_PATH" echo "TO_CONFIG_FILE_FULL_PATH = $TO_CONFIG_FILE_FULL_PATH" echo "FROM_DATABASE_NAME = $FROM_DATABASE_NAME" @@ -261,10 +300,15 @@ echo "TO_DATABASE_USERNAME_WITHOUT_PREFIX = $TO_DATABASE_USERNAME_WITHOUT_PREF echo "DATABASE_SUFIX = $DATABASE_SUFIX" echo "CREATE_TO_USER = $CREATE_TO_USER" echo "CREATE_TO_DOMAIN = $CREATE_TO_DOMAIN" +echo "CREATE_TO_DATABASE = $CREATE_TO_DATABASE" echo "SHOULD_INSTALL_SSL = $SHOULD_INSTALL_SSL" echo "FROM_DOMAIN_TPL = $FROM_DOMAIN_TPL" +echo "FROM_FPM_VER = $FROM_FPM_VER" echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL" echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT" +echo "SEARCH_FOR_CONFIGS_DATABASE_NAME = $SEARCH_FOR_CONFIGS_DATABASE_NAME" +echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME" +echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS" echo "===============================================================================" read -p "=== Press Enter to continue ===" @@ -275,7 +319,7 @@ read -p "=== Press Enter to continue ===" if [ $CREATE_TO_USER -eq 1 ]; then pass=$(vesta_generate_pass 10) echo "=== Create user $TO_USER, pass=$pass" - /usr/local/vesta/bin/v-add-user "$TO_USER" "$pass" "info@$TO_DOMAIN" "default" "Migrated" "site" + /usr/local/vesta/bin/v-add-user "$TO_USER" "$pass" "info@$TO_DOMAIN" "default" "Cloned" "site" fi if [ $CREATE_TO_DOMAIN -eq 1 ]; then @@ -296,14 +340,22 @@ if [ ! -z "$FROM_DOMAIN_TPL" ]; then echo "=== Set $FROM_DOMAIN_TPL template to domain $TO_DOMAIN" /usr/local/vesta/bin/v-change-web-domain-tpl "$TO_USER" "$TO_DOMAIN" "$FROM_DOMAIN_TPL" "yes" fi +if [ "$SITE_SUBFOLDER" = ".." ]; then + if [ ! -z "$FROM_FPM_VER" ]; then + POOLD_FILE="/etc/php/$FROM_FPM_VER/fpm/pool.d/$TO_DOMAIN.conf" + echo "=== Removing public_html from open_basedir in $POOLD_FILE" + sed -i "s|/public_html:|:|g" $POOLD_FILE + sed -i "s|/public_shtml:|:|g" $POOLD_FILE + systemctl restart php${FROM_FPM_VER}-fpm + fi +fi if [ ! -z "$FROM_DOMAIN_PROXY_TPL" ]; then echo "=== Set $FROM_DOMAIN_PROXY_TPL proxy template to domain $TO_DOMAIN" /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$TO_USER" "$TO_DOMAIN" "$FROM_DOMAIN_PROXY_TPL" "$FROM_DOMAIN_PROXY_EXT" "yes" fi -object=$(grep "DB='$TO_DATABASE_NAME'" $VESTA/data/users/$TO_USER/db.conf) -if [ -z "$object" ]; then +if [ $CREATE_TO_DATABASE -eq 1 ]; then echo "=== Create database $TO_DATABASE_NAME" /usr/local/vesta/bin/v-add-database "$TO_USER" "$TO_DATABASE_NAME_WITHOUT_PREFIX" "$TO_DATABASE_USERNAME_WITHOUT_PREFIX" "$TO_DATABASE_PASSWORD" 'mysql' 'localhost' 'utf8' fi @@ -314,12 +366,26 @@ if [ -d "/root/temp" ]; then fi mkdir -p /root/temp cd /root/temp -mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql +mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql +rm $FROM_DATABASE_NAME.sql + +EXCLUDE='' +if [ ! -z "$EXCLUDE_UPLOADS" ]; then + EXCLUDE="--exclude '/wp-content/uploads/*'" +fi echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER" -rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/ +if [ "$SITE_SUBFOLDER" != ".." ]; then + run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run +else + run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run +fi echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER" chown -R $TO_USER:$TO_USER $TO_FOLDER @@ -327,37 +393,65 @@ replace_php_config_value "${FROM_DATABASE_NAME}" "${TO_DATABASE_NAME}" "$TO_CONF replace_php_config_value "${FROM_DATABASE_USERNAME}" "${TO_DATABASE_USERNAME}" "$TO_CONFIG_FILE_FULL_PATH" "yes" replace_php_config_value "${FROM_DATABASE_PASSWORD}" "${TO_DATABASE_PASSWORD}" "$TO_CONFIG_FILE_FULL_PATH" "yes" -echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in folder $TO_FOLDER" +echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN by searching in folder $TO_FOLDER" REGEXP_FROM_DOMAIN="${FROM_DOMAIN//\./\\.}" grep -rl "$REGEXP_FROM_DOMAIN" $TO_FOLDER | xargs sed -i "s#$REGEXP_FROM_DOMAIN#$TO_DOMAIN#g" if [ "$FROM_USER" != "$TO_USER" ]; then - echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in folder $TO_FOLDER" + echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ by searching in folder $TO_FOLDER" grep -rl "/home/$FROM_USER/" $TO_FOLDER | xargs sed -i "s#/home/$FROM_USER/#/home/$TO_USER/#g" fi +if [ ! -z "$SEARCH_FOR_CONFIGS_DATABASE_NAME" ]; then + echo "=== Replacing ${FROM_DATABASE_NAME} to ${TO_DATABASE_NAME} by searching in folder $TO_FOLDER [SEARCH_FOR_CONFIGS_DATABASE_NAME]" + grep -rl "${FROM_DATABASE_NAME}" $TO_FOLDER | xargs sed -i "s#${FROM_DATABASE_NAME}#${TO_DATABASE_NAME}#g" +fi +if [ ! -z "$SEARCH_FOR_CONFIGS_DATABASE_USERNAME" ]; then + DO_SEARCH_FOR_CONFIGS_DATABASE_USERNAME=1; + if [ ! -z "$SEARCH_FOR_CONFIGS_DATABASE_NAME" ] && [ "$SEARCH_FOR_CONFIGS_DATABASE_NAME" = "$SEARCH_FOR_CONFIGS_DATABASE_USERNAME" ]; then + DO_SEARCH_FOR_CONFIGS_DATABASE_USERNAME=0 + fi + if [ $DO_SEARCH_FOR_CONFIGS_DATABASE_USERNAME -eq 1 ]; then + echo "=== Replacing ${FROM_DATABASE_USERNAME} to ${TO_DATABASE_USERNAME} by searching in folder $TO_FOLDER [SEARCH_FOR_CONFIGS_DATABASE_USERNAME]" + grep -rl "${FROM_DATABASE_USERNAME}" $TO_FOLDER | xargs sed -i "s#${FROM_DATABASE_USERNAME}#${TO_DATABASE_USERNAME}#g" + fi +fi if [ $IT_IS_WP -eq 0 ]; then echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "$FROM_DOMAIN" -r "$TO_DOMAIN" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "$FROM_DOMAIN" -r "$TO_DOMAIN" if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else - cd $TO_FOLDER - if [ -d "wp-content/plugins/w3-total-cache" ]; then - rm -f wp-content/object-cache.php - rm -f wp-content/db.php - rm -f wp-content/advanced-cache.php - rm -rf wp-content/w3tc-config - rm -rf wp-content/plugins/w3-total-cache - fi echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; + fi + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes; +fi + +# ----------- Update Wordfence WAF Path ------------- + +# Path to .user.ini file in the new domain directory +user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini" + +# Check if .user.ini exists +if [ -f "$user_ini" ]; then + echo "Updating .user.ini with new path..." + + # Change path from old domain to new domain + sed -i "s|/home/.*/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" $user_ini + + # Check if replacement was successful and update .user.ini + if [ $? -eq 0 ]; then + echo ".user.ini updated successfully." + else + echo "Failed to update .user.ini file." fi - sudo -H -u$TO_USER wp cache flush fi echo "===== DONE ====" diff --git a/bin/v-commander b/bin/v-commander new file mode 100644 index 00000000..a7fbf454 --- /dev/null +++ b/bin/v-commander @@ -0,0 +1,634 @@ +#!/bin/bash + +numargs=$# + +SHOWHEADER=0 +if [ $numargs -eq 0 ]; then + SHOWHEADER=1 +fi +if [ $numargs -eq 1 ] && [ "$1" = "q" ]; then + SHOWHEADER=1 +fi + + +source /etc/profile +PATH=$PATH:/usr/local/vesta/bin && export PATH +if [ $SHOWHEADER -eq 1 ]; then + echo "======================= mvVesta-commander ================================" +fi + +if [ -f /root/kernelupdate ]; then + rm /root/kernelupdate +fi +apt_updated=0 +apt_upgraded=0 +quit_on_empty=0 + +if [ $SHOWHEADER -eq 1 ]; then + hostname + if [ -f "/root/current-status.txt" ]; then + echo "------------------ WAS LONG TIME AGO ------------------" + cat /root/current-status.txt + truncate -s 0 /root/current-status.txt + fi + echo -n 'Debian ' >> /root/current-status.txt && cat /etc/debian_version >> /root/current-status.txt + php -v | grep '^PHP' >> /root/current-status.txt + /usr/local/vesta/bin/v-list-sys-services >> /root/current-status.txt + /usr/local/vesta/bin/v-list-sys-web-status | grep "Server MPM:" >> /root/current-status.txt + w | grep 'load average' >> /root/current-status.txt + df -h | grep "/$" >> /root/current-status.txt + + echo "------------------------ NOW ------------------------" + cat /root/current-status.txt + echo "-----------------------------------------------------" + echo "(press 'h' for help)" + echo "" +fi + +check_status() { + echo "==============================================================" + hostname + echo "------------------------ WAS ------------------------" + cat /root/current-status.txt + echo "------------------------ NOW ------------------------" + hostname + echo -n 'Debian ' && cat /etc/debian_version + php -v | grep '^PHP' + /usr/local/vesta/bin/v-list-sys-services + /usr/local/vesta/bin/v-list-sys-web-status | grep "Server MPM:" + w | grep 'load average' + df -h | grep "/$" + echo "-----------------------------------------------------" +} + +myhelp() { + echo "---------- Press: -----------" + echo "a = Activate Email rate limit" + echo "b = bash" + echo "c = check status" + echo "d = df -h" + echo "e = make sure Apache is in mpm_event" + echo "f = free -h" + echo "g = apt-get upgrade" + echo "h = help" + echo "m = install php-memcached" + echo "p = set version of php as default" + echo "q = quit" + echo "r = reboot" + echo "s = download sury.org apt-get key" + echo "n = download nginx gpg key" + echo "freexian = add Freexian repository" + echo "t = clean the trash" + echo "u = apt-get update" + echo "v = update myVesta" + echo "vo = update myVesta without 'apt-get update'" + echo "w = w" + echo "-----------------------------" + echo "inst v = install myVesta" + echo "inst p = install multi-php" + echo "inst pgw = install php-gate" + echo "inst r = install new Roundcube" + echo "inst memcached = install memcached" + echo "inst redis = install Redis" + echo "inst nginx-rate-limit = install nginx-rate-limit templates" + echo "dis fb = stop and disable fail2ban" + echo "dis dove = stop and disable dovecot" + echo "dis spam = stop and disable spamassassin" + echo "dis clam = stop and disable ClamAV" + echo "p 7.0 = set default php 7.0" + echo "p 7.3 = set default php 7.3" + echo "p 7.4 = set default php 7.4" + echo "p def = set proper default php" + echo "e def = set mpm_event if needed" + echo "m def = install php-memcached if needed" + echo "check fc = check if FreshClam is up" + echo "-----------------------------" + echo "enable-ssh-root-password-login = Allow root password authentication via SSH" + echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" + echo "-----------------------------" +} + +apt_update() { + echo "=============================" + echo "== running: apt-get update" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 10 ]; then + apt-get update + else + apt-get update --allow-releaseinfo-change + fi + apt_updated=1 +} + +COUNTER=0 +HAS_PARAMETERS=0 + +while true +do + + COUNTER=$((COUNTER + 1)) + if [ $COUNTER -le $numargs ]; then + HAS_PARAMETERS=1 + answer=$1 + shift + else + if [ $HAS_PARAMETERS -eq 1 ]; then + exit; + fi + read -p 'What to do: ' answer + fi + + if [ "$answer" = 'prompt' ] || [ "$answer" = 'PROMPT' ]; then + echo "=============================" + echo "hostname: $HOSTNAME" + read -p 'What to do [or press Enter to continue]: ' answer + fi + + if [ "$answer" = '' ] && [ $quit_on_empty -eq 1 ]; then + answer='q' + fi + + if [ "$answer" = 'quit-on-empty' ]; then + echo "== the script will quit on next enter" + quit_on_empty=1 + HAS_PARAMETERS=0 + fi + + + if [ "$answer" = 'a' ] || [ "$answer" = 'A' ]; then + mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template + + touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_email_account_max_recipients + touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_hosting_account_max_recipients + + check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template + fi + + check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template + fi + + check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template + fi + + systemctl restart exim4 + echo "Email rate limit activated." + fi + + + + if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then + apt_update + fi + + if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then + echo "=============================" + echo "== running: apt-get upgrade" + + if [ $apt_upgraded -eq 0 ]; then + cp /var/log/apt/history.log /var/log/apt/history-`date +"%Y%m%d%H%M%S"`.log + truncate -s 0 /var/log/apt/history.log + fi + + apt-get -y --with-new-pkgs upgrade + apt-get -y dist-upgrade + apt_upgraded=1 + + kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log) + dbusupdate=$(grep -c ' dbus:a' /var/log/apt/history.log) + if [ $kernelupdate -gt 0 ] || [ $dbusupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then + touch /root/kernelupdate + echo "== kernel is updated, reboot is required!" + fi + fi + + if [ "$answer" = 'c' ] || [ "$answer" = 'C' ]; then + check_status + fi + + if [ "$answer" = 's' ] || [ "$answer" = 'S' ]; then + if [ -f "/etc/apt/trusted.gpg.d/php.gpg" ]; then + echo "=============================" + echo "== renewing sury.org gpg key" + wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg + fi + fi + + if [ "$answer" = 'n' ] || [ "$answer" = 'N' ]; then + if [ -f "/etc/apt/sources.list.d/nginx.list" ]; then + echo "=============================" + echo "== renewing nginx gpg key" + apt-get update + apt-get -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring + curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null + echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list + fi + fi + + if [ "$answer" = 'freexian' ] || [ "$answer" = 'FREEXIAN' ]; then + if [ "$release" -lt 11 ]; then + echo "=============================" + echo "== adding Freexian repository" + apt-get update + apt-get install lsb-release + wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb + cat /etc/apt/sources.list + mv /etc/apt/sources.list /etc/apt/sources.list.old + echo "deb http://deb.freexian.com/extended-lts `lsb_release -cs` main contrib non-free" > /etc/apt/sources.list + rm /etc/apt/sources.list.d/hetzner* + else + echo "== Freexian is not supported on Debian 11 or higher" + fi + fi + + if [ "$answer" = 'e def' ] || [ "$answer" = 'E DEF' ]; then + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + echo "=============================" + echo "== checking if we need mpm_event mode" + echo "== detected Debian $release" + if [ "$release" -eq 10 ] || [ "$release" -eq 11 ] || [ -f "/root/switch-apache-to-event-mode.sh" ]; then + isevent=$(/usr/local/vesta/bin/v-list-sys-web-status | grep -c "Server MPM: event") + if [ $isevent -eq 0 ]; then + echo "== Apache should be switched to mpm_event mode" + answer='e' + else + echo "== Apache is already in mpm_event mode" + fi + fi + + fi + if [ "$answer" = 'e' ] || [ "$answer" = 'E' ]; then + echo "=============================" + echo "== switching to mpm_event mode" + apt-get -y remove libapache2-mod-php* + a2dismod ruid2 + a2dismod suexec + a2dismod php5.6 + a2dismod php7.0 + a2dismod php7.1 + a2dismod php7.2 + a2dismod php7.3 + a2dismod php7.4 + a2dismod php8.0 + a2dismod php8.1 + a2dismod php8.2 + a2dismod mpm_prefork + a2enmod mpm_event + systemctl restart apache2 + fi + + if [ "$answer" = 'dis fb' ] || [ "$answer" = 'DIS FB' ]; then + echo "=============================" + echo "== disabling fail2ban" + systemctl stop fail2ban + systemctl disable fail2ban + systemctl status fail2ban + fi + + if [ "$answer" = 'dis dove' ] || [ "$answer" = 'DIS DOVE' ]; then + echo "=============================" + echo "== disabling dovecot" + systemctl stop dovecot.service + systemctl stop dovecot.socket + systemctl disable dovecot.service + fi + + if [ "$answer" = 'dis clam' ] || [ "$answer" = 'DIS CLAM' ]; then + echo "=============================" + echo "== disabling ClamAV" + systemctl stop clamav-daemon.service + systemctl disable clamav-daemon.service + + systemctl stop clamav-daemon.socket + systemctl disable clamav-daemon.socket + + systemctl stop clamav-freshclam.service + systemctl disable clamav-freshclam.service + + sed -i "s/^CLAMD =/#CLAMD =/g" /etc/exim4/exim4.conf.template + systemctl restart exim4 + fi + + if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then + echo "=============================" + echo "== disabling SpamAssassin" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 12 ]; then + systemctl stop spamassassin.service + systemctl disable spamassassin.service + else + systemctl stop spamd.service + systemctl disable spamd.service + fi + + sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template + sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template + systemctl restart exim4 + fi + + if [ "$answer" = 'p' ] || [ "$answer" = 'P' ]; then + echo "=============================" + echo "== changing default php version" + update-alternatives --config php + echo "--- NEW ---" + php -v | grep '^PHP' + fi + + if [ "$answer" = 'p 7.0' ] || [ "$answer" = 'P 7.0' ]; then + echo "=============================" + echo "== changing default php version to 7.0" + update-alternatives --set php /usr/bin/php7.0 + echo "--- NEW ---" + php -v | grep '^PHP' + fi + + if [ "$answer" = 'p 7.3' ] || [ "$answer" = 'P 7.3' ]; then + echo "=============================" + echo "== changing default php version to 7.3" + update-alternatives --set php /usr/bin/php7.3 + echo "--- NEW ---" + php -v | grep '^PHP' + fi + + if [ "$answer" = 'p 7.4' ] || [ "$answer" = 'P 7.4' ]; then + echo "=============================" + echo "== changing default php version to 7.4" + update-alternatives --set php /usr/bin/php7.4 + echo "--- NEW ---" + php -v | grep '^PHP' + fi + + if [ "$answer" = 'p def' ] || [ "$answer" = 'P DEF' ]; then + echo "=============================" + echo "== checking if we need to change default php version" + automode=$(update-alternatives --display php | grep -c 'auto mode') + echo "=============================" + if [ $automode -ge 1 ]; then + echo "=== php auto mode detected" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + echo "== detected Debian $release" + if [ "$release" -eq 8 ]; then + echo "== set default php 5" + update-alternatives --set php /usr/bin/php5 + fi + if [ "$release" -eq 9 ]; then + echo "== set default php 7.0" + update-alternatives --set php /usr/bin/php7.0 + fi + if [ "$release" -eq 10 ]; then + echo "== set default php 7.3" + update-alternatives --set php /usr/bin/php7.3 + fi + if [ "$release" -eq 11 ]; then + echo "== set default php 7.4" + update-alternatives --set php /usr/bin/php7.4 + fi + echo "--- NEW ---" + php -v | grep '^PHP' + else + echo "== php is already in manual mode" + php -v | grep '^PHP' + fi + fi + + + if [ "$answer" = 'v' ] || [ "$answer" = 'V' ]; then + echo "=============================" + echo "== updating myVesta" + if [ -f "/usr/local/vesta/bin/v-update-myvesta" ]; then + /usr/local/vesta/bin/v-update-myvesta + else + number_of_files=$(ls /var/cache/apt/archives/vesta_.* 2>/dev/null | wc -l) + if [ $number_of_files -gt 0 ]; then + rm /var/cache/apt/archives/vesta_* > /dev/null 2>&1 + fi + apt-get update -o Dir::Etc::sourcelist="sources.list.d/vesta.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" > /usr/local/vesta/log/update-$package.log 2>&1 + apt-get install --reinstall vesta + fi + fi + + if [ "$answer" = 'vo' ] || [ "$answer" = 'VO' ]; then + echo "=============================" + echo "== updating myVesta (without 'apt-get update')" + number_of_files=$(ls /var/cache/apt/archives/vesta_.* 2>/dev/null | wc -l) + if [ $number_of_files -gt 0 ]; then + rm /var/cache/apt/archives/vesta_* > /dev/null 2>&1 + fi + apt-get install --reinstall vesta + fi + + if [ "$answer" = 'vor' ] || [ "$answer" = 'VOR' ]; then + echo "=============================" + echo "== updating myVesta (without apt-get update and without reinstall)" + number_of_files=$(ls /var/cache/apt/archives/vesta_.* 2>/dev/null | wc -l) + if [ $number_of_files -gt 0 ]; then + rm /var/cache/apt/archives/vesta_* > /dev/null 2>&1 + fi + apt-get install vesta + fi + + if [ "$answer" = 't' ] || [ "$answer" = 'T' ]; then + echo "=============================" + echo "== cleaning trash" + df -m + echo "------" + ps -Af | grep tailf | grep -v "grep tailf" + echo "------" + /usr/local/vesta/bin/v-clean-garbage + echo "--------------" + df -m + echo "--------------" + ps -Af | grep tailf | grep -v "grep tailf" + fi + + if [ "$answer" = 'm def' ] || [ "$answer" = 'M DEF' ]; then + phpupdate=$(grep -c 'php' /var/log/apt/history.log) + if [ $phpupdate -gt 0 ]; then + answer='m' + fi + fi + + if [ "$answer" = 'm' ] || [ "$answer" = 'M' ]; then + echo "=============================" + echo "== installing php-memcache modules" + apt-get install -y $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ") + apt-get install -y $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ") + fi + + if [ "$answer" = 'd' ] || [ "$answer" = 'D' ]; then + echo "=============================" + echo "== running: df -h" + df -h + fi + + if [ "$answer" = 'f' ] || [ "$answer" = 'F' ]; then + echo "=============================" + echo "== running: free -h" + free -h + fi + + if [ "$answer" = 'w' ] || [ "$answer" = 'W' ]; then + echo "== running: free -h" + w + fi + + if [ "$answer" = 'inst p' ] || [ "$answer" = 'INST P' ]; then + echo "=============================" + echo "== installing new PHP versions" + cd /root + wget -nv -O /root/vesta-inst-php.sh https://c.myvestacp.com/tools/multi-php-install.sh + chmod u+x ./vesta-inst-php.sh + mcedit ./vesta-inst-php.sh + sudo ./vesta-inst-php.sh + fi + + if [ "$answer" = 'inst pgw' ] || [ "$answer" = 'INST PGW' ]; then + echo "=============================" + echo "== Installing phpgate" + wget -nv http://dl.myvestacp.com/vesta/install-phpgate.sh -O /root/install-phpgate.sh + chmod u+x /root/install-phpgate.sh + /root/install-phpgate.sh + fi + + if [ "$answer" = 'inst memcache' ] || [ "$answer" = 'inst memcached' ] || [ "$answer" = 'INST MEMCACHE' ] || [ "$answer" = 'INST MEMCACHED' ]; then + echo "=============================" + echo "== Installing memcached" + memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) + apt-get update + apt-get -y install memcached + apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ") + apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ") + if [ $memory -lt 15000000 ]; then + sed -i "s/-m 64/-m 256/" /etc/memcached.conf + else + sed -i "s/-m 64/-m 1024/" /etc/memcached.conf + fi + systemctl restart memcached + echo "== memcached installed." + echo "-----------------------" + fi + + if [ "$answer" = 'inst redis' ] || [ "$answer" = 'INST REDIS' ]; then + echo "=============================" + echo "== Installing Redis" + memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) + apt-get update + apt-get install -y redis-server + apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-redis ") + + sed -i "s|^supervised no|supervised systemd|g" /etc/redis/redis.conf + sed -i "s|^save |# save |g" /etc/redis/redis.conf + sed -i 's|^# save ""|save ""|g' /etc/redis/redis.conf + if [ $memory -lt 15000000 ]; then + sed -i "s|^# maxmemory .*|maxmemory 256m|g" /etc/redis/redis.conf + else + sed -i "s|^# maxmemory .*|maxmemory 1g|g" /etc/redis/redis.conf + fi + sed -i "s|^# maxmemory-policy .*|maxmemory-policy allkeys-lru|g" /etc/redis/redis.conf + systemctl restart redis + redis-cli info memory + echo "== Redis installed." + echo "-------------------" + fi + + if [ "$answer" = 'inst nginx-rate-limit' ] || [ "$answer" = 'INST NGINX-RATE-LIMIT' ]; then + echo "=============================" + echo "== Installing inst nginx-rate-limit templates" + curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh + bash install_rate_limit_tpl.sh + echo "== nginx-rate-limit templates installed." + echo "-------------------" + fi + + if [ "$answer" = 'check fc' ] || [ "$answer" = 'CHECK FC' ]; then + echo "== Checking if FreshClam is up" + clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running') + freshclamdown=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-freshclam' | grep -c 'off') + if [ $clamavup -eq 1 ] && [ $freshclamdown -eq 1 ]; then + echo "== Starting FreshClam" + systemctl enable clamav-freshclam.service + systemctl start clamav-freshclam.service + fi + fi + + if [ "$answer" = 'enable-ssh-root-password-login' ] || [ "$answer" = 'ENABLE-SSH-ROOT-PASSWORD-LOGIN' ]; then + sed -i "s|^PermitRootLogin .*|PermitRootLogin yes|g" /etc/ssh/sshd_config + sed -i "s|^#PermitRootLogin .*|PermitRootLogin yes|g" /etc/ssh/sshd_config + systemctl restart sshd + echo "--- New settings ---" + grep '^PermitRoot' /etc/ssh/sshd_config + echo "--------------------" + echo "Port 22 opened in Firewall for all IP addresses." + /usr/local/vesta/bin/v-unsuspend-firewall-rule "11" + echo "--------------------" + echo "Type 'passwd' in the terminal to set the root password." + echo "--------------------" + fi + + if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then + echo "=============================" + echo "== Rebooting the server" + reboot + fi + + if [ "$answer" = 'b' ] || [ "$answer" = 'B' ]; then + echo "=============================" + echo "== Running bash" + bash + fi + + if [ "$answer" = 'q' ] || [ "$answer" = 'Q' ]; then + echo "=============================" + echo "== Exiting... bye bye :)" + exit 0 + fi + + if [ "$answer" = 'h' ] || [ "$answer" = 'H' ]; then + myhelp + fi + + if [ "$answer" = 'inst v' ] || [ "$answer" = 'INST V' ]; then + echo "=============================" + echo "== installing myVesta" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 10 ]; then + apt-get update + else + apt-get update --allow-releaseinfo-change + fi + apt-get -y --with-new-pkgs upgrade && apt-get -y dist-upgrade + apt-get -y install curl wget mc git sudo dnsutils screen + cd ~ + curl -O http://c.myvestacp.com/vst-install-debian.sh + sudo bash vst-install-debian.sh + source /etc/profile + PATH=$PATH:/usr/local/vesta/bin && export PATH + fi + + if [ "$answer" = 'inst r' ] || [ "$answer" = 'INST R' ]; then + echo "=============================" + echo "== Installing new Roundcube" + wget -nv https://c.myvestacp.com/tools/install-new-roundcube.sh -O /root/install-new-roundcube.sh + chmod u+x /root/install-new-roundcube.sh + mcedit /root/install-new-roundcube.sh + /root/install-new-roundcube.sh + fi + + if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then + if [ ! -f "/root/.ssh/id_rsa.pub" ]; then + ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + fi + echo "=== YOUR id_rsa.pub IS BELOW ===" + cat /root/.ssh/id_rsa.pub + echo "======" + fi + +done diff --git a/bin/v-copy-fs-file b/bin/v-copy-fs-file index 792956ec..87447b40 100755 --- a/bin/v-copy-fs-file +++ b/bin/v-copy-fs-file @@ -43,7 +43,7 @@ fi # Checking destination path rpath=$(readlink -f "$dst_file") if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then - echo "Error: ivalid destination path $dst_file" + echo "Error: invalid destination path $dst_file" exit 2 fi diff --git a/bin/v-delete-database-of-domain b/bin/v-delete-database-of-domain new file mode 100644 index 00000000..30fd18c0 --- /dev/null +++ b/bin/v-delete-database-of-domain @@ -0,0 +1,69 @@ +#!/bin/bash +# info: delete database if domain has database +# options: DOMAIN +# +# The function for deleting database if domain has database + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +RET=$OK + +# echo "=================================" +r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain) +# echo $r +eval $r +# echo "=================================" + +if [ ! -z "$DATABASE_NAME" ]; then + echo "=== v-delete-database $USER $DATABASE_NAME" + /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME + if [ $? -ne 0 ]; then + echo "=== v-delete-database failed" + RET=$E_NOTEXIST + fi +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +log_event "$RET" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-domain b/bin/v-delete-domain index b6294679..1ca3373b 100755 --- a/bin/v-delete-domain +++ b/bin/v-delete-domain @@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user" if [ ! -z "$WEB_SYSTEM" ]; then str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf) if [ ! -z "$str" ]; then + $BIN/v-delete-database-of-domain $domain domain_found='yes' $BIN/v-delete-web-domain $user $domain 'no' - check_result $? "can't suspend web" > /dev/null + check_result $? "can't delete web" > /dev/null fi fi @@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-dns-domain $user $domain 'no' - check_result $? "can't suspend dns" > /dev/null + check_result $? "can't delete dns" > /dev/null fi fi @@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-mail-domain $user $domain - check_result $? "can't suspend mail" > /dev/null + check_result $? "can't delete mail" > /dev/null fi fi diff --git a/bin/v-delete-firewall-ban b/bin/v-delete-firewall-ban index 52f3403d..cb5b352c 100755 --- a/bin/v-delete-firewall-ban +++ b/bin/v-delete-firewall-ban @@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf + systemctl reload nginx +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 8f646644..10fd0fb9 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-inactive-wordpress-plugins-and-themes b/bin/v-delete-inactive-wordpress-plugins-and-themes new file mode 100644 index 00000000..e9b1715c --- /dev/null +++ b/bin/v-delete-inactive-wordpress-plugins-and-themes @@ -0,0 +1,165 @@ +#!/bin/bash +# info: delete inactive WordPress plugins and themes +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +# WP-CLI wrapper +if [ ! -z "$PHP" ]; then + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +else + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +fi + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 +echo "Inactive WordPress plugins for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes" +PLUGINS_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2) + +DEACTIVATED_PLUGINS_LIST_CSV="" + +if [ ! -z "$PLUGINS_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME" + fi + done <<< "$PLUGINS_LIST_CSV" +else + echo "No plugins found." +fi + +if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME" + file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php" + if [ -d "$folder" ] || [ -f "$file" ]; then + destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN" + if [ -d "$folder" ]; then + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + elif [ -f "$file" ]; then + source_path="$file" + destination_path="$destination_base_folder/$NAME.php" + fi + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + if [ -f "$destination_path" ]; then + echo "= File $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder or file $file not found - it does not exist?" + fi + fi + done <<< "$PLUGINS_LIST_CSV" + fi +fi + +echo "" +echo "Inactive WordPress themes for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes" +THEMES_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2) + +DEACTIVATED_THEMES_LIST_CSV="" + +if [ ! -z "$THEMES_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME" + fi + done <<< "$THEMES_LIST_CSV" +else + echo "No themes found." +fi + +if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME" + if [ -d "$folder" ]; then + destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN" + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder not found - it does not exist?" + fi + fi + done <<< "$THEMES_LIST_CSV" + fi +fi + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All deactivated plugins and themes moved to quarantine." + echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN" +else + echo "= No deactivated plugins or themes found." +fi +exit 0; diff --git a/bin/v-delete-mail-account b/bin/v-delete-mail-account index f0da423c..09c41b50 100755 --- a/bin/v-delete-mail-account +++ b/bin/v-delete-mail-account @@ -53,6 +53,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then sed -i "/^$account@$domain_idn:/d" $HOMEDIR/$user/conf/mail/$domain/aliases sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd + sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/accounts rm -rf $HOMEDIR/$user/mail/$domain/$account fi diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain index ee727aa9..9be565bb 100755 --- a/bin/v-delete-mail-domain +++ b/bin/v-delete-mail-domain @@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn rm -rf $HOMEDIR/$user/conf/mail/$domain rm -rf $HOMEDIR/$user/mail/$domain_idn + if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then + rm -rf /hdd/home/$user/mail/$domain_idn + fi fi # Deleting dkim dns record diff --git a/bin/v-delete-mail-domain-dkim b/bin/v-delete-mail-domain-dkim index f11e48d4..7cfbab58 100755 --- a/bin/v-delete-mail-domain-dkim +++ b/bin/v-delete-mail-domain-dkim @@ -48,7 +48,7 @@ fi # Deleting dns record if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then records=$($BIN/v-list-dns-records $user $domain plain) - dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') + dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}') for id in $dkim_records; do $BIN/v-delete-dns-record $user $domain $id done diff --git a/bin/v-delete-mails b/bin/v-delete-mails new file mode 100644 index 00000000..24ac68e5 --- /dev/null +++ b/bin/v-delete-mails @@ -0,0 +1,127 @@ +#!/bin/bash +# info: delete old emails (by mtime) for user/domain/account, with optional scope +# usage: v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE +# SCOPE: all – clean every Maildir folder (cur, new, tmp, custom subfolders) +# trash – clean only Trash/Junk/Spam folders + +# load Vesta functions & config +source "$VESTA/func/main.sh" +source "$VESTA/conf/vesta.conf" + +# read arguments +user="$1" +domain="$2" +account="$3" +mtime="$4" +scope="$5" + +# verify argument count +check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE' + +# validate scope +if [[ "$scope" != "all" && "$scope" != "trash" ]]; then + echo "ERROR: SCOPE must be 'all' or 'trash'." + exit 1 +fi + +# validate logical combinations +if [[ "$user" == "all" ]]; then + if [[ "$domain" != "all" || "$account" != "all" ]]; then + echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'." + exit 1 + fi +elif [[ "$domain" == "all" && "$account" != "all" ]]; then + echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'." + exit 1 +fi + +# build a detailed summary for the warning +declare -a summary_parts +if [[ "$user" == "all" ]]; then + summary_parts+=("all users") +else + summary_parts+=("user '$user'") +fi + +if [[ "$domain" == "all" ]]; then + summary_parts+=("all domains") +else + summary_parts+=("domain '$domain'") +fi + +if [[ "$account" == "all" ]]; then + summary_parts+=("all accounts") +else + summary_parts+=("account '$account'") +fi + +# join with commas +summary=$(printf ", %s" "${summary_parts[@]}") +summary=${summary:2} + +# only warn if any of them is 'all' or if mtime is 'all' +if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then + echo "WARNING: This will delete emails older than '$mtime' days for ${summary}." + read -p "Are you sure? (yes/no): " confirm + [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; } +fi + +# function to delete emails +delete_emails() { + local u="$1" d="$2" a="$3" + local maildir="/home/$u/mail/$d/$a" + + [[ ! -d "$maildir" ]] && return + + echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime" + + # build find predicates + if [[ "$scope" == "all" ]]; then + folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" ) + else + folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" ) + fi + + # assemble and run find + if [[ "$mtime" == "all" ]]; then + find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null + else + find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null + fi +} + +# collect users +if [[ "$user" == "all" ]]; then + users=$(v-list-users plain | awk '{print $1}') +else + users="$user" +fi + +# iterate through users, domains, accounts +for u in $users; do + if [[ "$domain" == "all" ]]; then + domains=$(v-list-mail-domains "$u" plain | awk '{print $1}') + else + domains="$domain" + fi + + for d in $domains; do + if [[ "$account" == "all" ]]; then + accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}') + else + accounts="$account" + fi + + for a in $accounts; do + delete_emails "$u" "$d" "$a" + done + done +done + +# restart dovecot to refresh mailbox state +systemctl restart dovecot + +# log the action (status first, then message) +log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account" + +exit 0 diff --git a/bin/v-delete-user b/bin/v-delete-user index c452f0a0..cdf809eb 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,6 +94,9 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user +if [ -d "/hdd/home/$user" ]; then + rm -rf /hdd/home/$user +fi rm -f /var/spool/mail/$user rm -f /var/spool/cron/$user rm -f /var/spool/cron/crontabs/$user diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 75399766..e64dd9a7 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -62,36 +62,24 @@ if [ -f "$fpmconf" ]; then rm $fpmconf echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log fi -fpmconf="/etc/php/5.6/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.0/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.1/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.2/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.3/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.4/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi + +for PHPV in /etc/php/*; do + if [ -d "${PHPV}" ]; then + # PHPVER=$(basename ${PHPV}) + POOLD="${PHPV}/fpm/pool.d" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + POOLD="${PHPV}/fpm/pool.d-ioncube" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + fi +done # Deleting domain from web.conf sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf @@ -142,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error* # Deleting directory rm -rf $HOMEDIR/$user/web/$domain +if [ -d "/hdd/home/$user/web/$domain" ]; then + rm -rf /hdd/home/$user/web/$domain +fi #----------------------------------------------------------# diff --git a/bin/v-delete-web-domain-ssl b/bin/v-delete-web-domain-ssl index 05e8c940..30272928 100755 --- a/bin/v-delete-web-domain-ssl +++ b/bin/v-delete-web-domain-ssl @@ -57,8 +57,14 @@ fi # Deleting old certificate tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d) -rm -f $HOMEDIR/$user/conf/web/ssl.$domain.* -mv $USER_DATA/ssl/$domain.* $tmpdir +rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca +rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt +rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key +rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem +mv $USER_DATA/ssl/$domain.ca $tmpdir +mv $USER_DATA/ssl/$domain.crt $tmpdir +mv $USER_DATA/ssl/$domain.key $tmpdir +mv $USER_DATA/ssl/$domain.pem $tmpdir chown -R $user:$user $tmpdir diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files new file mode 100644 index 00000000..ce72c0c4 --- /dev/null +++ b/bin/v-delete-wordpress-uploads-php-files @@ -0,0 +1,64 @@ +#!/bin/bash +# info: delete PHP files from WordPress uploads folder +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 + +files=$(find wp-content/uploads/ -type f -name "*.php") + +if [ -z "$files" ]; then + echo "= No PHP files found in WordPress uploads folder." + exit 0; +fi + +echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :" +echo "-------------------------------------" +echo "$files" +echo "-------------------------------------" + +read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty +if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" +fi + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All PHP files moved to quarantine." + echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN" +else + echo "= No PHP files found in WordPress uploads folder." +fi + +exit 0; \ No newline at end of file diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress new file mode 100644 index 00000000..51ee217e --- /dev/null +++ b/bin/v-desinfect-wordpress @@ -0,0 +1,86 @@ +#!/bin/bash +# info: disinfect a WordPress site with several maintenance commands +# options: DOMAIN + +# -------------------------------------------------------- # +# variables and checks # +# -------------------------------------------------------- # + +if [ "$(whoami)" != "root" ]; then + echo "You must be root to run this command." + exit 1 +fi + +# make sure all Vesta helper scripts are reachable +export PATH="/usr/local/vesta/bin:$PATH" +source /etc/profile + +domain="$1" +if [ -z "$domain" ]; then + echo "Usage: v-desinfect-wp DOMAIN" + exit 1 +fi + +user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") +if [ -z "$user" ]; then + echo "Domain $domain does not exist." + exit 1 +fi + +if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then + echo "= WordFence CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wordfence-cli +fi + +# absolute paths to maintenance scripts, in desired order +declare -a tasks=( + "/usr/local/vesta/bin/v-change-database-password-for-wordpress" + "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" + "/usr/local/vesta/bin/v-fix-wordpress-core" + "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" + "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files" + "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" + "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" +) + +# -------------------------------------------------------- # +# execution strategy # +# -------------------------------------------------------- # + +echo +read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty + +if [[ "$run_all" =~ ^[Yy]$ ]]; then + echo "Running all maintenance steps for $domain" + automatic=true +else + echo + echo "Selective mode. You will be asked for each step." + automatic=false +fi + +for cmd in "${tasks[@]}"; do + if [ ! -x "$cmd" ]; then + echo "Command $cmd not found or not executable, skipping." + continue + fi + + if [ "$automatic" = false ]; then + while true; do + read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty + case "$yn" in + [Yy]* ) break ;; + [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;; + * ) echo "Please answer y or n." ;; + esac + done + fi + + echo + echo "=== $(basename "$cmd") $domain ===" + "$cmd" "$domain" +done + +echo +echo "Done." +exit 0 diff --git a/bin/v-df-snapshot-diff b/bin/v-df-snapshot-diff new file mode 100644 index 00000000..ee427bd2 --- /dev/null +++ b/bin/v-df-snapshot-diff @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Make a diff between two snapshots of the disk usage +# options: FILE1 FILE2 + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Let's declare three associative arrays +declare -A FILE1 +declare -A FILE2 +declare -A FILED + +file1=$1 +file2=$2 + +if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then + file1="/usr/local/vesta/data/df/$file1" +fi + +if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then + file2="/usr/local/vesta/data/df/$file2" +fi + +if [ ! -f "$file1" ]; then + echo "File $file1 not found" + exit 1 +fi + +if [ ! -f "$file2" ]; then + echo "File $file2 not found" + exit 1 +fi + +timestamp=$(date +%Y-%m-%d-%H-%M-%S) +mkdir -p /usr/local/vesta/data/df-diff +file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt" +file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt" +file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt" +touch $file0 + +# Let's load the first file and fill the array FILE1 +while IFS=$'\t' read SIZE DIRECTORY; do + # Skip blank lines or lines that are not in the correct format + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + # Insert values into the array + FILE1["$DIRECTORY"]="$SIZE" +done < "$file1" + +# Let's load the second file and fill the array FILE2 +while IFS=$'\t' read SIZE DIRECTORY; do + # Skip blank lines or lines that are not in the correct format + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + # Insert values into the array + FILE2["$DIRECTORY"]="$SIZE" +done < "$file2" + +# We iterate through FILE1 and look for the matching key in FILE2 +for k in "${!FILE1[@]}"; do + if [[ -v FILE2["$k"] ]]; then + # If there is the same folder (KEY) in FILE2 + DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} )) + FILED["$k"]=$DIFF + echo -e "${DIFF}\t${k}" >> $file0 + else + # If the folder (KEY) is not found in FILE2 + FILED["$k"]=${FILE1["$k"]} + echo -e "${FILE1["$k"]}\t${k}" >> $file0 + fi +done + +# sorted by size +sort -nr -k1,1 $file0 > $file0s + +# sorted by folders +while IFS=$'\t' read SIZE DIRECTORY; do + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f +done < "$file2" + +chmod 600 $file0 $file0s $file0f +chown root:root $file0 $file0s $file0f + +echo "Done." +echo "You can do:" +echo "mcview $file0" +echo "mcview $file0s" +echo "mcview $file0f" +echo "--------------------------------" +echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):" +head -n 30 $file0s +echo "--------------------------------" +echo "Here is the first 30 lines of the diff, sorted by folders (in MB):" +head -n 30 $file0f +echo "--------------------------------" + +exit 0 diff --git a/bin/v-df-snapshot-logs-cleaner b/bin/v-df-snapshot-logs-cleaner new file mode 100644 index 00000000..63275034 --- /dev/null +++ b/bin/v-df-snapshot-logs-cleaner @@ -0,0 +1,11 @@ +#!/bin/bash +# info: Clean up old snapshots of the disk usage +# options: NONE + +folder="/usr/local/vesta/data/df" +mkdir -p $folder +find $folder -type f -mtime +30 -delete + +folder="/usr/local/vesta/data/df-diff" +mkdir -p $folder +find $folder -type f -mtime +30 -delete diff --git a/bin/v-df-snapshot-make b/bin/v-df-snapshot-make new file mode 100644 index 00000000..985aab15 --- /dev/null +++ b/bin/v-df-snapshot-make @@ -0,0 +1,52 @@ +#!/bin/bash +# info: Make a snapshot of the disk usage +# options: NONE + +folder="/usr/local/vesta/data/df" + +mkdir -p $folder +timestamp=$(date +%Y-%m-%d-%H-%M-%S) + +du --max-depth=1 -m -x / > $folder/snapshot-$timestamp.txt + +du --max-depth=6 -m -x /home > $folder/snapshot-temp.txt +for i in {2..7}; do + while IFS= read -r line; do + count=0 + for (( j=0; j<${#line}; j++ )); do + if [[ ${line:j:1} == "/" ]]; then + ((count++)) + fi + done + if [ $count -eq $i ]; then + printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt + fi + done < $folder/snapshot-temp.txt +done +rm $folder/snapshot-temp.txt + +if [ -d "/hdd" ]; then + du --max-depth=7 -m -x /hdd > $folder/snapshot-temp.txt + for i in {1..8}; do + while IFS= read -r line; do + count=0 + for (( j=0; j<${#line}; j++ )); do + if [[ ${line:j:1} == "/" ]]; then + ((count++)) + fi + done + if [ $count -eq $i ]; then + printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt + fi + done < $folder/snapshot-temp.txt + done + rm $folder/snapshot-temp.txt +fi + +du --max-depth=1 -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -m -x /var/log >> $folder/snapshot-$timestamp.txt + +chmod 600 $folder/snapshot-$timestamp.txt +chown root:root $folder/snapshot-$timestamp.txt + +exit 0 diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini new file mode 100644 index 00000000..9eadfcee --- /dev/null +++ b/bin/v-edit-domain-php-ini @@ -0,0 +1,90 @@ +#!/bin/bash +# info: Edit php.ini for certain domain +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain) + +if [ -z "$fpm_ver" ]; then + echo "PHP version for domain $domain could not be determined." + exit 1 +fi + +config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf" + +if command -v mcedit >/dev/null; then + mcedit "$config_file" +else + nano "$config_file" +fi + +echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" +systemctl restart php${fpm_ver}-fpm +if [ $? -ne 0 ]; then + systemctl status php${fpm_ver}-fpm + echo "=========================" + echo "" + echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" + exit $E_RESTART; +else + echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." +fi +echo "" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini new file mode 100644 index 00000000..0155e6bb --- /dev/null +++ b/bin/v-edit-php-ini @@ -0,0 +1,70 @@ +#!/bin/bash +# info: Edit php.ini for a specific PHP version + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# List available PHP versions and store them into an array +mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php) + +echo "Available PHP versions:" +PS3="Please select the PHP version you want to edit php.ini for: " + +select php_version in "${php_versions[@]}"; do + if [[ -n $php_version ]]; then + break + else + echo "Invalid choice. Please try again." + fi +done + +# Define path to the php.ini file +php_ini_path="/etc/php/${php_version}/fpm/php.ini" + +# Check if php.ini exists for the selected version +if [[ ! -f "$php_ini_path" ]]; then + echo "The php.ini file for the selected PHP version ($php_version) does not exist." + exit 1 +fi + +# Determine the text editor to use +if command -v mcedit >/dev/null 2>&1; then + editor_cmd="mcedit" +elif command -v nano >/dev/null 2>&1; then + editor_cmd="nano" +else + echo "No supported text editor found. Please install 'mcedit' or 'nano'." + exit 1 +fi + +# Open php.ini for the chosen PHP version in the selected editor +echo "Opening $php_ini_path in editor $editor_cmd..." +$editor_cmd "$php_ini_path" + +# Restart the PHP-FPM service for the selected version +echo "Restarting the PHP-FPM service for PHP version $php_version..." +systemctl restart php${php_version}-fpm +if [ $? -ne 0 ]; then + systemctl status php${php_version}-fpm + echo "=========================" + echo "" + echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" + exit $E_RESTART; +else + echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." +fi + +#----------------------------------------------------------# +# Exit # +#----------------------------------------------------------# + +exit 0; diff --git a/bin/v-ensure-poold-folders-not-empty b/bin/v-ensure-poold-folders-not-empty new file mode 100644 index 00000000..cb89765f --- /dev/null +++ b/bin/v-ensure-poold-folders-not-empty @@ -0,0 +1,31 @@ +#!/bin/bash +# info: ensure that pool.d folders are not empty +# options: +# +# The function ensure that pool.d folders are not empty + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +ensure_poold_folders_not_empty + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-extract-fs-archive b/bin/v-extract-fs-archive index ec70baba..1ea608af 100755 --- a/bin/v-extract-fs-archive +++ b/bin/v-extract-fs-archive @@ -82,7 +82,7 @@ fi # Extracting ziped archive if [ ! -z "$(echo $src_file |grep -i '.zip')" ]; then sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1 - sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1 + sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1 rc=$? fi diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions new file mode 100644 index 00000000..3bce868f --- /dev/null +++ b/bin/v-fix-php-ini-disable-functions @@ -0,0 +1,35 @@ +#!/bin/bash + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1; +fi + +if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi; + +echo "=== Fixing php.ini files to have the correct disable_functions line" + +export NOTFOUNDVAL="exec,system,passthru,shell_exec" +export LINEBEGINSWITH="disable_functions =" +export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" + +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ + +export NOTFOUNDVAL2="^$LINEBEGINSWITH" +export REMOVELINETHATCONTAINS=$LINEBEGINSWITH + +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ + +if [ -f "/tmp/patched" ]; then + rm /tmp/patched + + echo "== Restarting all PHP-FPM services" + systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart + + echo "=== Everything done." +else + echo "=== Everything is already correct." +fi + +exit 0; diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions new file mode 100644 index 00000000..47690477 --- /dev/null +++ b/bin/v-fix-user-permissions @@ -0,0 +1,62 @@ +#!/bin/bash + +# info: +# This script will fix files permissions for desired user (if ownership is lost or files have wrong chmod) + +# options: user + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ] && [ "$whoami" != "admin" ] ; then + echo "You must be root or admin to execute this script"; + exit 1; +fi + +# Argument definition +user=$1 + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'USER' +is_format_valid 'user' +is_object_valid 'user' 'USER' "$user" + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +find /home/$user/conf/mail/ -type d -exec chown Debian-exim:mail {} \; +find /home/$user/conf/mail/*/ -type f -exec chown Debian-exim:mail {} \; +find /home/$user/conf/mail/*/ -name "passwd" -type f -exec chown dovecot:mail {} \; + +find /home/$user/mail/ -type d -exec chown $user:mail {} \; +find /home/$user/mail/*/ -type d -exec chown $user:mail {} \; +find /home/$user/mail/*/ -type f -exec chown $user:mail {} \; +find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \; +find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \; +find /home/$user/mail/*/ -type f -exec chmod u+rw {} \; +find /home/$user/mail/*/ -type f -exec chmod g+rw {} \; +find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; + +find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; +find /home/$user/conf/ -type d -exec chown root:root {} \; + +for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" +done + +echo "Done, permissions fixed for user: $user" + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions new file mode 100644 index 00000000..50b143c8 --- /dev/null +++ b/bin/v-fix-website-permissions @@ -0,0 +1,161 @@ +#!/bin/bash +# info: Fixing chown and chmod permissions for a website +# options: DOMAIN [USER] + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/conf/vesta.conf + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "Error: Folder /home/$user doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Going to domain directory +cd /home/$USER/web/$domain + +# Ownership check +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + +echo "Updating permissions and ownership for /home/$USER/web/$domain/" + +php_chmod_allowed=1 +if [ -f "/home/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi + +# === General files and directories permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + # New way of fixing permissions + # Fixing permissions + find public_html/ -type d ! -perm 755 -exec chmod 755 {} + + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + + + # Fixing ownership + find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +else + # Old way of fixing permissions + # Fixing permissions + find public_html/ -type d ! -perm 755 -exec chmod 755 {} + + find public_html/ -type f ! -perm 644 -exec chmod 644 {} + + + # Fixing ownership + find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + + find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} + +fi + +# === PHP and .env permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + php_chmod="600" + + if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" + fi + + if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) + fi + if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) + fi + if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) + fi + if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) + fi + + # Setting chmod 600 for all .php and .env files + echo "= Setting chmod $php_chmod for all .php and .env files" + # Fixing permissions + find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + + # Fixing ownership + find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +fi + +# === Symlinks ownership === +symlink_chown_allowed=1 +if [ -f "/home/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi + +if [ "$symlink_chown_allowed" -eq 1 ]; then + find -type l ! -user $USER -exec chown -h $USER:$USER {} + +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# +echo "Permissions for $domain have been successfully updated." + +exit 0 diff --git a/bin/v-fix-website-permissions-for-all-websites b/bin/v-fix-website-permissions-for-all-websites new file mode 100644 index 00000000..9b1501bd --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites @@ -0,0 +1,41 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-website-permissions-for-all-websites-only-php b/bin/v-fix-website-permissions-for-all-websites-only-php new file mode 100644 index 00000000..a89d2416 --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites-only-php @@ -0,0 +1,44 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log +truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1 + echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-website-permissions-only-php b/bin/v-fix-website-permissions-only-php new file mode 100644 index 00000000..cf548e6b --- /dev/null +++ b/bin/v-fix-website-permissions-only-php @@ -0,0 +1,121 @@ +#!/bin/bash +# info: Fixing PHP and .env permissions and ownership for a website +# options: DOMAIN [USER] + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/conf/vesta.conf + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "Error: Folder /home/$user doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Going to domain directory +cd /home/$USER/web/$domain + +# Ownership check +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + +echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/" + +php_chmod_allowed=1 +if [ -f "/home/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi + +# === PHP and .env permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + php_chmod="600" + + if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" + fi + + if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) + fi + if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) + fi + if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) + fi + if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) + fi + + # Setting chmod 600 for all .php and .env files + echo "= Setting chmod $php_chmod for all .php and .env files" + # Fixing permissions + find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + + # Fixing ownership + find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# +echo "PHP and .env permissions and ownership for $domain have been successfully updated." + +exit 0 diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core new file mode 100644 index 00000000..2bcd6c34 --- /dev/null +++ b/bin/v-fix-wordpress-core @@ -0,0 +1,115 @@ +#!/bin/bash +# info: fix compromised wp-admin and wp-includes +# options: DOMAIN [CACHE_DIR] +# +# Replaces wp-admin and wp-includes with clean copies that match +# the WordPress core version detected on the site. +# +# Example: +# v-fix-wp-core example.com +# v-fix-wp-core example.com /srv/wp-cache + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Arguments +DOMAIN="$1" +CACHE_DIR="${2-/srv/wp-cache}" # default cache location + +QUARANTINE_DIR="/srv/wp-quarantine" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# +check_args '1' "$#" 'DOMAIN [CACHE_DIR]' +is_format_valid 'domain' + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace +trap 'rm -rf "$TMP_DIR"' EXIT + +# 1etermine WP version +if [ -z "$PHP" ]; then + WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +else + WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +fi + +check_result $? "cannot detect WP version" > /dev/null +if [ -z "$WP_VERSION" ]; then + check_result 1 "empty WP version string" +fi +echo "Detected WordPress version $WP_VERSION" + +# 2ind site owner and path +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +check_result $? "cannot find domain owner" > /dev/null +SITE_PATH="/home/$USER/web/$DOMAIN/public_html" +if [ ! -d "$SITE_PATH" ]; then + check_result 1 "site path $SITE_PATH does not exist" +fi + +# ensure cached core is present +CACHE_PATH="$CACHE_DIR/$WP_VERSION" +if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then + echo "Cache for $WP_VERSION missing, downloading ZIP..." + + mkdir -p "$CACHE_PATH" + ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip" + ZIP_FILE="$TMP_DIR/wp.zip" + + curl -fSL "$ZIP_URL" -o "$ZIP_FILE" + check_result $? "download failed" > /dev/null + + unzip -q "$ZIP_FILE" -d "$TMP_DIR" + check_result $? "unzip failed" > /dev/null + + mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" + mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" + cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/" +fi + +# backup current core folders +TIMESTAMP="$(date +%Y%m%d%H%M%S)" +BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP" +mkdir -p "$BACKUP_DIR" +mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" +mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" + +for f in "$SITE_PATH"/*.php; do + [[ $(basename "$f") == "wp-config.php" ]] && continue + mv "$f" "$BACKUP_DIR/" +done +if [ -f "$SITE_PATH/.user.ini" ]; then + mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/" +fi + +# chown -R www-data:www-data "$BACKUP_DIR" +check_result $? "backup failed" > /dev/null +echo "Old core folders moved to $BACKUP_DIR" + +# deploy clean core +rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" +rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" +check_result $? "rsync failed" > /dev/null + +for corephp in "$CACHE_PATH"/*.php; do + base=$(basename "$corephp") + [ "$base" = "wp-config.php" ] && continue + rsync -a "$corephp" "$SITE_PATH/$base" +done + +# fix permissions +SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN +# chown -R www-data:www-data "$BACKUP_DIR" + +echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" +exit diff --git a/bin/v-get-database-credentials-of-domain b/bin/v-get-database-credentials-of-domain index 60164226..cb5729b0 100644 --- a/bin/v-get-database-credentials-of-domain +++ b/bin/v-get-database-credentials-of-domain @@ -46,11 +46,12 @@ fi # Action # #----------------------------------------------------------# -SITE_FOLDER="/home/$USER/web/$DOMAIN/public_html" +PUBLIC_HTML='public_html'; CHECK_PUBLIC_SHTML=$(/usr/local/vesta/bin/v-list-web-domain "$USER" "$DOMAIN" | grep 'SSL:' | grep -c 'single') if [ $CHECK_PUBLIC_SHTML -eq 1 ]; then - SITE_FOLDER="/home/$USER/web/$DOMAIN/public_shtml" + PUBLIC_HTML='public_shtml'; fi +SITE_FOLDER="/home/$USER/web/$DOMAIN/$PUBLIC_HTML" if [ ! -z "$SUBFOLDER" ]; then SITE_FOLDER="${SITE_FOLDER}/${SUBFOLDER}" @@ -68,11 +69,22 @@ if [ -f "$SITE_FOLDER/configuration.php" ]; then CONFIG_FILE="configuration.php" CONFIG_FILE_FULL_PATH="$SITE_FOLDER/$CONFIG_FILE" fi +if [ -f "$SITE_FOLDER/system/engine/model.php" ]; then + check_grep=$(grep -c 'OpenCart' $SITE_FOLDER/system/engine/model.php) + if [ "$check_grep" -gt 0 ]; then + CMS_TYPE='opencart' + CONFIG_FILE="$PUBLIC_HTML/config.php" + SUBFOLDER='..' + SITE_FOLDER="${SITE_FOLDER}/.." + CONFIG_FILE_FULL_PATH="$SITE_FOLDER/$CONFIG_FILE" + fi +fi if [ "$CMS_TYPE" = "wordpress" ]; then CONFIG_FILE_FULL_PATH_BACKUP="${CONFIG_FILE_FULL_PATH}_backup" cp $CONFIG_FILE_FULL_PATH $CONFIG_FILE_FULL_PATH_BACKUP sed -i "s|//.*$||g" $CONFIG_FILE_FULL_PATH_BACKUP + sed -i "s|\"|'|g" $CONFIG_FILE_FULL_PATH_BACKUP sed -i "s|('|( '|g" $CONFIG_FILE_FULL_PATH_BACKUP sed -i "s|');|' );|g" $CONFIG_FILE_FULL_PATH_BACKUP DATABASE_NAME=$(grep 'DB_NAME' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//") @@ -97,6 +109,20 @@ if [ "$CMS_TYPE" = "joomla" ]; then rm $CONFIG_FILE_FULL_PATH_BACKUP fi +if [ "$CMS_TYPE" = "opencart" ]; then + CONFIG_FILE_FULL_PATH_BACKUP="${CONFIG_FILE_FULL_PATH}_backup" + cp $CONFIG_FILE_FULL_PATH $CONFIG_FILE_FULL_PATH_BACKUP + sed -i "s|//.*$||g" $CONFIG_FILE_FULL_PATH_BACKUP + sed -i "s|('|( '|g" $CONFIG_FILE_FULL_PATH_BACKUP + sed -i "s|');|' );|g" $CONFIG_FILE_FULL_PATH_BACKUP + DATABASE_NAME=$(grep 'DB_DATABASE' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//") + DATABASE_USERNAME=$(grep 'DB_USERNAME' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//") + DATABASE_PASSWORD=$(grep 'DB_PASSWORD' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//") + DATABASE_HOSTNAME=$(grep 'DB_HOST' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//") + rm $CONFIG_FILE_FULL_PATH_BACKUP +fi + + if [ ! -z "$DATABASE_NAME" ]; then DATABASE_NAME_WITHOUT_USER_PREFIX=$(get_database_name_without_user_prefix "$USER" "$DATABASE_NAME") fi @@ -134,9 +160,17 @@ echo "CMS_TYPE=$CMS_TYPE" SITE_FOLDER=$(escape_shell_quote $SITE_FOLDER) echo "SITE_FOLDER=$SITE_FOLDER" +SUBFOLDER=$(escape_shell_quote $SUBFOLDER) +echo "SITE_SUBFOLDER=$SUBFOLDER" + USER=$(escape_shell_quote $USER) echo "SITE_USER=$USER" +if [ "$CMS_TYPE" = "'opencart'" ]; then + echo "SEARCH_FOR_CONFIGS_DATABASE_NAME=1" + echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME=1" +fi + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-get-dns-config b/bin/v-get-dns-config new file mode 100644 index 00000000..d759c489 --- /dev/null +++ b/bin/v-get-dns-config @@ -0,0 +1,70 @@ +#!/bin/bash +# info: Get domain DNS config.db file content +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DNS_FILE="/home/$user/conf/dns/$domain.db" + +if [ -f "$DNS_FILE" ]; then + cat "$DNS_FILE" +else + echo "DNS configuration file for $domain does not exist." + exit 1 +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; diff --git a/bin/v-get-php-version-of-domain b/bin/v-get-php-version-of-domain new file mode 100644 index 00000000..c87b4e4c --- /dev/null +++ b/bin/v-get-php-version-of-domain @@ -0,0 +1,72 @@ +#!/bin/bash +# info: Check PHP version used for certain domain +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +TPL=$(/usr/local/vesta/bin/v-list-web-domain $user $domain shell | grep 'TEMPLATE:' | awk '{print $2}') +if [[ $TPL == "PHP-FPM-"* ]]; then + fpm_tpl_ver=${TPL:8:2} + fpm_ver="${TPL:8:1}.${TPL:9:1}" + echo "$fpm_ver" + exit 0; +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 1; diff --git a/bin/v-grep b/bin/v-grep new file mode 100644 index 00000000..9ea821e5 --- /dev/null +++ b/bin/v-grep @@ -0,0 +1,27 @@ +#!/bin/bash +# info: calling myvesta_grep PHP function +# options: PARAMETERS +# +# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression) + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + shift; + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@" + exit $? + fi +fi + +if [ "$1" == "--stdin" ]; then + shift; + php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@" +else + php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" +fi +exit $? diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index fc3c7352..43e8c3bf 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -7,7 +7,6 @@ # This script can import databases and database users and password, # Import domains, subdomains and website files # This script import also mail accounts and mails into accounts if previous cpanel run dovecot -# Mail password not are restored this was reset by new one. ########### # If you need restore main database user read line 160 or above ########### @@ -156,8 +155,17 @@ for sk_dbr in $sk_db_list grep -w $sk_dbr server_dbs if [ $? == "1" ]; then echo " Create and restore ${sk_dbr} " + sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create + sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create + fi mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql + sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql + fi mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" @@ -253,6 +261,11 @@ rm -f sk_sds2 sk_sds ################## # mail + +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + tput setaf 2 echo "Start Restoring Mails" tput sgr0 @@ -262,19 +275,29 @@ cd $sk_mdir for sk_maild in $(ls -1) do if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp" ]]; then - if [ -d "$sk_maild" ]; then - for sk_mail_account in $(ls $sk_maild/) - do - - echo "Create and restore mail account: $sk_mail_account@$sk_maild" - sk_mail_pass1=$(generate_password) - /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 - mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} - chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} - find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete - echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} - done - fi + if [ -d "$sk_maild" ]; then + for sk_mail_account in $(ls $sk_maild/) + do + echo "Create and restore mail account: $sk_mail_account@$sk_maild" + sk_mail_pass1=$(generate_password) + /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 + mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} + chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} + find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete + if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then + echo "Set password for ${sk_mail_account}@${sk_maild}" + pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') + newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" + newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" + escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') + escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') + sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd + sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf + else + echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} + fi + done + fi #else # this only detect default dirs account new, cur, tmp etc # maybe can do something with this, but on most cpanel default account have only spam. @@ -351,7 +374,9 @@ tput setaf 4 echo "##############################" echo "cPanel Backup restored" echo "Review your content and report any fail" -echo "I reset mail password not posible restore it yet." -echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +if [ -f "/root/sk_mail_password_${sk_cp_user}-${sk_cod}" ]; then + echo "I reset mail password not posible restore it yet." + echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +fi echo "##############################" tput sgr0 diff --git a/bin/v-insert-dns-domain b/bin/v-insert-dns-domain index b767b576..9e6874df 100755 --- a/bin/v-insert-dns-domain +++ b/bin/v-insert-dns-domain @@ -50,7 +50,7 @@ if [ "$flush" = 'records' ]; then fi # Flush domain -if [ "$flush" ! = 'no' ]; then +if [ "$flush" != 'no' ]; then sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null fi diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index 6b0e7c4a..9ac2f188 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,6 +52,12 @@ fi # Action # #----------------------------------------------------------# +if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then + /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" +fi + +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + email="info@$domain" TMPLOC="/home/$user/tmp/$domain" @@ -62,8 +68,13 @@ mkdir $TMPLOC # Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" $TMPLOC/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:) +if [ "$release" -lt 12 ]; then + key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:) +else + key_start=$(grep -n "BEGIN PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:) +fi # Adding SSL certificate cd $TMPLOC diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli new file mode 100644 index 00000000..fc6ca0b5 --- /dev/null +++ b/bin/v-install-wordfence-cli @@ -0,0 +1,37 @@ +#!/bin/bash +# info: Script for installing WordFence CLI +# options: NONE + +if ! command -v git &> /dev/null; then + echo "= Git is not installed. Installing..." + apt-get update > /dev/null 2>&1 + apt-get install -y git +fi + +cd /root + +if [ ! -d "myvesta-wordfence-cli" ]; then + git clone https://github.com/isscbta/myvesta-wordfence-cli.git + cd ~/myvesta-wordfence-cli/ +else + cd ~/myvesta-wordfence-cli/ + git pull +fi + +echo "" +echo "----------------------------------------------------------------" +echo "" +echo "Which Docker container do you want to install for WordFence CLI?" +echo "1. WordFence CLI official Docker container" +echo "2. WordFence CLI Docker container maintained by myVesta" +read -r -p "Enter your choice: " choice < /dev/tty + +if [ "$choice" == "1" ]; then + bash wf-cli-install.sh +fi + +if [ "$choice" == "2" ]; then + bash wf-cli-install-our-image.sh +fi + +exit 0; diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 8e60dc6f..25e38f3e 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -1,6 +1,6 @@ #!/bin/bash # info: WordPress installer in one command line -# options: DOMAIN USER +# options: DOMAIN [DB_NAME] [EMAIL] # # Credits to Luka Paunović for wp-cli implememtation @@ -14,30 +14,28 @@ if [ "$whoami" != "root" ]; then exit 1 fi +# Importing system environment +source /etc/profile + # Argument definition domain=$1 -database="wp"; -if [ $# -gt 1 ]; then - database=$2 -fi - -email="info@$domain"; -if [ $# -gt 2 ]; then - email=$3 -fi - user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -if [ -z "$user" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - -# Importing system environment -source /etc/profile +USER=$user # Includes source /usr/local/vesta/func/main.sh source /usr/local/vesta/func/db.sh +source /usr/local/vesta/conf/vesta.conf + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +if [[ $(is_package_full 'DATABASES') = *reached* ]]; then + echo "Database limit is reached. Delete database or upgrade user package." + exit +fi #----------------------------------------------------------# # Verifications # @@ -48,13 +46,37 @@ is_format_valid 'domain' 'database' 'email' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" +# take --parameters +source /usr/local/vesta/func/handle_parameters.sh + +if [ -z "$database" ]; then + if [ ! -z "$MAX_DBUSER_LEN" ] && [ "$MAX_DBUSER_LEN" -ge 80 ]; then + database=$(echo "$domain" | sed 's#\.#_#g') + else + database="wp" + fi +fi + +# Convert domain to IDN if available +if command -v idn2 >/dev/null 2>&1; then + database=$(idn2 "$database") + idn_domain=$(idn2 "$domain") +elif command -v idn >/dev/null 2>&1; then + database=$(idn "$database") + idn_domain=$(idn "$domain") +fi + +if [ -z "$email" ]; then + email="info@$idn_domain"; +fi + if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; + echo "= Error: Folder /home/$user doesn't exist"; exit 1; fi if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; + echo "= Error: Folder /home/$user/web/$domain/public_html doesn't exist"; exit 1; fi @@ -82,46 +104,73 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1) # Action # #----------------------------------------------------------# -PROTOCOL='http' +PROTOCOL='https' + if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then + echo "== Trying to install LetsEncrypt for domain $domain" /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" fi -if [ -f "/home/$user/conf/web/ssl.$domain.ca" ]; then - PROTOCOL='https' - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ]; then - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" +if [ ! -z "$FORCE_HTTP" ]; then + # Switch to http:// only if --FORCE_HTTP parameter is set + echo "== Force http://" + PROTOCOL='http' +fi + +TPL_CHANGED=0; + +if [ "$WEB_SYSTEM" != 'nginx' ]; then + if [ "$PROTOCOL" = "https" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi + fi + if [ "$PROTOCOL" = "http" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi fi fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" -if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp -fi - WORKINGDIR="/home/$user/web/$domain/public_html" rm -rf $WORKINGDIR/* cd $WORKINGDIR -sudo -H -u$user wp core download -sudo -H -u$user wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB +/usr/local/vesta/bin/v-run-wp-cli $domain core download +if [ ! -f "$WORKINGDIR/index.php" ]; then + echo "= WordPress installation failed: WordPress core download failed." + exit 1; +fi + +/usr/local/vesta/bin/v-run-wp-cli $domain core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB +if [ ! -f "$WORKINGDIR/wp-config.php" ]; then + echo "= WordPress installation failed: WordPress core config failed, wp-config.php not found." + exit 1; +fi password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12) -sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="admin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR +wpadmin=$(echo "$domain" | sed 's#\.#_#g')_4dm1n + +/usr/local/vesta/bin/v-run-wp-cli $domain core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" echo "=================================================================" -echo "Installation is complete. Your username/password is listed below." +echo "Your WordPress installation is complete." echo "" -echo "Site: $PROTOCOL://$domain/" +echo "Website URL: $PROTOCOL://$domain/" echo "" -echo "Login: $PROTOCOL://$domain/wp-admin/" -echo "Username: admin" +echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/" +echo "Username: $wpadmin" echo "Password: $password" echo "" echo "=================================================================" diff --git a/bin/v-install-wp-cli b/bin/v-install-wp-cli new file mode 100644 index 00000000..17df71e8 --- /dev/null +++ b/bin/v-install-wp-cli @@ -0,0 +1,27 @@ +#!/bin/bash +# info: Download WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +echo "= Installing WP CLI by downloading phar file..." +wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp +chmod +x /usr/local/bin/wp + +if [ -f "/usr/local/bin/wp" ]; then + echo "= WP CLI installed successfully." + echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND" + exit 0; +else + echo "= WP CLI installation failed." + echo "= Please install it manually." + exit 1; +fi diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta new file mode 100644 index 00000000..b65479f6 --- /dev/null +++ b/bin/v-install-wp-cli-myvesta @@ -0,0 +1,79 @@ +#!/bin/bash +# info: Download myVesta WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +if [ ! -f "/usr/local/bin/composer" ]; then + echo "= Composer is not installed. Installing..." + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + php -r "unlink('composer-setup.php');" + echo "= Composer installed successfully." +fi + +if [ -d "/usr/local/bin/wp-cli" ]; then + echo "= Removing old myVesta WP CLI..." + rm -rf /usr/local/bin/wp-cli +fi + +echo "= Installing myVesta WP CLI..." + +cd /usr/local/bin +git clone https://github.com/wp-cli/wp-cli.git + +chown -R www-data:www-data wp-cli + +ver_ge() { + # usage: ver_ge 7.2 5.6 --> returns true if $1 is greater than or equal to $2 + [ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ] +} + +current_php_version=$(readlink -f /usr/bin/php | grep -oP 'php\K[0-9]+\.[0-9]+') + +php_versions=$(/usr/local/vesta/bin/v-list-php) +for php_version in $php_versions; do + if ver_ge "$php_version" "7.2"; then + oldest_allowed_php_version=$php_version + break + fi +done + +echo "= Setting PHP version to $oldest_allowed_php_version" +update-alternatives --set php /usr/bin/php$oldest_allowed_php_version + +cd wp-cli/ +sudo -H -u www-data composer install + +echo "= Installing search-replace-command package..." +sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command + +echo "= Setting PHP version to $current_php_version" +update-alternatives --set php /usr/bin/php$current_php_version + +# Fix terminal columns issue for WP CLI +echo "= Fixing terminal columns issue for WP CLI..." +/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' + +echo "" + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= myVesta WP CLI installed successfully." + echo "= Usage: v-run-wp-cli-myvesta DOMAIN WP_CLI_COMMAND" + exit 0; +else + echo "= myVesta WP CLI installation failed." + echo "= Please install it manually." + exit 1; +fi diff --git a/bin/v-list-php b/bin/v-list-php new file mode 100644 index 00000000..846e40de --- /dev/null +++ b/bin/v-list-php @@ -0,0 +1,76 @@ +#!/bin/bash +# info: list of installed php versions +# options: [FORMAT] +# +# The function for obtaining the list of installed PHP versions. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + counter=$(echo "$phpversions" | wc -l) + i=1 + echo '[' + for phpversion in $phpversions; do + if [ "$i" -lt "$counter" ]; then + echo -e "\t\"$phpversion\"," + else + echo -e "\t\"$phpversion\"" + fi + (( ++i)) + done + echo "]" +} + +# shell list function +shell_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# PLAIN list function +plain_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# CSV list function +csv_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Obtaining the list of installed PHP-FPM versions +phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort) + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-php-apache b/bin/v-list-php-apache new file mode 100644 index 00000000..e2e431b1 --- /dev/null +++ b/bin/v-list-php-apache @@ -0,0 +1,91 @@ +#!/bin/bash +# info: list of installed php versions that have Apache template. +# options: [FORMAT] +# +# The function obtains the list of installed PHP versions that have Apache template. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + counter=$(echo "$phpversions" | wc -l) + i=1 + echo '[' + for phpversion in $phpversions; do + if [ "$i" -lt "$counter" ]; then + echo -e "\t\"$phpversion\"," + else + echo -e "\t\"$phpversion\"" + fi + (( ++i)) + done + echo "]" +} + +# shell list function +shell_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# PLAIN list function +plain_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# CSV list function +csv_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +echo_phpversions_list() { + for element in "${phpversions_list[@]}"; do + echo "$element" + done +} + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Obtaining the list of installed PHP-FPM versions +fpmphpversions=$(/usr/local/vesta/bin/v-list-php) + +for phpversion in $fpmphpversions; do + phpversiontpl=${phpversion//./} + tpl="/usr/local/vesta/data/templates/web/apache2/PHP-FPM-$phpversiontpl.tpl" + if [ -f "$tpl" ]; then + phpversions_list+=("$phpversion") + fi +done + +phpversions=$(echo_phpversions_list) + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config index 127f2176..a0fdbbbc 100755 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -54,7 +54,8 @@ json_list() { "SOFTACULOUS": "'$SOFTACULOUS'", "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'", "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", - "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'", + "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'" } }' } diff --git a/bin/v-list-sys-services b/bin/v-list-sys-services index 3718c171..d23a92a7 100755 --- a/bin/v-list-sys-services +++ b/bin/v-list-sys-services @@ -18,6 +18,8 @@ source $VESTA/conf/vesta.conf export PATH=$PATH:/sbin +debug=0 + # JSON list function json_list() { IFS=$'\n' @@ -50,6 +52,9 @@ shell_list() { echo "---- ----- --- --- ------" while read str; do eval $str + if [ "$STATE" = "stopped" ]; then + STATE='off' + fi echo "$NAME $STATE $CPU $MEM $RTIME" done < <(echo -e "$data" |grep NAME) } @@ -77,8 +82,17 @@ csv_list() { get_srv_state() { srv=$1 name=${2-$1} + procfolder=$4 + procfile=$5 state='running' + mem=0 + cpu=0 + rtime="0" + if [ $debug -eq 1 ]; then + echo "---------------------" + echo "$srv = $name" + fi # Searching related pids if [ -z $3 ]; then pids=$(pidof $name |tr ' ' '|') @@ -88,10 +102,23 @@ get_srv_state() { if [ -z "$pids" ] && [ "$name" != 'nginx' ]; then pids=$(pgrep $name |tr '\n' '|') fi + if [ "$name" = 'elasticsearch' ]; then + pids=$(ps -Af | grep 'elasticsearch' | grep -v 'grep' | awk '{print $2}' | tr '\n' '|') + fi + if [ "$name" = 'vesta-nginx' ]; then + pids=$(ps -Af | grep 'vesta/nginx' | grep -v 'grep' | awk '{print $2}' | tr '\n' '|') + fi + if [ "$name" = 'vesta-php' ]; then + pids=$(ps -Af | grep 'vesta/php' | grep -v 'grep' | awk '{print $2}' | tr '\n' '|') + fi + if [ $debug -eq 1 ]; then + echo "pids = $pids" + fi # Checking pid - if [ ! -z "$pids" ]; then + if [ -n "$pids" ]; then pid=$(echo "$pids" |cut -f 1 -d '|') + pids=${pids%|} pids=$(egrep "$pids" $tmp_file) # Calculating CPU usage @@ -103,7 +130,22 @@ get_srv_state() { # Searching pid file pid_file='' - if [ -e "/var/run/$srv.pid" ]; then + if [ ! -z "$procfolder" ]; then + if [ -f "/var/run/$procfolder/$srv.pid" ]; then + pid_file="/var/run/$procfolder/$srv.pid" + fi + fi + if [ -z "$pid_file" ] && [ ! -z "$procfolder" ] && [ ! -z "$procfile" ]; then + if [ -f "/var/run/$procfolder/$procfile.pid" ]; then + pid_file="/var/run/$procfolder/$procfile.pid" + fi + fi + if [ -z "$pid_file" ] && [ -z "$procfolder" ] && [ ! -z "$procfile" ]; then + if [ -f "/var/run/$procfile.pid" ]; then + pid_file="/var/run/$procfile.pid" + fi + fi + if [ -z "$pid_file" ] && [ -e "/var/run/$srv.pid" ]; then pid_file="/var/run/$srv.pid" fi if [ -z "$pid_file" ] && [ -e "/var/run/$srv/$srv.pid" ]; then @@ -112,18 +154,31 @@ get_srv_state() { if [ -z "$pid_file" ] && [ -e "/var/run/$name/$name.pid" ]; then pid_file="/var/run/$name/$name.pid" fi + if [ -z "$pid_file" ] && [ -f "/var/run/$name.pid" ]; then + pid_file="/var/run/$name.pid" + fi if [ -z "$pid_file" ] && [ -e "/proc/$pid" ]; then pid_file="/proc/$pid" fi + if [ $debug -eq 1 ]; then + echo "$srv = $name = $pid_file" + fi # Calculating uptime - if [ ! -z "$pid_file" ]; then + if [ -n "$pid_file" ]; then mtime=$(stat -c "%Y" $pid_file) rtime=$((ctime - mtime)) rtime=$((rtime / 60)) else rtime=0 fi + if [ "$pid_file" = "/proc/$pid" ]; then + if [ $debug -eq 1 ]; then + echo "getting pid lifetime via ps" + fi + rtime=$(ps -p $pid -o etimes | tail -n 1 | awk '{print $1}') + rtime=$((rtime / 60)) + fi else state='stopped' mem=0 @@ -151,14 +206,6 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB_SYSTEM" != 'remote' ]; then data="$data MEM='$mem' RTIME='$rtime'" fi -# Checking WEB Backend -if [ ! -z "$WEB_BACKEND" ] && [ "$WEB_BACKEND" != 'remote' ]; then - proc_name=$(ls /usr/sbin/php*fpm* | rev | cut -d'/' -f 1 | rev) - get_srv_state $proc_name - data="$data\nNAME='$WEB_BACKEND' SYSTEM='backend server' STATE='$state'" - data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" -fi - # Checking WEB Proxy if [ ! -z "$PROXY_SYSTEM" ] && [ "$PROXY_SYSTEM" != 'remote' ]; then get_srv_state $PROXY_SYSTEM @@ -166,6 +213,18 @@ if [ ! -z "$PROXY_SYSTEM" ] && [ "$PROXY_SYSTEM" != 'remote' ]; then data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" fi +# Checking WEB Backend +if [ "$WEB_BACKEND" != 'remote' ]; then + php_versions=$(ls /usr/sbin/php*fpm* | cut -d'/' -f4 | sed 's|php-fpm||') + for version in $php_versions; do + proc_name="php-fpm${version}" + service_name="php${version}-fpm" + get_srv_state "$service_name" "$proc_name" '' 'php' + data="$data\nNAME='$service_name' SYSTEM='backend server' STATE='$state'" + data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" + done +fi + # DNS service=$DNS_SYSTEM if [ ! -z "$service" ] && [ "$service" != 'remote' ]; then @@ -177,14 +236,22 @@ fi # Checking MAIL system if [ ! -z "$MAIL_SYSTEM" ] && [ "$MAIL_SYSTEM" != 'remote' ]; then - get_srv_state $MAIL_SYSTEM + if [ "$MAIL_SYSTEM" = "exim4" ]; then + get_srv_state "$MAIL_SYSTEM" "$MAIL_SYSTEM" '' 'exim4' 'exim' + else + get_srv_state $MAIL_SYSTEM + fi data="$data\nNAME='$MAIL_SYSTEM' SYSTEM='mail server' STATE='$state'" data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" fi # Checking MAIL IMAP if [ ! -z "$IMAP_SYSTEM" ] && [ "$IMAP_SYSTEM" != 'remote' ]; then - get_srv_state $IMAP_SYSTEM + if [ "$IMAP_SYSTEM" = "dovecot" ]; then + get_srv_state "$IMAP_SYSTEM" "$IMAP_SYSTEM" '' 'dovecot' 'master' + else + get_srv_state $IMAP_SYSTEM + fi data="$data\nNAME='$IMAP_SYSTEM' SYSTEM='pop/imap server' STATE='$state'" data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" fi @@ -200,11 +267,19 @@ if [ ! -z "$ANTIVIRUS_SYSTEM" ] && [ "$ANTIVIRUS_SYSTEM" != 'remote' ]; then if [ "$ANTIVIRUS_SYSTEM" == 'clamav-daemon' ];then proc_name='clamd' fi - get_srv_state $ANTIVIRUS_SYSTEM $proc_name + get_srv_state $ANTIVIRUS_SYSTEM $proc_name '' 'clamav' 'clamd' fi data="$data\nNAME='$ANTIVIRUS_SYSTEM' SYSTEM='email antivirus'" data="$data STATE='$state' CPU='$cpu' MEM='$mem' RTIME='$rtime'" proc_name='' + if [ ! -d "/etc/sysconfig" ]; then + if [ "$ANTIVIRUS_SYSTEM" == 'clamav-daemon' ];then + get_srv_state "clamav-freshclam" "freshclam" + data="$data\nNAME='clamav-freshclam' SYSTEM='email antivirus updater'" + data="$data STATE='$state' CPU='$cpu' MEM='$mem' RTIME='$rtime'" + proc_name='' + fi + fi fi # Checking MAIL ANTISPAM @@ -220,6 +295,16 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then proc_name='' service="$db" if [ "$service" = 'mysql' ]; then + proc_name='mysqld' + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -gt 10 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then + service='mariadb' + proc_name='mariadbd' + fi + if [ -f "/etc/apt/sources.list.d/mariadb.list" ]; then + service='mariadb' + proc_name='mariadbd' + fi if [ -d "/etc/sysconfig" ]; then service='mysqld' proc_name='mysqld' @@ -238,7 +323,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then proc_name='postgres' fi fi - get_srv_state $service $proc_name + get_srv_state $service $proc_name '' 'mysqld' 'mysqld' data="$data\nNAME='$service' SYSTEM='database server' STATE='$state'" data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" proc_name='' @@ -254,11 +339,28 @@ fi # Checking CRON system if [ ! -z "$CRON_SYSTEM" ] && [ "$CRON_SYSTEM" != 'remote' ]; then - get_srv_state $CRON_SYSTEM + get_srv_state "$CRON_SYSTEM" "$CRON_SYSTEM" '' '' 'crond' data="$data\nNAME='$CRON_SYSTEM' SYSTEM='job scheduler' STATE='$state'" data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" fi +# Checking SSH daemon +if [ -e "/etc/ssh/sshd_config" ]; then + get_srv_state 'ssh' 'ssh' '' '' 'sshd' + data="$data\nNAME='ssh' SYSTEM='SSH Access' STATE='$state'" + data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" +fi + +# Checking Vesta nginx +get_srv_state 'vesta' 'vesta-nginx' '' '' 'vesta-nginx' +data="$data\nNAME='vesta-nginx' SYSTEM='Vesta nginx service' STATE='$state'" +data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" + +# Checking Vesta php-fpm +get_srv_state 'vesta' 'vesta-php' '' '' 'vesta-php' +data="$data\nNAME='vesta-php' SYSTEM='Vesta php service' STATE='$state'" +data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" + # Checking FIREWALL system if [ ! -z "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != 'remote' ]; then state="stopped" @@ -272,11 +374,33 @@ fi # Checking FIREWALL Fail2ban extention if [ ! -z "$FIREWALL_EXTENSION" ]; then - get_srv_state $FIREWALL_EXTENSION fail2ban-server script + get_srv_state "$FIREWALL_EXTENSION" 'fail2ban-server' 'script' data="$data\nNAME='$FIREWALL_EXTENSION' SYSTEM='brute-force monitor'" data="$data STATE='$state' CPU='$cpu' MEM='$mem' RTIME='$rtime'" fi +# Checking ElasticSearch +if [ -d "/etc/elasticsearch" ]; then + get_srv_state 'elasticsearch' + data="$data\nNAME='elasticsearch' SYSTEM='ElasticSearch' STATE='$state'" + data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" +fi + +# Checking Redis +if [ -d "/etc/redis" ]; then + get_srv_state 'redis' 'redis-server' '' 'redis' 'redis-server' + data="$data\nNAME='redis' SYSTEM='Redis' STATE='$state'" + data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" +fi + +# Checking Memcached +if [ -f "/etc/memcached.conf" ]; then + get_srv_state 'memcached' + data="$data\nNAME='memcached' SYSTEM='Memcached' STATE='$state'" + data="$data CPU='$cpu' MEM='$mem' RTIME='$rtime'" +fi + + # Listing data case $format in json) json_list ;; diff --git a/bin/v-list-user-log b/bin/v-list-user-log index ca317f7d..6be9f9ae 100755 --- a/bin/v-list-user-log +++ b/bin/v-list-user-log @@ -12,6 +12,7 @@ # Argument definition user=$1 format=${2-shell} +limit=${3-300} # Includes source $VESTA/func/main.sh @@ -34,6 +35,9 @@ json_list() { "TIME": "'$TIME'", "DATE": "'$DATE'" }' + if [ "$limit" -gt 0 ] && [ "$i" = "$limit" ]; then + break; + fi if [ "$i" -lt "$objects" ]; then echo ',' else @@ -83,7 +87,7 @@ csv_list() { # Verifications # #----------------------------------------------------------# -check_args '1' "$#" 'USER [FORMAT]' +check_args '1' "$#" 'USER [FORMAT] [LIMIT]' is_format_valid 'user' is_object_valid 'user' 'USER' "$user" @@ -93,7 +97,7 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Parsing history log -logs=$(tail -n 300 $USER_DATA/history.log 2>/dev/null) +logs=$(tail -n $limit $USER_DATA/history.log | tac) case $format in json) json_list ;; diff --git a/bin/v-lock-wordpress b/bin/v-lock-wordpress new file mode 100644 index 00000000..36852781 --- /dev/null +++ b/bin/v-lock-wordpress @@ -0,0 +1,93 @@ +#!/bin/bash +# info: Lock WordPress files if they are potentially infected (somewhere) by PHP malware, in order to stop further infection +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +unlock_folder() { + chown -R $user:$user $1/ + + # block .php execution inside folder + cat <$1/.htaccess +RewriteEngine on +RewriteRule ^.*\.(?:php[1-6]?|pht|phtml?)$ - [NC,F] +EOF + + chown root:root $1/.htaccess +} + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$user/web/$domain + +# lock files +chown -R www-data:www-data public_html/ + +# set correct chmod just in case +find public_html/ -type d -exec chmod 755 {} + +find public_html/ -type f -exec chmod 644 {} + + +# unlock /wp-content/uploads/ for uploading +if [ -d "/home/$user/web/$domain/public_html/wp-content/uploads" ]; then + unlock_folder "public_html/wp-content/uploads" +fi + +# unlock /wp-content/cache/ for caching +if [ -d "/home/$user/web/$domain/public_html/wp-content/cache" ]; then + unlock_folder "public_html/wp-content/cache" +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +echo "v-lock-wordpress: Done." + +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-log-failed-login b/bin/v-log-failed-login new file mode 100644 index 00000000..66b9b808 --- /dev/null +++ b/bin/v-log-failed-login @@ -0,0 +1,31 @@ +#!/bin/bash +# info: log failed login attempt +# options: USER [IP] +# +# The function log failed login attempt + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +ip=${2-127.0.0.1} + +time_n_date=$(date +'%T %F') +time=$(echo "$time_n_date" |cut -f 1 -d \ ) +date=$(echo "$time_n_date" |cut -f 2 -d \ ) + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0 diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log new file mode 100644 index 00000000..6a6dfadd --- /dev/null +++ b/bin/v-make-main-apache-log @@ -0,0 +1,14 @@ +#!/bin/bash + +touch /var/log/apache2/time.log +# truncate -s 0 /var/log/apache2/time.log +chmod 0640 /var/log/apache2/time.log +chown root:adm /var/log/apache2/time.log +find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then + sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf +fi +systemctl restart apache2 + +wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 6ede0d04..15e42c05 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -1,4 +1,4 @@ -#!/bin/bash + #!/bin/bash # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users # options: MAIL_HOSTNAME MAIL_IP @@ -40,12 +40,12 @@ fi # Verifications # #----------------------------------------------------------# -check_args '2' "$#" 'MAIL_HOSTNAME MAIL_IP' +check_args '2' "$#" 'MAIL_HOSTNAME MAIL_IP [NETMASK] [INTERFACE]' is_domain_format_valid "$MAIL_HOSTNAME" is_ip_format_valid "$MAIL_IP" HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME") -if [ -z "$HOST_USER" ]; then +if [ -z "$HOST_USER" ]; then echo "Error: hostname $HOSTNAME is not created as web domain" exit 4 fi @@ -137,18 +137,55 @@ $VESTA/bin/v-make-ip-ssl "$MAIL_USER" "$MAIL_HOSTNAME" check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template) if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" - patch /etc/exim4/exim4.conf.template < /usr/local/vesta/src/deb/for-download/tools/patches/separate-mail-ip.patch - if [ $? -ne 0 ]; then - echo "=== Patching failed, aborting" - exit 1 - else - echo "=== Patching successful" - sed -i "s|IP1|$HOST_IP|g" /etc/exim4/exim4.conf.template - sed -i "s|IP2|$MAIL_IP|g" /etc/exim4/exim4.conf.template - sed -i "s|HOST1|$HOSTNAME|g" /etc/exim4/exim4.conf.template - sed -i "s|HOST2|$MAIL_HOSTNAME|g" /etc/exim4/exim4.conf.template - service exim4 restart + mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template + + eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') + if (( $(echo "$eximversion < 4.96" | bc -l) )); then + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template + sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template fi + + if (( $(echo "$eximversion < 4.94" | bc -l) )); then + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template + fi + + sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template + sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template + sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template + sed -i "s|SECONDHOST|$MAIL_HOSTNAME|g" /etc/exim4/exim4.conf.template + sed -i "s|#local_interfaces|local_interfaces|g" /etc/exim4/exim4.conf.template + sed -i "s|#smtp_active_hostname|smtp_active_hostname|g" /etc/exim4/exim4.conf.template + sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template + sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template + sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template + /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template' + /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template' + touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_email_account_max_recipients + touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_hosting_account_max_recipients + check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template + fi + check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template + fi + check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template + fi + systemctl restart exim4 + if [ $? -ne 0 ]; then + systemctl status exim4 + cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template + systemctl restart exim4 + echo "=== Patching failed, old exim conf returned, exim4 restarted again." + exit 1 + fi + echo "=== Patching successful" else echo "=== exim4.conf.template already patched" fi diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 6c6c8653..c15a521e 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -40,6 +40,7 @@ is_format_valid 'domain' 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" + FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' FROM_DATABASE_PASSWORD='' @@ -94,6 +95,8 @@ if [ "$DB_EXISTS" = "no" ]; then exit 6 fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN") + # ----------- CHECK ------------- FROM_REPLACE1="http://$FROM_DOMAIN" @@ -102,19 +105,13 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN" TO_REPLACE2="https://www.$FROM_DOMAIN" if [ $IT_IS_WP -eq 0 ]; then - if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then - echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/" - exit 7 - fi - if [ ! -f "/usr/bin/php7.0" ]; then - echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0" - exit 8 - fi -else - if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp + if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then + if [ ! -f "/usr/bin/git" ]; then + apt-get update > /dev/null 2>&1 + apt-get -y install git > /dev/null 2>&1 + fi + cd /root + git clone https://github.com/interconnectit/Search-Replace-DB.git fi fi @@ -164,15 +161,15 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC if [ $IT_IS_WP -eq 0 ]; then echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid + /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid + /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; fi echo "===== DONE ====" diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index d055e361..383fd26e 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -40,6 +40,10 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user + USER_TO=$user #----------------------------------------------------------# @@ -84,6 +88,56 @@ if [ $? -ne 0 ]; then RET=$E_NOTEXIST fi +#----------------------------------------------------------# +# Update Wordfence WAF Path # +#----------------------------------------------------------# + +filepath="/home/USER_TO/web/$domain/public_html/.user.ini" +filename=$(basename $filepath) + +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" + + # Check if replacement was successful and update file + if [ $? -eq 0 ]; then + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." + else + echo "Failed to update $filename file." + rm "$tmp_file" # Deletes temporary file + fi +fi + +filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php" +filename=$(basename $filepath) + +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" + + # Check if replacement was successful and update file + if [ $? -eq 0 ]; then + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." + else + echo "Failed to update $filename file." + rm "$tmp_file" # Deletes temporary file + fi +fi + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink new file mode 100644 index 00000000..ccd66b7c --- /dev/null +++ b/bin/v-move-folder-and-make-symlink @@ -0,0 +1,114 @@ +#!/bin/bash + +# info: +# This script will move a folder to the new destination and make a symlink from the old path to the new destination + +# options: FROMFOLDER TOFOLDER + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ] && [ "$whoami" != "admin" ] ; then + echo "You must be root or admin to execute this script"; + exit 1; +fi + +# Argument definition +FROMFOLDER=$1 +TOFOLDER=$2 + +echo "Executing: v-move-folder-and-make-symlink $1 $2" + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +if [ -z "$FROMFOLDER" ]; then + echo "First parameter is empty, aborting" + exit 1 +fi + +if [ -z "$TOFOLDER" ]; then + echo "Second parameter is empty, aborting" + exit 1 +fi + +# Trimming the ending slash, just in case +FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::') +TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::') + +if [ ! -d "$FROMFOLDER" ]; then + echo "Folder $FROMFOLDER does not exists, aborting" + exit 1 +fi + +if [ -L "$FROMFOLDER" ]; then + echo "Folder $FROMFOLDER is already symlink, aborting" + exit 1 +fi + +if [ -d "$TOFOLDER" ]; then + echo "Folder $TOFOLDER already exists, aborting" + exit 1 +fi + +if [ -L "$TOFOLDER" ]; then + echo "Folder $TOFOLDER already exists (as symlink), aborting" + exit 1 +fi + +USER=$(stat -c '%U' "$FROMFOLDER") +GROUP=$(stat -c '%G' "$FROMFOLDER") +PARENTFOLDER=$(dirname "$TOFOLDER") + +if [ ! -d "$PARENTFOLDER" ]; then + PUSER=$(stat -c '%U' "$PARENTFOLDER") + PGROUP=$(stat -c '%G' "$PARENTFOLDER") + echo "= Creating parent folder..." + mkdir -p "$PARENTFOLDER" + chown $PUSER:$PGROUP "$PARENTFOLDER" +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then + # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files + chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1 + # with slashes on the end of the path of the folder +fi + +# rsync -a "$FROMFOLDER/" "$TOFOLDER/" +# with slashes on the end of the path of both folders + +mv "$FROMFOLDER" "$TOFOLDER" +if [ "$?" -ne 0 ]; then + echo "Error happened, aborting" + exit 1 +fi + +rm -rf "$FROMFOLDER" +# without slash on the end of the path of the folder + +ln -s "$TOFOLDER" "$FROMFOLDER" +# without slashes on the end of the path of both folders + +chown -h $USER:$GROUP $FROMFOLDER +# without slash on the end of the path of the folder + +#----------------------------------------------------------# +# Log and print result # +#----------------------------------------------------------# + +echo "Done, folder $FROMFOLDER moved to $TOFOLDER and symlinked" + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-normalize-restored-user b/bin/v-normalize-restored-user index 86e1f0b8..91ef29c9 100644 --- a/bin/v-normalize-restored-user +++ b/bin/v-normalize-restored-user @@ -45,7 +45,7 @@ NEWNS2=${arrNS[1]} for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do if [ -f "/usr/local/vesta/data/users/$user/dns/$domain.conf" ]; then - NEWIPV4=$(v-list-dns-domain "$user" "$domain" | grep 'IP:' | awk '{print $2}') + NEWIPV4=$(/usr/local/vesta/bin/v-list-dns-domain "$user" "$domain" | grep 'IP:' | awk '{print $2}') res=$(grep "'www'" /usr/local/vesta/data/users/$user/dns/$domain.conf) eval $res OLDIPV4=$VALUE @@ -79,7 +79,7 @@ sed -i "s#$OLDIPV4#$NEWIPV4#g" /usr/local/vesta/data/users/$user/dns.conf sed -i "s#$OLDNS1#$NEWNS1#g" /usr/local/vesta/data/users/$user/dns.conf sed -i "s#$OLDNS1#$NEWNS1#g" /usr/local/vesta/data/users/$user/user.conf sed -i "s#$OLDNS2#$NEWNS2#g" /usr/local/vesta/data/users/$user/user.conf -service bind9 reload +systemctl reload bind9 echo "Done!" diff --git a/bin/v-php-func b/bin/v-php-func new file mode 100644 index 00000000..925cc91e --- /dev/null +++ b/bin/v-php-func @@ -0,0 +1,21 @@ +#!/bin/bash +# info: calling myVesta PHP functions +# options: FUNCTION +# +# The function is calling myVesta or standard PHP functions directly from bash + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php "$@" + exit $? + fi +fi + +php /usr/local/vesta/func/bash-to-php-interpreter.php "$@" +exit $? diff --git a/bin/v-restart-dns b/bin/v-restart-dns index 4e7712a7..f96937a1 100755 --- a/bin/v-restart-dns +++ b/bin/v-restart-dns @@ -55,9 +55,10 @@ if [ -z "$DNS_SYSTEM" ] || [ "$DNS_SYSTEM" = 'remote' ] ; then fi # Restart system -service $DNS_SYSTEM reload >/dev/null 2>&1 +systemctl reset-failed $DNS_SYSTEM +systemctl reload $DNS_SYSTEM >/dev/null 2>&1 if [ $? -ne 0 ]; then - service $DNS_SYSTEM restart >/dev/null 2>&1 + systemctl restart $DNS_SYSTEM >/dev/null 2>&1 if [ $? -ne 0 ]; then send_email_report check_result $E_RESTART "$DNS_SYSTEM restart failed" diff --git a/bin/v-restart-web b/bin/v-restart-web index ab1afe6c..2b17ad9f 100755 --- a/bin/v-restart-web +++ b/bin/v-restart-web @@ -64,7 +64,9 @@ fi # Resart web system if reload didn't work if [ "$rc" -ne 0 ]; then - service $WEB_SYSTEM restart >/dev/null 2>&1 + # service $WEB_SYSTEM restart >/dev/null 2>&1 + systemctl reset-failed $WEB_SYSTEM + systemctl restart $WEB_SYSTEM >/dev/null 2>&1 if [ $? -ne 0 ]; then send_email_report check_result $E_RESTART "$WEB_SYSTEM restart failed" diff --git a/bin/v-restore-user b/bin/v-restore-user index 8aef31b1..a2dab574 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -28,6 +28,11 @@ if [ -z "$BACKUP" ]; then BACKUP=/backup fi +# Allow to specify full path to backup file +if [[ $backup == "/backup/"* ]]; then + backup="${backup:8}" +fi + # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh @@ -36,6 +41,10 @@ source $VESTA/func/db.sh source $VESTA/func/rebuild.sh source $VESTA/conf/vesta.conf +if [ ! -z "$OVERRIDE_BACKUP_PATH" ]; then + BACKUP=$OVERRIDE_BACKUP_PATH +fi + # Check backup ownership function is_backup_available() { passed=false @@ -408,6 +417,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then # Restoring web domain data chown $user $tmpdir chmod u+w $HOMEDIR/$user/web/$domain + chmod 0755 $tmpdir/web/$domain sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \ 2> $HOMEDIR/$user/web/$domain/restore_errors.log @@ -431,6 +441,15 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then find $HOMEDIR/$user/web/$domain/ -user $old_uid \ -exec chown -h $user:$user {} \; fi + + # Restoring php-fpm pool.d conf files + if [ -d "$tmpdir/web/$domain/php" ]; then + fpmver=$(ls $tmpdir/web/$domain/php/) + cp -r $tmpdir/web/$domain/php/$fpmver/ /etc/php/ + systemctl reset-failed php$fpmver-fpm + systemctl restart php$fpmver-fpm + fi + done # Adding user to traff queue @@ -458,7 +477,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then if [ -z "$dns" ] || [ "$dns" = '*' ]; then domains="$backup_domains" else - echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt + echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt) fi @@ -538,7 +557,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then if [ -z "$mail" ] || [ "$mail" = '*' ]; then domains="$backup_domains" else - echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt + echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt) fi @@ -600,6 +619,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then chown $user $tmpdir chmod u+w $HOMEDIR/$user/mail/$domain_idn + chmod 0755 $tmpdir/mail/$domain sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ -C $HOMEDIR/$user/mail/$domain_idn/ if [ "$?" -ne 0 ]; then @@ -635,7 +655,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then if [ -z "$db" ] || [ "$db" = '*' ]; then databases="$backup_databases" else - echo "$db" |tr ',' '\n' > $tmpdir/selected.txt + echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt) fi diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli new file mode 100644 index 00000000..b1e4e6aa --- /dev/null +++ b/bin/v-run-wp-cli @@ -0,0 +1,146 @@ +#!/bin/bash +# info: Run WP CLI command for a specific domain +# options: DOMAIN WP_CLI_COMMAND + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +wp_command=${@:2} + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +VERBOSE_MODE=1 + +check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_unsuspended 'web' 'DOMAIN' "$domain" + +if [ ! -d "/home/$user" ]; then + echo "= User doesn't exist"; + exit 1; +fi + +if [[ "$wp_command" != core\ download* ]] && [[ "$wp_command" != core\ config* ]] && [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo '= Please install WordPress first.' + exit 1; +fi + +wpcli="" + +if [ ! -f "/usr/local/bin/wp" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi + +if [ -z "$USE_WP_CLI_MYVESTA" ]; then + if [ -f "/usr/local/bin/wp" ]; then + # Get current time and file ctime in seconds since epoch + current_time=$(date +%s) + file_ctime=$(stat -c %Z /usr/local/bin/wp) + # Calculate age in days + age_days=$(( (current_time - file_ctime) / 86400 )) + if [ "$age_days" -gt 30 ]; then + echo "= The /usr/local/bin/wp file is older than 30 days (based on CTime)." + echo "= Updating WP CLI..." + /usr/local/vesta/bin/v-install-wp-cli + fi + fi +fi + +if [ -t 1 ]; then + output='terminal' +else + output='file' +fi + +if [ -f "/usr/local/bin/wp" ]; then + wpcli="/usr/local/bin/wp" + WP_CLI_PACKAGES_DIR="" +fi + +if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then + wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" + COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') + echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS + WP_CLI_PACKAGES_DIR="WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages" +fi + +if [ -z "$wpcli" ]; then + echo "= WP CLI is not installed. Please install it manually." + exit 1; +fi + +mkdir -p /home/$user/.wp-cli +chown $user:$user /home/$user/.wp-cli + +if [ -z "$PHP" ]; then + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +else + phpver=$PHP +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html + +if [ -z "$OPEN_BASEDIR" ]; then + OPEN_BASEDIR="/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin:/tmp" +fi + +if [ -z "$DISABLE_FUNCTIONS" ]; then + DISABLE_FUNCTIONS="pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" +fi + +if [ -z "$SHOW_ERRORS" ]; then + sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +else + sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command +fi + +return_code=$? + +if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then + rm /usr/local/bin/wp-cli/COLUMNS +fi + +if [ -z "$SHOW_ERRORS" ]; then + if grep -q "PHP Fatal error" /home/$user/web/$domain/wp-cli-error.log || [ $return_code -ne 0 ]; then + cat /home/$user/web/$domain/wp-cli-error.log + fi +fi +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit $return_code; diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta new file mode 100644 index 00000000..5947edfa --- /dev/null +++ b/bin/v-run-wp-cli-myvesta @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= myVesta WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli-myvesta +fi + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + # Get current time and file ctime in seconds since epoch + current_time=$(date +%s) + file_ctime=$(stat -c %Z /usr/local/bin/wp-cli/php/boot-fs.php) + # Calculate age in days + age_days=$(( (current_time - file_ctime) / 86400 )) + if [ "$age_days" -gt 30 ]; then + echo "= The /usr/local/bin/wp-cli/php/boot-fs.php file is older than 30 days (based on CTime)." + echo "= Updating myVesta WP CLI..." + /usr/local/vesta/bin/v-install-wp-cli-myvesta + fi +fi + +USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@" diff --git a/bin/v-search-domain-owner b/bin/v-search-domain-owner index 5b88f495..f807ebd2 100755 --- a/bin/v-search-domain-owner +++ b/bin/v-search-domain-owner @@ -9,6 +9,8 @@ # Variable&Function # #----------------------------------------------------------# +SILENT_MODE=1 + # Argument definition domain=$(idn -t --quiet -u "$1" ) type=${2-any} diff --git a/bin/v-sed b/bin/v-sed new file mode 100644 index 00000000..16e8ad2b --- /dev/null +++ b/bin/v-sed @@ -0,0 +1,27 @@ +#!/bin/bash +# info: calling myvesta_sed PHP function +# options: PARAMETERS +# +# The function is calling myVesta PHP replacement for GNU 'sed' command (but without regular expression) + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + shift; + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@" + exit $? + fi +fi + +if [ "$1" == "--stdin" ]; then + shift; + php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@" +else + php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@" +fi +exit $? diff --git a/bin/v-suspend-firewall-rule b/bin/v-suspend-firewall-rule index 67f14cec..9191fed0 100755 --- a/bin/v-suspend-firewall-rule +++ b/bin/v-suspend-firewall-rule @@ -32,12 +32,21 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-suspend-web-domain b/bin/v-suspend-web-domain index 7bd658ce..c9120122 100755 --- a/bin/v-suspend-web-domain +++ b/bin/v-suspend-web-domain @@ -17,6 +17,10 @@ domain=$2 domain_idn=$2 restart=$3 +if [ -z "$restart" ]; then + restart='yes' +fi + # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh @@ -80,12 +84,14 @@ fi update_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED' 'yes' increase_user_value "$user" '$SUSPENDED_WEB' -# Restarting web server -$BIN/v-restart-web $restart -check_result $? "Web restart failed" >/dev/null - -$BIN/v-restart-proxy $restart -check_result $? "Proxy restart failed" >/dev/null +if [ "$restart" = "yes" ]; then + # Restarting web server + $BIN/v-restart-web $restart + check_result $? "Web restart failed" >/dev/null + + $BIN/v-restart-proxy $restart + check_result $? "Proxy restart failed" >/dev/null +fi # Logging log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-unlock-wordpress b/bin/v-unlock-wordpress new file mode 100644 index 00000000..4a2c42c3 --- /dev/null +++ b/bin/v-unlock-wordpress @@ -0,0 +1,71 @@ +#!/bin/bash +# info: Unlock previously locked WordPress files if they were potentially infected (somewhere) by PHP malware +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$user/web/$domain + +# lock files +chown -R $user:$user public_html/ + +rm public_html/wp-content/uploads/.htaccess + +/usr/local/vesta/bin/v-fix-website-permissions $domain + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +echo "v-unlock-wordpress: Done." + +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-unsuspend-firewall-rule b/bin/v-unsuspend-firewall-rule index be6320d4..f0e00c96 100755 --- a/bin/v-unsuspend-firewall-rule +++ b/bin/v-unsuspend-firewall-rule @@ -32,12 +32,25 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-document-errors-files b/bin/v-update-document-errors-files new file mode 100644 index 00000000..c044a80a --- /dev/null +++ b/bin/v-update-document-errors-files @@ -0,0 +1,48 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html + chown $user:$user /home/$user/web/$domain/document_errors/* + chmod 644 /home/$user/web/$domain/document_errors/* + done + +done + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-update-firewall b/bin/v-update-firewall index 183522a7..6d359f07 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -52,6 +52,13 @@ if [ $? -ne 0 ]; then fi +# Checking custom OpenSSH port +# Taken from HestiaCP +sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2) +if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then + sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules +fi + # Creating temporary file tmp=$(mktemp) @@ -60,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp echo "$iptables -F INPUT" >> $tmp # Enabling stateful support -if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then +if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then str="$iptables -A INPUT -m state" str="$str --state ESTABLISHED,RELATED -j ACCEPT" echo "$str" >> $tmp @@ -157,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then fi # Saving rules to the master iptables file -if [ -d "/etc/sysconfig" ]; then - /sbin/iptables-save > /etc/sysconfig/iptables - if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then - /sbin/chkconfig iptables on - fi -else +# if [ -d "/etc/sysconfig" ]; then +# /sbin/iptables-save > /etc/sysconfig/iptables +# if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then +# /sbin/chkconfig iptables on +# fi +# else /sbin/iptables-save > /etc/iptables.rules preup="/etc/network/if-pre-up.d/iptables" if [ ! -e "$preup" ]; then @@ -171,7 +178,7 @@ else echo "exit 0" >> $preup chmod +x $preup fi -fi +# fi # Worarkound for OpenVZ if [ -e "/proc/vz/veinfo" ]; then diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index 36d7a1e9..819e9846 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -23,6 +23,9 @@ source $VESTA/conf/vesta.conf #----------------------------------------------------------# lecounter=0 +hostname=$(hostname) + +echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log # Checking user certificates for user in $($BIN/v-list-users plain |cut -f 1); do @@ -30,9 +33,28 @@ for user in $($BIN/v-list-users plain |cut -f 1); do for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do + limit_check=1 fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT') - if [[ "$fail_counter" -ge 7 ]]; then - echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping" + + # proxy_tpl=$(/usr/local/vesta/bin/v-list-web-domain "$user" "$domain" "shell" | grep 'PROXY:' | cut -d ' ' -f11-) + # if [ "$proxy_tpl" = "forward" ]; then + # echo "[$(date)] : $domain is using forward proxy, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log + # continue; + # fi + + if [[ "$hostname" = "$domain" ]]; then + if [[ "$fail_counter" -eq 7 ]]; then + limit_check=0 + fi + if [[ "$fail_counter" -eq 8 ]]; then + fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT') + send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing" + fi + fi + + if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then + # echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping" + echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log continue; fi crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt) @@ -53,11 +75,13 @@ for user in $($BIN/v-list-users plain |cut -f 1); do aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g') msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases) if [ $? -ne 0 ]; then - echo "$domain $msg" if [[ $msg == *"is suspended" ]]; then - echo "OK, it's suspended" + echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log else + echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log + echo "$domain $msg" fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT') + echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log echo "fail_counter = $fail_counter" fi fi diff --git a/bin/v-update-mail-domain-disk b/bin/v-update-mail-domain-disk index 451dbd37..be5502e7 100755 --- a/bin/v-update-mail-domain-disk +++ b/bin/v-update-mail-domain-disk @@ -49,7 +49,8 @@ dom_diks=0 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + cd $home_dir + udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-mail-domains-disk b/bin/v-update-mail-domains-disk index ca93627f..807218e3 100755 --- a/bin/v-update-mail-domains-disk +++ b/bin/v-update-mail-domains-disk @@ -35,13 +35,14 @@ fi #----------------------------------------------------------# # Starting loop -for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'mail' 'DOMAIN'); do dom_diks=0 - accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT') + accounts=$(list_objects "mail/$domain" 'ACCOUNT') for account in $accounts; do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + cd $home_dir + udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-myvesta b/bin/v-update-myvesta new file mode 100644 index 00000000..c3eaf337 --- /dev/null +++ b/bin/v-update-myvesta @@ -0,0 +1,36 @@ +#!/bin/bash +# info: Get the very latest build of myVesta +# options: NONE +# +# The function is downloading the very latest build of myVesta + +#----------------------------------------------------------# +# Verifications & Variable & Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +rm /var/cache/apt/archives/vesta_* > /dev/null 2>&1 +apt-get update -o Dir::Etc::sourcelist="sources.list.d/vesta.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" > /usr/local/vesta/log/update-$package.log 2>&1 +apt-get install --reinstall vesta + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +echo "=== myVesta updated ===" + +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-update-sys-rrd-la b/bin/v-update-sys-rrd-la index c8266626..860bdec6 100755 --- a/bin/v-update-sys-rrd-la +++ b/bin/v-update-sys-rrd-la @@ -74,7 +74,7 @@ rrdtool graph $RRD/la/$period-la.png \ -c "SHADEA#ffffff" \ -c "SHADEB#ffffff" \ -c "FONT#555555" \ - -c "CANVAS#302c2d" \ + -c "CANVAS#F2F2F2" \ -c "GRID#666666" \ -c "MGRID#AAAAAA" \ -c "FRAME#777777" \ @@ -82,7 +82,7 @@ rrdtool graph $RRD/la/$period-la.png \ DEF:la=$RRD/la/la.rrd:LA:AVERAGE \ DEF:pr=$RRD/la/la.rrd:PR:AVERAGE \ COMMENT:'\r' \ - AREA:la#C8EA2E:"LA * 100"\ + AREA:la#00CD2E:"LA * 100"\ GPRINT:la:'LAST: Current\:''%8.0lf' \ GPRINT:la:'MIN: Min\:''%8.0lf' \ GPRINT:la:'MAX: Max\:''%8.0lf\j' \ diff --git a/bin/v-update-sys-rrd-net b/bin/v-update-sys-rrd-net index e9c642e4..d59eefd9 100755 --- a/bin/v-update-sys-rrd-net +++ b/bin/v-update-sys-rrd-net @@ -35,13 +35,15 @@ if [ ! -d "$RRD/net" ]; then mkdir $RRD/net fi +find $RRD/net -name "veth*" -delete + # Parsing network interfaces ndev=$(cat /proc/net/dev) ifaces=$(echo "$ndev" |grep : |cut -f 1 -d : | sed "s/ //g") # Parsing excludes if [ -z "$RRD_IFACE_EXCLUDE" ]; then - RRD_IFACE_EXCLUDE='lo' + RRD_IFACE_EXCLUDE='lo,' fi for exclude in $(echo ${RRD_IFACE_EXCLUDE//,/ }); do ifaces=$(echo "$ifaces" |grep -vw "$exclude" ) @@ -62,6 +64,8 @@ for iface in $ifaces; do RRA:MAX:0.5:6:700 \ RRA:MAX:0.5:24:775 \ RRA:MAX:0.5:288:797 + else + touch $RRD/net/$iface.rrd fi # Parsing device stats @@ -112,6 +116,8 @@ for iface in $ifaces; do done +find $RRD/net -name "*.png" -mtime +1 -delete +find $RRD/net -name "*.rrd" -mtime +1 -delete #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-sys-vesta b/bin/v-update-sys-vesta index f3373823..8db9242d 100755 --- a/bin/v-update-sys-vesta +++ b/bin/v-update-sys-vesta @@ -28,6 +28,23 @@ source $VESTA/conf/vesta.conf # Checking arg number check_args '1' "$#" 'PACKAGE' +valid=0 +if [ "$package" = "vesta" ]; then + valid=1 +fi +if [ "$package" = "vesta-nginx" ]; then + valid=1 +fi +if [ "$package" = "vesta-php" ]; then + valid=1 +fi +if [ "$package" = "vesta-softaculous" ]; then + valid=1 +fi +if [ $valid -eq 0 ]; then + echo "Package $package is not valid" + exit 1 +fi #----------------------------------------------------------# # Action # diff --git a/bin/v-update-sys-vesta-all b/bin/v-update-sys-vesta-all index 5a42a0c0..cd3e677f 100755 --- a/bin/v-update-sys-vesta-all +++ b/bin/v-update-sys-vesta-all @@ -23,7 +23,7 @@ source $VESTA/conf/vesta.conf # Checking official latest version -latest=$(wget -q -T 10 -t 1 http://c.myvestacp.com/latest.txt?check_latest -O -) +latest=$(wget -q -T 10 -t 1 http://c.myvestacp.com/latest.txt?check_latest_version -O -) # Starting update loop for package in vesta vesta-nginx vesta-php; do diff --git a/bin/v-update-web-domain-disk b/bin/v-update-web-domain-disk index ac851b92..1bee4685 100755 --- a/bin/v-update-web-domain-disk +++ b/bin/v-update-web-domain-disk @@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi +# Defining hdd home directory +home_dir="/hdd$HOMEDIR/$user/web/$domain/" + +# Checking home directory exist +if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-web-domains-disk b/bin/v-update-web-domains-disk index 5951f289..5ee58abf 100755 --- a/bin/v-update-web-domains-disk +++ b/bin/v-update-web-domains-disk @@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Domain loop -for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'web' 'DOMAIN'); do home_dir="$HOMEDIR/$user/web/$domain/" if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi + home_dir="/hdd$HOMEDIR/$user/web/$domain/" + if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) + fi update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage" done diff --git a/bin/v-whitelist-email-account b/bin/v-whitelist-email-account new file mode 100644 index 00000000..4a6e6329 --- /dev/null +++ b/bin/v-whitelist-email-account @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a specific email address to SpamAssassin whitelist +# usage: v-whitelist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklisted() { + local pattern=$1 + local file=$2 + grep -qE "blacklist_from.*${pattern}" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-whitelist-email-account EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Extract the domain from the email address +DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}') + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY="whitelist_from $EMAIL" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the email address or its domain is already blacklisted +if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. It is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted." + exit 1 +fi + +# Add the email to whitelist if not already present +if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 diff --git a/bin/v-whitelist-email-domain b/bin/v-whitelist-email-domain new file mode 100644 index 00000000..9d877ad4 --- /dev/null +++ b/bin/v-whitelist-email-domain @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a domain to SpamAssassin whitelist +# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a SpamAssassin whitelist entry already exists +check_whitelist_exists() { + local entry=$1 + local file=$2 + grep -qF "whitelist_from $entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklist_exists() { + local domain=$1 + local file=$2 + grep -qE "blacklist_from.*${domain}$" "$file" +} + +# Function to add whitelist entry to file +add_whitelist_to_file() { + local entry=$1 + local file=$2 + echo "whitelist_from $entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY_MAIN="*@${DOMAIN}" +WHITELIST_ENTRY_SUB="*.$DOMAIN" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the domain is already blacklisted +if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $DOMAIN. It is already blacklisted." + exit 1 +fi + +# Add the main entry +if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +# Add the subdomain entry if needed +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 diff --git a/func/bash-to-php-interpreter.php b/func/bash-to-php-interpreter.php new file mode 100644 index 00000000..b437c3c9 --- /dev/null +++ b/func/bash-to-php-interpreter.php @@ -0,0 +1,88 @@ + $mysql_out 2>&1 if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\ $SENDMAIL -s "$subj" $email fi @@ -55,10 +58,13 @@ mysql_query() { mysql_dump() { err="/tmp/e.mysql" - mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err + mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat $err)" |\ $SENDMAIL -s "$subj" $email fi @@ -82,6 +88,9 @@ psql_connect() { psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi @@ -103,6 +112,9 @@ psql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi @@ -202,21 +214,57 @@ decrease_dbhost_values() { add_mysql_database() { mysql_connect $host + mysql_ver_sub=$(echo $mysql_ver |cut -d '.' -f1) + mysql_ver_sub_sub=$(echo $mysql_ver |cut -d '.' -f2) + query="CREATE DATABASE \`$database\` CHARACTER SET $charset" mysql_query "$query" > /dev/null - query="GRANT ALL ON \`$database\`.* TO \`$dbuser\`@\`%\` - IDENTIFIED BY '$dbpass'" - mysql_query "$query" > /dev/null + if [ "$mysql_fork" = "mysql" ] && [ "$mysql_ver_sub" -ge 8 ] ; then + query="CREATE USER \`$dbuser\`@\`%\` + IDENTIFIED BY '$dbpass'" + mysql_query "$query" > /dev/null - query="GRANT ALL ON \`$database\`.* TO \`$dbuser\`@localhost - IDENTIFIED BY '$dbpass'" - mysql_query "$query" > /dev/null + query="CREATE USER \`$dbuser\`@localhost + IDENTIFIED BY '$dbpass'" + mysql_query "$query" > /dev/null - if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then - md5=$(mysql_query "SHOW CREATE USER \`$dbuser\`" 2>/dev/null) - md5=$(echo "$md5" |grep password |cut -f8 -d \') + query="GRANT ALL ON \`$database\`.* TO \`$dbuser\`@\`%\`" + mysql_query "$query" > /dev/null + + query="GRANT ALL ON \`$database\`.* TO \`$dbuser\`@localhost" + mysql_query "$query" > /dev/null else + query="GRANT ALL ON \`$database\`.* TO \`$dbuser\`@\`%\` + IDENTIFIED BY '$dbpass'" + mysql_query "$query" > /dev/null + + query="GRANT ALL ON \`$database\`.* TO \`$dbuser\`@localhost + IDENTIFIED BY '$dbpass'" + mysql_query "$query" > /dev/null + fi + + if [ "$mysql_fork" = "mysql" ]; then + # mysql + if [ "$mysql_ver_sub" -ge 8 ] || { [ "$mysql_ver_sub" -eq 5 ] && [ "$mysql_ver_sub_sub" -ge 7 ]; } then + if [ "$mysql_ver_sub" -ge 8 ]; then + # mysql >= 8 + md5=$(mysql_query "SHOW CREATE USER \`$dbuser\`" 2>/dev/null) + # echo $md5 + md5=$(echo "$md5" |grep password |cut -f4 -d \') + # echo $md5 + else + # mysql < 8 + md5=$(mysql_query "SHOW CREATE USER \`$dbuser\`" 2>/dev/null) + md5=$(echo "$md5" |grep password |cut -f8 -d \') + fi + else + # mysql < 5.7 + md5=$(mysql_query "SHOW GRANTS FOR \`$dbuser\`" 2>/dev/null) + md5=$(echo "$md5" |grep PASSW|tr ' ' '\n' |tail -n1 |cut -f 2 -d \') + fi + else + # mariadb md5=$(mysql_query "SHOW GRANTS FOR \`$dbuser\`" 2>/dev/null) md5=$(echo "$md5" |grep PASSW|tr ' ' '\n' |tail -n1 |cut -f 2 -d \') fi @@ -267,22 +315,63 @@ get_database_values() { # Change MySQL database password change_mysql_password() { mysql_connect $HOST - query="GRANT ALL ON \`$database\`.* TO \`$DBUSER\`@\`%\` - IDENTIFIED BY '$dbpass'" - mysql_query "$query" > /dev/null - - query="GRANT ALL ON \`$database\`.* TO \`$DBUSER\`@localhost - IDENTIFIED BY '$dbpass'" - mysql_query "$query" > /dev/null -if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then - - md5=$(mysql_query "SHOW CREATE USER \`$DBUSER\`" 2>/dev/null) - md5=$(echo "$md5" |grep password |cut -f8 -d \') -else - md5=$(mysql_query "SHOW GRANTS FOR \`$DBUSER\`" 2>/dev/null) - md5=$(echo "$md5" |grep PASSW|tr ' ' '\n' |tail -n1 |cut -f 2 -d \') -fi + mysql_ver_sub=$(echo $mysql_ver |cut -d '.' -f1) + mysql_ver_sub_sub=$(echo $mysql_ver |cut -d '.' -f2) + + if [ "$mysql_fork" = "mysql" ]; then + # mysql + if [ "$mysql_ver_sub" -ge 8 ]; then + # mysql >= 8 + query="SET PASSWORD FOR \`$DBUSER\`@\`%\` = '$dbpass'" + mysql_query "$query" > /dev/null + query="SET PASSWORD FOR \`$DBUSER\`@localhost = '$dbpass'" + mysql_query "$query" > /dev/null + else + # mysql < 8 + query="GRANT ALL ON \`$database\`.* TO \`$DBUSER\`@\`%\` + IDENTIFIED BY '$dbpass'" + mysql_query "$query" > /dev/null + + query="GRANT ALL ON \`$database\`.* TO \`$DBUSER\`@localhost + IDENTIFIED BY '$dbpass'" + mysql_query "$query" > /dev/null + fi + else + # mariadb + query="GRANT ALL ON \`$database\`.* TO \`$DBUSER\`@\`%\` + IDENTIFIED BY '$dbpass'" + mysql_query "$query" > /dev/null + + query="GRANT ALL ON \`$database\`.* TO \`$DBUSER\`@localhost + IDENTIFIED BY '$dbpass'" + mysql_query "$query" > /dev/null + fi + + if [ "$mysql_fork" = "mysql" ]; then + # mysql + if [ "$mysql_ver_sub" -ge 8 ] || { [ "$mysql_ver_sub" -eq 5 ] && [ "$mysql_ver_sub_sub" -ge 7 ]; } then + if [ "$mysql_ver_sub" -ge 8 ]; then + # mysql >= 8 + md5=$(mysql_query "SHOW CREATE USER \`$DBUSER\`" 2>/dev/null) + # echo $md5 + md5=$(echo "$md5" |grep password |cut -f4 -d \') + # echo $md5 + else + # mysql < 8 + md5=$(mysql_query "SHOW CREATE USER \`$DBUSER\`" 2>/dev/null) + md5=$(echo "$md5" |grep password |cut -f8 -d \') + fi + else + # mysql < 5.7 + md5=$(mysql_query "SHOW GRANTS FOR \`$DBUSER\`" 2>/dev/null) + md5=$(echo "$md5" |grep PASSW|tr ' ' '\n' |tail -n1 |cut -f 2 -d \') + fi + else + # mariadb + md5=$(mysql_query "SHOW GRANTS FOR \`$DBUSER\`" 2>/dev/null) + md5=$(echo "$md5" |grep PASSW|tr ' ' '\n' |tail -n1 |cut -f 2 -d \') + fi } # Change PostgreSQL database password @@ -391,7 +480,7 @@ suspend_pgsql_database() { # Unsuspend MySQL database unsuspend_mysql_database() { mysql_connect $HOST - query="GRANT ALL ON \`$database\`.* FROM \`$DBUSER\`@\`%\`" + query="GRANT ALL ON \`$database\`.* TO \`$DBUSER\`@\`%\`" mysql_query "$query" > /dev/null query="GRANT ALL ON \`$database\`.* TO \`$DBUSER\`@localhost" mysql_query "$query" > /dev/null diff --git a/func/domain.sh b/func/domain.sh index 6bd05b91..f2a45e71 100644 --- a/func/domain.sh +++ b/func/domain.sh @@ -225,6 +225,10 @@ add_web_config() { $user $domain $local_ip $HOMEDIR \ $HOMEDIR/$user/web/$domain/public_html fi + + if [[ "$2" =~ ^PHP-FPM ]]; then + ensure_poold_folders_not_empty + fi } # Get config top and bottom line number @@ -590,3 +594,28 @@ is_domain_new() { get_domain_values() { eval $(grep "DOMAIN='$domain'" $USER_DATA/$1.conf) } + +# Ensure that pool.d folders are not empty +ensure_poold_folders_not_empty () { + for D in /etc/php/*; do + if [ -d "${D}" ]; then + BD=$(basename ${D}) + POOLD="${D}/fpm/pool.d" + if [ -d "$POOLD" ]; then + # echo $POOLD + # service_to_check="php${BD}-fpm" + # service_exists=$(check_if_service_exists $service_to_check) + # if [ $service_exists -eq 1 ]; then + # echo "$BD = $service_to_check = $POOLD = $service_exists" + ls=$(ls $POOLD | grep -c '.conf') + if [ $ls -eq 0 ]; then + # echo "$BD = $POOLD = $ls" + if [ -f "/usr/local/vesta/src/deb/for-download/tools/default-pool.d/$BD/www.conf" ] && [ ! -f "/etc/php/$BD/fpm/pool.d/www.conf" ]; then + cp /usr/local/vesta/src/deb/for-download/tools/default-pool.d/$BD/www.conf /etc/php/$BD/fpm/pool.d/www.conf + fi + fi + # fi + fi + fi + done +} diff --git a/func/handle_parameters.sh b/func/handle_parameters.sh index ba5bd36f..32e09312 100644 --- a/func/handle_parameters.sh +++ b/func/handle_parameters.sh @@ -1,4 +1,5 @@ # handle --parameters=val + handle_parameter() { origparam=$1 searchstring="=" @@ -7,14 +8,12 @@ handle_parameter() { var_without_minuses=${origparam:2} var=${var_without_minuses%%=*} val=${origparam#*$searchstring} - #echo $var - #echo $val + # echo "$var = $val" printf -v "$var" '%s' "$val" fi } numargs=$# for ((i=1 ; i <= numargs ; i++)) do - handle_parameter $1 - shift + handle_parameter ${@:$i:1} done diff --git a/func/main.php b/func/main.php index 888fe25d..4628c92a 100644 --- a/func/main.php +++ b/func/main.php @@ -1,26 +1,51 @@ /dev/null fi } @@ -152,7 +156,7 @@ generate_password() { matrix=0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz fi if [ -z "$lenght" ]; then - lenght=10 + lenght=16 fi i=1 while [ $i -le $lenght ]; do @@ -250,6 +254,9 @@ is_object_unsuspended() { spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'") fi if [ ! -z "$spnd" ]; then + if [ ! -z "$VERBOSE_MODE" ]; then + echo "Error: $(basename $1) $3 is suspended" + fi check_result $E_SUSPENDED "$(basename $1) $3 is suspended" fi } @@ -355,6 +362,17 @@ search_objects() { IFS="$OLD_IFS" } +# List objects +list_objects() { + OLD_IFS="$IFS" + IFS=$'\n' + for line in $(cat $USER_DATA/$1.conf); do + eval $line + eval echo \$$2 + done + IFS="$OLD_IFS" +} + # Get user value get_user_value() { grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}' @@ -551,7 +569,7 @@ is_user_format_valid() { is_domain_format_valid() { object_name=${2-domain} exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]" - if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then + if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ \.\. ]] || [[ $1 =~ $(printf '\t') ]]; then check_result $E_INVALID "invalid $object_name format :: $1" fi } @@ -838,6 +856,22 @@ is_format_valid_shell() { exit $E_INVALID fi } + +format_no_quotes() { + exclude="['|\"]" + if [[ "$1" =~ $exclude ]]; then + check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1" + fi + is_no_new_line_format "$1" +} + +is_no_new_line_format() { + test=$(echo "$1" | head -n1 ); + if [[ "$test" != "$1" ]]; then + check_result "$E_INVALID" "invalid value :: $1" + fi +} + # Format validation controller is_format_valid() { for arg_name in $*; do @@ -846,6 +880,7 @@ is_format_valid() { case $arg_name in account) is_user_format_valid "$arg" "$arg_name";; action) is_fw_action_format_valid "$arg";; + alias) is_alias_format_valid "$arg" ;; aliases) is_alias_format_valid "$arg" ;; antispam) is_boolean_format_valid "$arg" 'antispam' ;; antivirus) is_boolean_format_valid "$arg" 'antivirus' ;; @@ -1098,3 +1133,129 @@ no_symlink_chmod() { chmod "${filemode}" "${i}" done } + +# $1 = subject +# $2 = body +send_email_to_admin() { + email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf) + email=$(echo "$email" | cut -f 2 -d "'") + if [ -z "$email" ]; then + if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then + email=$NOTIFY_ADMIN_FULL_BACKUP + fi + fi + if [ -z "$email" ]; then + return; + fi + echo "$2" | $SENDMAIL -s "$1" "$email" 'yes' +} + +check_if_service_exists() { + if [ $(systemctl list-units --all -t service --full --no-legend | grep -c "$1") -gt 0 ]; then + echo "1" + else + echo "0" + fi +} + +# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl. +# Inspired by HestiaCP function and improved +parse_object_kv_list_non_eval() { + # Let's combine all the parameters into one string, replace the new lines with a space + local str="${*//$'\n'/ }" + str=${str//\\\'/---QUOTE---} + str=${str//\\\"/---DQUOTE---} + local backup_str=$str + + local key val match i length length_val prefix position cut + i=0 + # Searching for key='value' blocks + # Loop until we find the next key='value' + while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do + key="${BASH_REMATCH[1]}" + val="${BASH_REMATCH[2]}" + match="${BASH_REMATCH[0]}" + length=${#match} + length_val=${#match} + + # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) + if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid key format [$key]" + fi + + # Declaring a global variable + val=${val/---QUOTE---/\\\'} + val=${val/---DQUOTE---/\\\"} + declare -g "$key"="$val" + + # Let's remove the processed part from str to continue + prefix=${str%%"$key="*} + position=${#prefix} + cut=$((position + 1 + length_val)) + str=${str:cut} + ((i++)) + if [ $i -eq 100 ]; then + check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" + fi + done + + # Terminate function if we don't expect strings with double apostrophes + if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then + return; + fi + + # Searching for key="value" blocks + str=$backup_str + i=0 + # Loop until we find the next key="value" + while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do + key="${BASH_REMATCH[1]}" + val="${BASH_REMATCH[2]}" + match="${BASH_REMATCH[0]}" + length=${#match} + length_val=${#match} + + # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) + if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid key format [$key]" + fi + + # Declaring a global variable + val=${val/---QUOTE---/\\\'} + val=${val/---DQUOTE---/\\\"} + declare -g "$key"="$val" + + # Let's remove the processed part from str to continue + prefix=${str%%"$key="*} + position=${#prefix} + cut=$((position + 1 + length_val)) + str=${str:cut} + ((i++)) + if [ $i -eq 100 ]; then + check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" + fi + done +} + +# Return OK (0) if domain is unsupended +# Parameters: +# $1 - user +# $2 - domain +return_ok_if_domain_is_unsuspended() { + spnd=$(grep "DOMAIN='$2'" /usr/local/vesta/data/users/$1/web.conf | grep "SUSPENDED='yes'") + if [ ! -z "$spnd" ]; then + return $E_SUSPENDED + fi + return $OK +} + +# Return OK (0) if user is unsupended +# Parameters: +# $1 - user +return_ok_if_user_is_unsuspended() { + spnd=$(cat /usr/local/vesta/data/users/$1/user.conf | grep "SUSPENDED='yes'") + if [ ! -z "$spnd" ]; then + return $E_SUSPENDED + fi + return $OK +} diff --git a/func/rebuild.sh b/func/rebuild.sh index b4df3d20..ae267e8b 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -445,9 +445,12 @@ rebuild_mail_domain_conf() { rm -f $HOMEDIR/$user/conf/mail/$domain/protection rm -f $HOMEDIR/$user/conf/mail/$domain/passwd rm -f $HOMEDIR/$user/conf/mail/$domain/fwd_only + rm -f $HOMEDIR/$user/conf/mail/$domain/accounts + touch $HOMEDIR/$user/conf/mail/$domain/aliases touch $HOMEDIR/$user/conf/mail/$domain/passwd touch $HOMEDIR/$user/conf/mail/$domain/fwd_only + touch $HOMEDIR/$user/conf/mail/$domain/accounts # Adding antispam protection if [ "$ANTISPAM" = 'yes' ]; then @@ -506,6 +509,8 @@ rebuild_mail_domain_conf() { fi str="$account:$MD5:$user:mail::$HOMEDIR/$user:$QUOTA" echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd + userstr="$account:$account:$user:mail:$HOMEDIR/$user" + echo $userstr >> $HOMEDIR/$user/conf/mail/$domain/accounts for malias in ${ALIAS//,/ }; do echo "$malias@$domain_idn:$account@$domain_idn" >> $dom_aliases done @@ -518,6 +523,12 @@ rebuild_mail_domain_conf() { fi done + # Define mail user + if [ "$MAIL_SYSTEM" = 'exim4' ]; then + MAIL_USER=Debian-exim + else + MAIL_USER=exim + fi # Set permissions and ownership if [[ "$MAIL_SYSTEM" =~ exim ]]; then chmod 660 $USER_DATA/mail/$domain.* @@ -527,6 +538,7 @@ rebuild_mail_domain_conf() { chmod 770 $HOMEDIR/$user/mail/$domain_idn chown -R $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain chown -R dovecot:mail $HOMEDIR/$user/conf/mail/$domain/passwd + chown $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain/accounts chown $user:mail $HOMEDIR/$user/mail/$domain_idn fi @@ -544,33 +556,48 @@ rebuild_mysql_database() { mysql_query "CREATE DATABASE \`$DB\` CHARACTER SET $CHARSET" >/dev/null if [ "$mysql_fork" = "mysql" ]; then # mysql - if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then + mysql_ver_sub=$(echo $mysql_ver |cut -d '.' -f1) + mysql_ver_sub_sub=$(echo $mysql_ver |cut -d '.' -f2) + if [ "$mysql_ver_sub" -ge 8 ] || { [ "$mysql_ver_sub" -eq 5 ] && [ "$mysql_ver_sub_sub" -ge 7 ]; } then # mysql >= 5.7 - mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null - mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null - query="UPDATE mysql.user SET authentication_string='$MD5'" - query="$query WHERE User='$DBUSER'" + # if [ "$mysql_ver_sub" -eq 5 ] && [ "$mysql_ver_sub_sub" -ge 7 ]; then + mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null + mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null + query="UPDATE mysql.user SET authentication_string='$MD5'" + query="$query WHERE User='$DBUSER'" else # mysql < 5.7 query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'" fi else # mariadb - if [ "$(echo $mysql_ver |cut -d '.' -f1)" -eq 5 ]; then + mysql_ver_sub=$(echo $mysql_ver |cut -d '.' -f1) + mysql_ver_sub_sub=$(echo $mysql_ver |cut -d '.' -f2) + if [ "$mysql_ver_sub" -eq 5 ]; then # mariadb = 5 mysql_query "CREATE USER \`$DBUSER\`" > /dev/null mysql_query "CREATE USER \`$DBUSER\`@localhost" > /dev/null + query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'" else # mariadb = 10 mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null + if [ "$mysql_ver_sub_sub" -ge 4 ]; then + # mariadb >= 10.4 + query="SET PASSWORD FOR '$DBUSER'@'%' = '$MD5';" + query2="SET PASSWORD FOR '$DBUSER'@'localhost' = '$MD5';" + else + # mariadb < 10.4 + query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'" + fi fi - # mariadb any version - query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'" fi mysql_query "GRANT ALL ON \`$DB\`.* TO \`$DBUSER\`@\`%\`" >/dev/null mysql_query "GRANT ALL ON \`$DB\`.* TO \`$DBUSER\`@localhost" >/dev/null mysql_query "$query" >/dev/null + if [ ! -z "$query2" ]; then + mysql_query "$query2" >/dev/null + fi mysql_query "FLUSH PRIVILEGES" >/dev/null } @@ -583,6 +610,9 @@ rebuild_pgsql_database() { if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then echo "Error: postgresql config parsing failed" if [ ! -z "$SENDMAIL" ]; then + subj="Error: postgresql config parsing failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email fi log_event "$E_PARSING" "$ARGUMENTS" @@ -594,6 +624,9 @@ rebuild_pgsql_database() { if [ '0' -ne "$?" ]; then echo "Error: Connection failed" if [ ! -z "$SENDMAIL" ]; then + subj="Error: Connection failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo "Database connection to PostgreSQL host $HOST failed" |\ $SENDMAIL -s "$subj" $email fi diff --git a/func/string.php b/func/string.php index c94f85a2..7ada2546 100644 --- a/func/string.php +++ b/func/string.php @@ -1,6 +1,23 @@ $slen) $len=$slen-$pos1; + + $myvesta_str_found_at=$pos1; + $myvesta_str_end_at=$pos1+$len; + + return substr($text, $pos1, $len); +} + +function myvesta_str_replace_once_between_including_borders(&$text, $left, $right, $replace_with) { + $pos1=strpos($text, $left); + if ($pos1===false) return $text; + $pos2=strpos($text, $right, $pos1+strlen($left)); + if ($pos2===false) return $text; + return substr($text, 0, $pos1).$replace_with.substr($text, $pos2+strlen($right)); +} + +function myvesta_str_strip_once_between_including_borders(&$text, $left, $right) { + $pos1=strpos($text, $left); + if ($pos1===false) return $text; + $pos2=strpos($text, $right, $pos1+strlen($left)); + if ($pos2===false) return $text; + return substr($text, 0, $pos1).substr($text, $pos2+strlen($right)); +} + +function myvesta_str_replace_between_including_borders($text, $left, $right, $replace_with) { + $start=0; + $left_len=strlen($left); + $right_len=strlen($right); + while (true) { + $pos1=strpos($text, $left); + if ($pos1===false) break; + $pos2=strpos($text, $right, $pos1+$left_len); + if ($pos2===false) break; + $text=substr($text, 0, $pos1).$replace_with.substr($text, $pos2+$right_len); + } + return $text; +} + +function myvesta_str_strip_between_including_borders($text, $left, $right) { + global $myvesta_stdin; + $args=func_get_args(); + $args_i=-1; + if ($myvesta_stdin!='') { + $text=$myvesta_stdin; + } else { + $args_i++; $text=$args[$args_i]; + } + $args_i++; $left=$args[$args_i]; + $args_i++; $right=$args[$args_i]; + + $left_len=strlen($left); + $right_len=strlen($right); + while (true) { + $pos1=strpos($text, $left); + if ($pos1===false) break; + $pos2=strpos($text, $right, $pos1+$left_len); + if ($pos2===false) break; + $text=substr($text, 0, $pos1).substr($text, $pos2+$right_len); + } + return $text; +} + +function myvesta_str_find($text, $find, $quiet=false) { + $pos=strpos($text, $find); + if ($pos===false) return myvesta_throw_error (MYVESTA_ERROR_STRING_NOT_FOUND, ""); + if ($quiet) return true; + return $pos; +} + +function myvesta_str_uppercase($text) { + return strtoupper($text); +} + +function myvesta_str_lowercase($text) { + return strtolower($text); +} + +function myvesta_str_substring($text, $start, $length=null) { + if ($length===null) return substr($text, $start); + if ($length!==null) return substr($text, $start, $length); } diff --git a/install/debian/10/deb_signing.key b/install/debian/10/deb_signing.key index 9debc008..d279abbd 100644 --- a/install/debian/10/deb_signing.key +++ b/install/debian/10/deb_signing.key @@ -1,41 +1,41 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQGNBF0pEcYBDADE5M0hqORpLBNuCtGaDzX7b7pRNCpWG0zBqjfXf6GSNCZFmoT8 -ag0DJqhEgt9+MK8StYPvZJNrnhEfT3z8twRfvnFGl6SIHMidInmDOJG8Y6btUPc4 -pylXYgAMnRUzT3eXaHcn/UGNQ1NR3DwUaL8wqGpurMkxqmoeHsvn6sHO5v7PiAW1 -xSFVyrMLDEAQASdif6Zfmjm4WaxJF3p8BxCcmfmMIC+UXiRVn5jrib1J0yC5AQZf -uPHcnZZIynYphcNV9fOC0VFpxxtdWz3cdtJQNEuM/bV5qEowlULgopQQVn4W7I3/ -6Hy4RSS+B5mSinKF7Na666sKiBbOqWNWHpGi9YEGfD+3bE36Gd/B3FaMKDc/zDn7 -5eWFgxBT89ASHNzKULKpNwOzRMwBDj6nZySFzr2lMNH9SAQ6xL5i2/L49SXu2wsI -FisvNzSFpflyseiHpda2DbQ3U9Uk36Ixy8OrHFcRHW/an4mPuae+FHjI3+TYJPbM -DINOKGlDAHpXIEUAEQEAAbQuUHJlZHJhZyBEYW1uamFub3ZpYyA8cHJlZHJhZ0Bo -b3N0aW5ncGFuZWwuZGV2PokB1AQTAQoAPhYhBKkALHMylGR2fdARrXm+rmsIksKF -BQJdKRHGAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHm+rmsI -ksKF8ywL+gM1e/22lvq+q6mElPZBPtpa6rHgvPlm9pKdp/vdpV/x7bXWOiE/xClK -F5+ULBbudeWiiJi6e6aUKSYTtEFku6qJLBe64gX4EfjOYjBdYqbmGr0I+s2F/awB -jBqg/97XB5JnUVis9762VU9CltvRjHjhd/s5HM4lCta0bSjPkRyFASONPDLx0y/L -1ESXyHgTBOHOotQrnH0l4RQmTEcjN1jyGsHqbt6D5Km5DrteI9uFt2MWjOAOB6Fc -noiGJCaLGffw7aJ0CwKWySUPaXgTiLYWwJW3KIIh/IgKtLfhteAwImxMxLiQDLk2 -p6jO4h+I6k+n3e+u/Bd7/zK2PbpoEqgw2NzfAFX6qkJKQgtps1oP2IwEi64BbFTd -uOjJjfYLKuFgwilHe0mdrUusjQy8HSBhezpciTlalDOJtrjF3DHiIvp3WUPXsS7o -vswoR8SH7yJTH5dP7lrfFEeQ8TBBq+f+d3uAQVBXi8ETyflHnws9LHMR8J3QuadK -y6OESuMzPrkBjQRdKRHGAQwAyqeIfU2TL36ddAKAmNvDlMwYAcxlsq619KbIuFPK -h3nW1bXYwhFGjOwSFrIhFPT8cG69S4yvVDwkN1BeCefEA35PJdwy9FLERHFApEbO -C2WUrbqYovd26W/xdAlHXsphsD0p64ntYkqJzYWGKAQ/6LO0esoesRl5iTSda7WG -pHX/2LXiSl91gqysWZIaB8LoJaACkoti9N/FFH/Li08ez3Am2mxciX5yGdcba290 -rEvzgxwi00KdhNTE7ZT8FmpiUDxdm5kninRRklk6FAfEaQ1sLffhhZkcaNF+cmSV -ijU8TCmoTpkAoyOddWri1zZBgeDQh7CGaNbx3n/6EZVKwPajFgDuVA/n9YVKyG9O -AGpgK5p3pn7yrBCdDEOl+pun/NsEaUm3mrRpQvEZoVCLYkVfdYaXpgTcifVYJnt3 -/8xbYYM6qMXM/ajiUQrAWaYBylzF5uc0WaK3w0feb1KdEV8o0+BgpOxUQtUfM88m -GMCLb+2S2DQY2ay4tImgIjKVABEBAAGJAbwEGAEKACYWIQSpACxzMpRkdn3QEa15 -vq5rCJLChQUCXSkRxgIbDAUJA8JnAAAKCRB5vq5rCJLChRWJDACNA2AOuB5wuJOY -pm9fXB5uwtvqbqd7Q3219o5236F7Imw81afxcu2RDZDh6DXHmW3YnICq4ffyYjWW -1jQrZJo7uemlc+Vkqvq/XFS5T/DbaWwZCYj5uN6BbsfmfoLpa7QYvUu2vsNM6UD6 -DmrWeLIWAv9VS/RHAFgzs5Rre3EjD5NrWVOttOmwqeMJC06Nf9JUqE7o5DDQ6avG -Hy+7KMYHSJf6dtH7lYNI0tq3/qxkNr7xF5c7FO5J/hv0wOeilExEJEiSrBfVXrhJ -tOs6B1qE6liD6IoMSPHZDZESzU/PJG+UbzxYpi3rtqcte/qXS7QzOnv77rFK0VmF -pHGSkDCoUmxbSIGrju8D9MeXuj5ygS7LoqpdxifCfnxa50VJk10+ucyiW4yUjBZv -7SjBioKXx4cW7TDjPcZ7XrsCKftipZxr8d7BvSRESgRdBI/p8md3sf9e7vw4V4d0 -ME0RikTA0b3qYO0RroUPcs/FD6PcvJ4SiWNwWqIU6DbtFh1ojo0= -=mMOx +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI -----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/10/exim/dnsbl.conf b/install/debian/10/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/10/exim/dnsbl.conf +++ b/install/debian/10/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/10/exim/exim4.conf.template b/install/debian/10/exim/exim4.conf.template index 7cc13c36..0e5afaac 100644 --- a/install/debian/10/exim/exim4.conf.template +++ b/install/debian/10/exim/exim4.conf.template @@ -91,16 +91,18 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept @@ -174,7 +176,7 @@ acl_check_data: .ifdef SPAMASSASSIN warn !authenticated = * hosts = !+relay_from_hosts - condition = ${if < {$message_size}{100K}} + condition = ${if < {$message_size}{600K}} condition = ${if eq{$acl_m1}{yes}{yes}{no}} spam = nobody:true/defer_ok add_header = X-Spam-Score: $spam_score_int @@ -247,6 +249,8 @@ userforward: driver = redirect check_local_user file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains allow_filter no_verify no_expn diff --git a/install/debian/10/mysql/my-large.cnf b/install/debian/10/mysql/my-large.cnf index febfda66..b056c316 100644 --- a/install/debian/10/mysql/my-large.cnf +++ b/install/debian/10/mysql/my-large.cnf @@ -1,11 +1,18 @@ [client] +default-character-set=utf8mb4 port=3306 socket=/var/run/mysqld/mysqld.sock [mysqld_safe] socket=/var/run/mysqld/mysqld.sock +[mysql] +default-character-set=utf8mb4 + [mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 user=mysql pid-file=/var/run/mysqld/mysqld.pid socket=/var/run/mysqld/mysqld.sock diff --git a/install/debian/10/mysql/my-medium.cnf b/install/debian/10/mysql/my-medium.cnf index 3aa8fe22..33aa04c2 100644 --- a/install/debian/10/mysql/my-medium.cnf +++ b/install/debian/10/mysql/my-medium.cnf @@ -1,11 +1,18 @@ [client] +default-character-set=utf8mb4 port=3306 socket=/var/run/mysqld/mysqld.sock [mysqld_safe] socket=/var/run/mysqld/mysqld.sock +[mysql] +default-character-set=utf8mb4 + [mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 user=mysql pid-file=/var/run/mysqld/mysqld.pid socket=/var/run/mysqld/mysqld.sock diff --git a/install/debian/10/mysql/my-small.cnf b/install/debian/10/mysql/my-small.cnf index bd53770b..857f48ce 100644 --- a/install/debian/10/mysql/my-small.cnf +++ b/install/debian/10/mysql/my-small.cnf @@ -1,11 +1,18 @@ [client] +default-character-set=utf8mb4 port=3306 socket=/var/run/mysqld/mysqld.sock [mysqld_safe] socket=/var/run/mysqld/mysqld.sock +[mysql] +default-character-set=utf8mb4 + [mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 user=mysql pid-file=/var/run/mysqld/mysqld.pid socket=/var/run/mysqld/mysqld.sock diff --git a/install/debian/10/nginx/nginx.conf b/install/debian/10/nginx/nginx.conf index ccf657de..6d5e36ba 100644 --- a/install/debian/10/nginx/nginx.conf +++ b/install/debian/10/nginx/nginx.conf @@ -77,6 +77,8 @@ http { set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; set_real_ip_from 141.101.64.0/18; set_real_ip_from 108.162.192.0/18; set_real_ip_from 190.93.240.0/20; @@ -84,7 +86,6 @@ http { set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 162.158.0.0/15; - set_real_ip_from 104.16.0.0/12; set_real_ip_from 172.64.0.0/13; set_real_ip_from 131.0.72.0/22; set_real_ip_from 2400:cb00::/32; diff --git a/install/debian/10/pma/pma.sh b/install/debian/10/pma/pma.sh index eb4be110..f04f3f8e 100644 --- a/install/debian/10/pma/pma.sh +++ b/install/debian/10/pma/pma.sh @@ -146,12 +146,22 @@ CREATE DATABASE $PMADB; MYSQL_PMA2 #GRANT PMA USE SOME RIGHTS +if [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then +# MariaDB mysql -uroot < VRootEngine on VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf diff --git a/install/debian/10/proftpd/tls.conf b/install/debian/10/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/10/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.sh b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.sh index cc55b61e..a2fea927 100755 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.sh +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.sh @@ -17,8 +17,8 @@ user = $1 group = $1 pm = ondemand -pm.max_children = 16 -request_terminate_timeout = 30s +pm.max_children = 8 +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 20 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -45,25 +45,31 @@ pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi write_file=0 @@ -75,14 +81,25 @@ else write_file=1 fi fi - if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi - if [ -f "/etc/php/7.3/fpm/pool.d/www.conf" ]; then rm /etc/php/7.3/fpm/pool.d/www.conf fi +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + exit 0 diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl index 9660c234..39777224 100644 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl index 892c0d1f..b6e306d7 100644 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73.sh b/install/debian/10/templates/web/apache2/PHP-FPM-73.sh index 72f9cec6..a2fea927 100755 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73.sh +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73.sh @@ -18,7 +18,7 @@ group = $1 pm = ondemand pm.max_children = 8 -request_terminate_timeout = 90s +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 30 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,25 +46,30 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi write_file=0 @@ -78,7 +83,8 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "/etc/php/7.3/fpm/pool.d/www.conf" ]; then rm /etc/php/7.3/fpm/pool.d/www.conf @@ -86,7 +92,14 @@ fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm fi exit 0 diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73.stpl b/install/debian/10/templates/web/apache2/PHP-FPM-73.stpl index 28224413..902d647a 100644 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73.stpl +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73.tpl b/install/debian/10/templates/web/apache2/PHP-FPM-73.tpl index 7bec5e73..40df2629 100644 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73.tpl +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/install/debian/10/templates/web/awstats/awstats.tpl b/install/debian/10/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/10/templates/web/awstats/awstats.tpl +++ b/install/debian/10/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/10/templates/web/nginx/caching.stpl b/install/debian/10/templates/web/nginx/caching.stpl index 868e2fe9..f5c9740f 100644 --- a/install/debian/10/templates/web/nginx/caching.stpl +++ b/install/debian/10/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/caching.tpl b/install/debian/10/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100644 --- a/install/debian/10/templates/web/nginx/caching.tpl +++ b/install/debian/10/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/force-https-legacy.stpl b/install/debian/10/templates/web/nginx/force-https-legacy.stpl index 01a4eea3..79e55a26 100644 --- a/install/debian/10/templates/web/nginx/force-https-legacy.stpl +++ b/install/debian/10/templates/web/nginx/force-https-legacy.stpl @@ -26,6 +26,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/force-https-legacy.tpl b/install/debian/10/templates/web/nginx/force-https-legacy.tpl index 851ac0dc..5a463370 100644 --- a/install/debian/10/templates/web/nginx/force-https-legacy.tpl +++ b/install/debian/10/templates/web/nginx/force-https-legacy.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/install/debian/10/templates/web/nginx/force-https-public.stpl b/install/debian/10/templates/web/nginx/force-https-public.stpl index 22951ae5..ac422df6 100644 --- a/install/debian/10/templates/web/nginx/force-https-public.stpl +++ b/install/debian/10/templates/web/nginx/force-https-public.stpl @@ -26,6 +26,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/force-https-public.tpl b/install/debian/10/templates/web/nginx/force-https-public.tpl index 851ac0dc..5a463370 100644 --- a/install/debian/10/templates/web/nginx/force-https-public.tpl +++ b/install/debian/10/templates/web/nginx/force-https-public.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/install/debian/10/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/10/templates/web/nginx/force-https-webmail-phpmyadmin.stpl index dac7adaf..7e0e71d1 100644 --- a/install/debian/10/templates/web/nginx/force-https-webmail-phpmyadmin.stpl +++ b/install/debian/10/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -50,6 +50,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/10/templates/web/nginx/force-https-webmail-phpmyadmin.tpl index 851ac0dc..5a463370 100644 --- a/install/debian/10/templates/web/nginx/force-https-webmail-phpmyadmin.tpl +++ b/install/debian/10/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/install/debian/10/templates/web/nginx/force-https.stpl b/install/debian/10/templates/web/nginx/force-https.stpl index 4a8185c8..33fab443 100644 --- a/install/debian/10/templates/web/nginx/force-https.stpl +++ b/install/debian/10/templates/web/nginx/force-https.stpl @@ -26,6 +26,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/force-https.tpl b/install/debian/10/templates/web/nginx/force-https.tpl index 851ac0dc..5a463370 100644 --- a/install/debian/10/templates/web/nginx/force-https.tpl +++ b/install/debian/10/templates/web/nginx/force-https.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/install/debian/10/templates/web/nginx/hosting-legacy.stpl b/install/debian/10/templates/web/nginx/hosting-legacy.stpl index cc0370c6..a34b4bf1 100644 --- a/install/debian/10/templates/web/nginx/hosting-legacy.stpl +++ b/install/debian/10/templates/web/nginx/hosting-legacy.stpl @@ -26,6 +26,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/hosting-legacy.tpl b/install/debian/10/templates/web/nginx/hosting-legacy.tpl index 15961c95..a41d4054 100644 --- a/install/debian/10/templates/web/nginx/hosting-legacy.tpl +++ b/install/debian/10/templates/web/nginx/hosting-legacy.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/hosting-public.stpl b/install/debian/10/templates/web/nginx/hosting-public.stpl index 22951ae5..ac422df6 100644 --- a/install/debian/10/templates/web/nginx/hosting-public.stpl +++ b/install/debian/10/templates/web/nginx/hosting-public.stpl @@ -26,6 +26,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/hosting-public.tpl b/install/debian/10/templates/web/nginx/hosting-public.tpl index 9ff417ba..f5d8b327 100644 --- a/install/debian/10/templates/web/nginx/hosting-public.tpl +++ b/install/debian/10/templates/web/nginx/hosting-public.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/10/templates/web/nginx/hosting-webmail-phpmyadmin.stpl index dac7adaf..7e0e71d1 100644 --- a/install/debian/10/templates/web/nginx/hosting-webmail-phpmyadmin.stpl +++ b/install/debian/10/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -50,6 +50,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/10/templates/web/nginx/hosting-webmail-phpmyadmin.tpl index 5f601672..f84f4781 100644 --- a/install/debian/10/templates/web/nginx/hosting-webmail-phpmyadmin.tpl +++ b/install/debian/10/templates/web/nginx/hosting-webmail-phpmyadmin.tpl @@ -47,6 +47,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/hosting.stpl b/install/debian/10/templates/web/nginx/hosting.stpl index 30fe0f74..755caadf 100644 --- a/install/debian/10/templates/web/nginx/hosting.stpl +++ b/install/debian/10/templates/web/nginx/hosting.stpl @@ -26,6 +26,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/hosting.tpl b/install/debian/10/templates/web/nginx/hosting.tpl index 262417b1..61469ad2 100644 --- a/install/debian/10/templates/web/nginx/hosting.tpl +++ b/install/debian/10/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/php-fpm/default_host.stpl b/install/debian/10/templates/web/nginx/php-fpm/default_host.stpl new file mode 100644 index 00000000..005705ce --- /dev/null +++ b/install/debian/10/templates/web/nginx/php-fpm/default_host.stpl @@ -0,0 +1,62 @@ +### +# this file directory: +# /usr/local/vesta/data/templates/web/nginx/php-fpm/default_host.stpl +# +# +### +server { + listen %ip%:%web_ssl_port% ssl http2 default_server; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + access_log off; + log_not_found off; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/10/templates/web/nginx/php-fpm/default_host.tpl b/install/debian/10/templates/web/nginx/php-fpm/default_host.tpl new file mode 100644 index 00000000..45b8476e --- /dev/null +++ b/install/debian/10/templates/web/nginx/php-fpm/default_host.tpl @@ -0,0 +1,77 @@ +# +# this file directory: /usr/local/vesta/data/templates/web/nginx/php-fpm/ +# +server { + listen %ip%:%web_port% default_server; + server_name %domain_idn% %alias_idn%; + # redirect http > httpS (www cut) + return 301 https://%domain_idn%$request_uri; + root %docroot%; + index index.php index.html; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + # запрещаем всем доступ + # access is denied to everyone + deny all; + # не засоряем лог отказом в доступе + # we do not clog the blog with access denial + access_log off; + log_not_found off; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; + + gzip on; + gzip_static on; + gzip_proxied any; + gzip_min_length 512; + gzip_buffers 16 8k; + gzip_comp_level 3; + gzip_vary on; + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; +} diff --git a/install/debian/10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/10/templates/web/nginx/php-fpm/pyrocms.stpl index 6d44f20f..d26ed9f4 100644 --- a/install/debian/10/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/debian/10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -36,7 +36,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/debian/10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/10/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/debian/10/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/debian/10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/debian/10/templates/web/nginx/private-force-https.stpl b/install/debian/10/templates/web/nginx/private-force-https.stpl index 2b4e42cc..64094fb8 100644 --- a/install/debian/10/templates/web/nginx/private-force-https.stpl +++ b/install/debian/10/templates/web/nginx/private-force-https.stpl @@ -28,6 +28,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/private-force-https.tpl b/install/debian/10/templates/web/nginx/private-force-https.tpl index 851ac0dc..5a463370 100644 --- a/install/debian/10/templates/web/nginx/private-force-https.tpl +++ b/install/debian/10/templates/web/nginx/private-force-https.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/install/debian/10/templates/web/nginx/private-hosting.sh b/install/debian/10/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/10/templates/web/nginx/private-hosting.sh +++ b/install/debian/10/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/10/templates/web/nginx/private-hosting.stpl b/install/debian/10/templates/web/nginx/private-hosting.stpl index 60b23c55..fd9471bd 100644 --- a/install/debian/10/templates/web/nginx/private-hosting.stpl +++ b/install/debian/10/templates/web/nginx/private-hosting.stpl @@ -28,6 +28,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/10/templates/web/nginx/private-hosting.tpl b/install/debian/10/templates/web/nginx/private-hosting.tpl index da70045f..a8ee840e 100644 --- a/install/debian/10/templates/web/nginx/private-hosting.tpl +++ b/install/debian/10/templates/web/nginx/private-hosting.tpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/11/apache2/apache2.conf b/install/debian/11/apache2/apache2.conf new file mode 100644 index 00000000..2be3e50d --- /dev/null +++ b/install/debian/11/apache2/apache2.conf @@ -0,0 +1,95 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 900 +ProxyTimeout 900 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/debian/11/apache2/status.conf b/install/debian/11/apache2/status.conf new file mode 100644 index 00000000..0d82a356 --- /dev/null +++ b/install/debian/11/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + # Allow from all + diff --git a/install/debian/11/bind/named.conf b/install/debian/11/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/debian/11/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/debian/11/clamav/clamd.conf b/install/debian/11/clamav/clamd.conf new file mode 100644 index 00000000..c636b6d3 --- /dev/null +++ b/install/debian/11/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean true +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 2M +MaxFileSize 2M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/debian/11/deb_signing.key b/install/debian/11/deb_signing.key new file mode 100644 index 00000000..d279abbd --- /dev/null +++ b/install/debian/11/deb_signing.key @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/11/dovecot/conf.d/10-auth.conf b/install/debian/11/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/debian/11/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/debian/11/dovecot/conf.d/10-logging.conf b/install/debian/11/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/debian/11/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/debian/11/dovecot/conf.d/10-mail.conf b/install/debian/11/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/debian/11/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/debian/11/dovecot/conf.d/10-master.conf b/install/debian/11/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/debian/11/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/debian/11/dovecot/conf.d/10-ssl.conf b/install/debian/11/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..3aaff6ee --- /dev/null +++ b/install/debian/11/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + mail_max_userip_connections = 50 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/debian/11/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/11/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/debian/11/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/debian/11/dovecot/dovecot.conf b/install/debian/11/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/debian/11/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/debian/11/exim/deny_senders b/install/debian/11/exim/deny_senders new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/install/debian/11/exim/deny_senders @@ -0,0 +1 @@ + diff --git a/install/debian/11/exim/dnsbl.conf b/install/debian/11/exim/dnsbl.conf new file mode 100644 index 00000000..279bafcd --- /dev/null +++ b/install/debian/11/exim/dnsbl.conf @@ -0,0 +1 @@ +bl.spamcop.net diff --git a/install/debian/11/exim/exim4.conf.template b/install/debian/11/exim/exim4.conf.template new file mode 100644 index 00000000..3f09a2e8 --- /dev/null +++ b/install/debian/11/exim/exim4.conf.template @@ -0,0 +1,418 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +recipients_max = 15 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Web site is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period + ratelimit = 40 / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period + ratelimit = 40 / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/11/exim/exim4.conf.template-RC b/install/debian/11/exim/exim4.conf.template-RC new file mode 100644 index 00000000..82b97d4e --- /dev/null +++ b/install/debian/11/exim/exim4.conf.template-RC @@ -0,0 +1,449 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt +tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/11/exim/spam-blocks.conf b/install/debian/11/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/debian/11/fail2ban/action.d/vesta.conf b/install/debian/11/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/debian/11/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/debian/11/fail2ban/filter.d/vesta.conf b/install/debian/11/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..36ec1001 --- /dev/null +++ b/install/debian/11/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccessful Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/debian/11/fail2ban/jail.local b/install/debian/11/fail2ban/jail.local new file mode 100644 index 00000000..eccea068 --- /dev/null +++ b/install/debian/11/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/11/firewall/ports.conf b/install/debian/11/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/11/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/11/firewall/rules.conf b/install/debian/11/firewall/rules.conf new file mode 100644 index 00000000..6da5a1c4 --- /dev/null +++ b/install/debian/11/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='yes' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/debian/11/logrotate/apache2 b/install/debian/11/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/debian/11/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/debian/11/logrotate/dovecot b/install/debian/11/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/debian/11/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/debian/11/logrotate/nginx b/install/debian/11/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/debian/11/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/debian/11/logrotate/vesta b/install/debian/11/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/debian/11/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/debian/11/mysql/my-large.cnf b/install/debian/11/mysql/my-large.cnf new file mode 100644 index 00000000..b056c316 --- /dev/null +++ b/install/debian/11/mysql/my-large.cnf @@ -0,0 +1,51 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/11/mysql/my-medium.cnf b/install/debian/11/mysql/my-medium.cnf new file mode 100644 index 00000000..33aa04c2 --- /dev/null +++ b/install/debian/11/mysql/my-medium.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/11/mysql/my-small.cnf b/install/debian/11/mysql/my-small.cnf new file mode 100644 index 00000000..857f48ce --- /dev/null +++ b/install/debian/11/mysql/my-small.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/11/nginx/nginx.conf b/install/debian/11/nginx/nginx.conf new file mode 100644 index 00000000..6d5e36ba --- /dev/null +++ b/install/debian/11/nginx/nginx.conf @@ -0,0 +1,140 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +timer_resolution 50ms; #In order to free some CPU cycles +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 2400:cb00::/32; + set_real_ip_from 2606:4700::/32; + set_real_ip_from 2803:f800::/32; + set_real_ip_from 2405:b500::/32; + set_real_ip_from 2405:8100::/32; + set_real_ip_from 2a06:98c0::/29; + set_real_ip_from 2c0f:f248::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/debian/11/nginx/phpmyadmin.inc b/install/debian/11/nginx/phpmyadmin.inc new file mode 100644 index 00000000..cdfc93c4 --- /dev/null +++ b/install/debian/11/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/debian/11/nginx/phppgadmin.inc b/install/debian/11/nginx/phppgadmin.inc new file mode 100644 index 00000000..47cfcf4e --- /dev/null +++ b/install/debian/11/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/11/nginx/status.conf b/install/debian/11/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/debian/11/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/debian/11/nginx/webmail.inc b/install/debian/11/nginx/webmail.inc new file mode 100644 index 00000000..768c9049 --- /dev/null +++ b/install/debian/11/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/11/packages/default.pkg b/install/debian/11/packages/default.pkg new file mode 100644 index 00000000..45a34c96 --- /dev/null +++ b/install/debian/11/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='PHP-FPM-74' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='unlimited' +WEB_ALIASES='unlimited' +DNS_DOMAINS='unlimited' +DNS_RECORDS='unlimited' +MAIL_DOMAINS='unlimited' +MAIL_ACCOUNTS='unlimited' +DATABASES='unlimited' +CRON_JOBS='unlimited' +DISK_QUOTA='unlimited' +BANDWIDTH='unlimited' +NS='YOURHOSTNAME1,YOURHOSTNAME2' +SHELL='nologin' +BACKUPS='2' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/debian/11/pga/config.inc.php b/install/debian/11/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/debian/11/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/debian/11/pga/phppgadmin.conf b/install/debian/11/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/debian/11/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/debian/11/php-fpm/www.conf b/install/debian/11/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/debian/11/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/debian/11/php/php7.3-dedi.patch b/install/debian/11/php/php7.3-dedi.patch new file mode 100644 index 00000000..c044e002 --- /dev/null +++ b/install/debian/11/php/php7.3-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/11/php/php7.3-vps.patch b/install/debian/11/php/php7.3-vps.patch new file mode 100644 index 00000000..803b93e8 --- /dev/null +++ b/install/debian/11/php/php7.3-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/11/php/php7.4-dedi.patch b/install/debian/11/php/php7.4-dedi.patch new file mode 100644 index 00000000..3e5bd2fb --- /dev/null +++ b/install/debian/11/php/php7.4-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:25:15.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/11/php/php7.4-vps.patch b/install/debian/11/php/php7.4-vps.patch new file mode 100644 index 00000000..7c52d402 --- /dev/null +++ b/install/debian/11/php/php7.4-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:24:26.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/11/pma/apache.conf b/install/debian/11/pma/apache.conf new file mode 100644 index 00000000..2a8f69e2 --- /dev/null +++ b/install/debian/11/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/debian/11/pma/config.inc.php b/install/debian/11/pma/config.inc.php new file mode 100644 index 00000000..eafc6d67 --- /dev/null +++ b/install/debian/11/pma/config.inc.php @@ -0,0 +1,146 @@ +> $pmapath1 +sed -i '/savedsearches/d' $pmapath1 +sed -i '/navigationhiding/d' $pmapath1 +sed -i '/users/d' $pmapath1 +sed -i '/controlpass/d' $pmapath1 +sed -i '/favorite/d' $pmapath1 +sed -i '/usergroups/d' $pmapath1 +sed -i '/central_columns/d' $pmapath1 +sed -i '/designer_settings/d' $pmapath1 +sed -i '/export_templates/d' $pmapath1 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1 + +sed -i '/pmadb/d' $pmapath2 +sed -i '/controluser/d' $pmapath2 +sed -i '/bookmarktable/d' $pmapath2 +sed -i '/relation/d' $pmapath2 +sed -i '/userconfig/d' $pmapath2 +sed -i '/table_info/d' $pmapath2 +sed -i '/column_info/d' $pmapath2 +sed -i '/history/d' $pmapath2 +sed -i '/recent/d' $pmapath2 +sed -i '/table_uiprefs/d' $pmapath2 +sed -i '/tracking/d' $pmapath2 +sed -i '/table_coords/d' $pmapath2 +sed -i '/pdf_pages/d' $pmapath2 +sed -i '/designer_coords/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/savedsearches/d' $pmapath2 +sed -i '/navigationhiding/d' $pmapath2 +sed -i '/users/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/favorite/d' $pmapath2 +sed -i '/usergroups/d' $pmapath2 +sed -i '/central_columns/d' $pmapath2 +sed -i '/designer_settings/d' $pmapath2 +sed -i '/export_templates/d' $pmapath2 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2 + +#SOME WORK with DATABASE (table / user) +PMADB=phpmyadmin +PMAUSER=pma + +#DROP USER and TABLE +mysql -uroot < + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 100 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 +TransferLog /var/log/proftpd/xferlog +SystemLog /var/log/proftpd/proftpd.log + + + Umask 002 + + IdentLookups off + + AllowOverwrite yes + + AllowAll + + diff --git a/install/debian/11/proftpd/tls.conf b/install/debian/11/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/11/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/11/roundcube/apache.conf b/install/debian/11/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/debian/11/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/debian/11/roundcube/config.inc.php b/install/debian/11/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/debian/11/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/debian/11/roundcube/main.inc.php b/install/debian/11/roundcube/main.inc.php new file mode 100644 index 00000000..91f32000 --- /dev/null +++ b/install/debian/11/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = true; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'elastic'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/debian/11/roundcube/vesta.php b/install/debian/11/roundcube/vesta.php new file mode 100644 index 00000000..b3dd167f --- /dev/null +++ b/install/debian/11/roundcube/vesta.php @@ -0,0 +1,73 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/debian/11/sudo/admin b/install/debian/11/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/debian/11/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/11/templates/dns/child-ns.tpl b/install/debian/11/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/debian/11/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/11/templates/dns/default.tpl b/install/debian/11/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/debian/11/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/11/templates/dns/gmail.tpl b/install/debian/11/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/debian/11/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/11/templates/dns/office365.tpl b/install/debian/11/templates/dns/office365.tpl new file mode 100644 index 00000000..dcf556e1 --- /dev/null +++ b/install/debian/11/templates/dns/office365.tpl @@ -0,0 +1,22 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:spf.protection.outlook.com -all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='XXXXXXX.mail.protection.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"MS=msXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='autodiscover' TYPE='CNAME' PRIORITY='' VALUE='autodiscover.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='sip' TYPE='CNAME' PRIORITY='' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='lyncdiscover' TYPE='CNAME' PRIORITY='' VALUE='webdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='enterpriseregistration' TYPE='CNAME' PRIORITY='' VALUE='enterpriseregistration.windows.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='enterpriseenrollment' TYPE='CNAME' PRIORITY='' VALUE='enterpriseenrollment.manage.microsoft.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='_sip._tls' TYPE='SRV' PRIORITY='100 1 443' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='22' RECORD='_sipfederationtls._tcp' TYPE='SRV' PRIORITY='100 1 5061' VALUE='sipfed.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/11/templates/dns/yandex.tpl b/install/debian/11/templates/dns/yandex.tpl new file mode 100644 index 00000000..4ce768fe --- /dev/null +++ b/install/debian/11/templates/dns/yandex.tpl @@ -0,0 +1,16 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='domain.mail.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mx.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.yandex.net ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"yandex-verification: XXXXXXXXXXXXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74-public.sh b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.sh new file mode 100755 index 00000000..e72bb003 --- /dev/null +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.sh @@ -0,0 +1,105 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php7.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_74" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_74) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi +if [ -f "/etc/php/7.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/7.4/fpm/pool.d/www.conf +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +exit 0 diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74-public.stpl b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.stpl new file mode 100644 index 00000000..739cb48d --- /dev/null +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% +# +# RMode config +# RUidGid %user% %group% +# RGroups www-data +# +# +# AssignUserID %user% %group% +# + + + SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74-public.tpl b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.tpl new file mode 100644 index 00000000..f31ed5a8 --- /dev/null +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + +# +# RMode config +# RUidGid %user% %group% +# RGroups www-data +# +# +# AssignUserID %user% %group% +# + + + SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74.sh b/install/debian/11/templates/web/apache2/PHP-FPM-74.sh new file mode 100755 index 00000000..e72bb003 --- /dev/null +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74.sh @@ -0,0 +1,105 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php7.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_74" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_74) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi +if [ -f "/etc/php/7.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/7.4/fpm/pool.d/www.conf +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +exit 0 diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74.stpl b/install/debian/11/templates/web/apache2/PHP-FPM-74.stpl new file mode 100644 index 00000000..fbc1d9c6 --- /dev/null +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% +# +# RMode config +# RUidGid %user% %group% +# RGroups www-data +# +# +# AssignUserID %user% %group% +# + + + SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74.tpl b/install/debian/11/templates/web/apache2/PHP-FPM-74.tpl new file mode 100644 index 00000000..aaf8f62c --- /dev/null +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + +# +# RMode config +# RUidGid %user% %group% +# RGroups www-data +# +# +# AssignUserID %user% %group% +# + + + SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/11/templates/web/awstats/awstats.tpl b/install/debian/11/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..6bb51c50 --- /dev/null +++ b/install/debian/11/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1" +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/debian/11/templates/web/awstats/index.tpl b/install/debian/11/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/debian/11/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/debian/11/templates/web/awstats/nav.tpl b/install/debian/11/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/debian/11/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/debian/11/templates/web/nginx/caching.sh b/install/debian/11/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/debian/11/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/debian/11/templates/web/nginx/caching.stpl b/install/debian/11/templates/web/nginx/caching.stpl new file mode 100644 index 00000000..f5c9740f --- /dev/null +++ b/install/debian/11/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/caching.tpl b/install/debian/11/templates/web/nginx/caching.tpl new file mode 100644 index 00000000..73de28d5 --- /dev/null +++ b/install/debian/11/templates/web/nginx/caching.tpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/force-https-legacy.stpl b/install/debian/11/templates/web/nginx/force-https-legacy.stpl new file mode 100644 index 00000000..79e55a26 --- /dev/null +++ b/install/debian/11/templates/web/nginx/force-https-legacy.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/force-https-legacy.tpl b/install/debian/11/templates/web/nginx/force-https-legacy.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/11/templates/web/nginx/force-https-legacy.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/11/templates/web/nginx/force-https-public.stpl b/install/debian/11/templates/web/nginx/force-https-public.stpl new file mode 100644 index 00000000..ac422df6 --- /dev/null +++ b/install/debian/11/templates/web/nginx/force-https-public.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/force-https-public.tpl b/install/debian/11/templates/web/nginx/force-https-public.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/11/templates/web/nginx/force-https-public.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/11/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/11/templates/web/nginx/force-https-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..7e0e71d1 --- /dev/null +++ b/install/debian/11/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/11/templates/web/nginx/force-https-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/11/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/11/templates/web/nginx/force-https.stpl b/install/debian/11/templates/web/nginx/force-https.stpl new file mode 100644 index 00000000..33fab443 --- /dev/null +++ b/install/debian/11/templates/web/nginx/force-https.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/force-https.tpl b/install/debian/11/templates/web/nginx/force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/11/templates/web/nginx/force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/11/templates/web/nginx/hosting-legacy.sh b/install/debian/11/templates/web/nginx/hosting-legacy.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting-legacy.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/11/templates/web/nginx/hosting-legacy.stpl b/install/debian/11/templates/web/nginx/hosting-legacy.stpl new file mode 100644 index 00000000..a34b4bf1 --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting-legacy.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/hosting-legacy.tpl b/install/debian/11/templates/web/nginx/hosting-legacy.tpl new file mode 100644 index 00000000..a41d4054 --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting-legacy.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/hosting-public.stpl b/install/debian/11/templates/web/nginx/hosting-public.stpl new file mode 100644 index 00000000..ac422df6 --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting-public.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/hosting-public.tpl b/install/debian/11/templates/web/nginx/hosting-public.tpl new file mode 100644 index 00000000..f5d8b327 --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting-public.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/11/templates/web/nginx/hosting-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..7e0e71d1 --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/11/templates/web/nginx/hosting-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..f84f4781 --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting-webmail-phpmyadmin.tpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/hosting.sh b/install/debian/11/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/11/templates/web/nginx/hosting.stpl b/install/debian/11/templates/web/nginx/hosting.stpl new file mode 100644 index 00000000..755caadf --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/hosting.tpl b/install/debian/11/templates/web/nginx/hosting.tpl new file mode 100644 index 00000000..61469ad2 --- /dev/null +++ b/install/debian/11/templates/web/nginx/hosting.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/debian/11/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..cf8fad56 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/debian/11/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/debian/11/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..5931f617 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/debian/11/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/debian/11/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..3c2793d1 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/debian/11/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/debian/11/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..bb9a727b --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/debian/11/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/default.stpl b/install/debian/11/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/default.tpl b/install/debian/11/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/debian/11/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..a7564705 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/debian/11/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/11/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6e67a4e0 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/11/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..d1096bff --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/11/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/11/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/11/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/11/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/joomla.stpl b/install/debian/11/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..d4f96ee3 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/joomla.tpl b/install/debian/11/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/laravel.stpl b/install/debian/11/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..db0b4dde --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/laravel.tpl b/install/debian/11/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/magento.stpl b/install/debian/11/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..f8ac30c9 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/magento.tpl b/install/debian/11/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/modx.stpl b/install/debian/11/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..420aeb9e --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/modx.tpl b/install/debian/11/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/moodle.stpl b/install/debian/11/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..8594ec94 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/moodle.tpl b/install/debian/11/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/no-php.stpl b/install/debian/11/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..4bb50383 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/no-php.tpl b/install/debian/11/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/odoo.stpl b/install/debian/11/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..e28afcfc --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/odoo.tpl b/install/debian/11/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/opencart.stpl b/install/debian/11/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..52706d21 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/opencart.tpl b/install/debian/11/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/owncloud.stpl b/install/debian/11/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..1b803f97 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/owncloud.tpl b/install/debian/11/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/piwik.stpl b/install/debian/11/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..1b299343 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/piwik.tpl b/install/debian/11/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/11/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..d26ed9f4 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/11/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..b92861b0 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/11/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/sendy.tpl b/install/debian/11/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/wordpress.stpl b/install/debian/11/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/wordpress.tpl b/install/debian/11/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/wordpress2.stpl b/install/debian/11/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..01dfee5b --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/wordpress2.tpl b/install/debian/11/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/11/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..a5fc46fb --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/debian/11/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/debian/11/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/private-force-https.stpl b/install/debian/11/templates/web/nginx/private-force-https.stpl new file mode 100644 index 00000000..64094fb8 --- /dev/null +++ b/install/debian/11/templates/web/nginx/private-force-https.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/11/templates/web/nginx/private-force-https.tpl b/install/debian/11/templates/web/nginx/private-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/11/templates/web/nginx/private-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/11/templates/web/nginx/private-hosting.sh b/install/debian/11/templates/web/nginx/private-hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/11/templates/web/nginx/private-hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/11/templates/web/nginx/private-hosting.stpl b/install/debian/11/templates/web/nginx/private-hosting.stpl new file mode 100644 index 00000000..fd9471bd --- /dev/null +++ b/install/debian/11/templates/web/nginx/private-hosting.stpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/private-hosting.tpl b/install/debian/11/templates/web/nginx/private-hosting.tpl new file mode 100644 index 00000000..a8ee840e --- /dev/null +++ b/install/debian/11/templates/web/nginx/private-hosting.tpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/11/templates/web/nginx/proxy_ip.tpl b/install/debian/11/templates/web/nginx/proxy_ip.tpl new file mode 100644 index 00000000..ae195617 --- /dev/null +++ b/install/debian/11/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/debian/11/templates/web/php-fpm/default.tpl b/install/debian/11/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/debian/11/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/11/templates/web/php-fpm/no-php.tpl b/install/debian/11/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/debian/11/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/debian/11/templates/web/php-fpm/socket.tpl b/install/debian/11/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/debian/11/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/11/templates/web/skel/document_errors/403.html b/install/debian/11/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/debian/11/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/debian/11/templates/web/skel/document_errors/404.html b/install/debian/11/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/debian/11/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/debian/11/templates/web/skel/document_errors/50x.html b/install/debian/11/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/debian/11/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/debian/11/templates/web/skel/public_html/index.html b/install/debian/11/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/11/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/11/templates/web/skel/public_html/robots.txt b/install/debian/11/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/11/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/11/templates/web/skel/public_shtml/index.html b/install/debian/11/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/11/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/11/templates/web/skel/public_shtml/robots.txt b/install/debian/11/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/11/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/11/templates/web/suspend/.htaccess b/install/debian/11/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/debian/11/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/debian/11/templates/web/suspend/index.html b/install/debian/11/templates/web/suspend/index.html new file mode 100755 index 00000000..3815354d --- /dev/null +++ b/install/debian/11/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

Temporary under construction

+

This website is temporary under construction.

+
+ We will back again soon. +
+ + diff --git a/install/debian/11/templates/web/webalizer/webalizer.tpl b/install/debian/11/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/debian/11/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/debian/11/vsftpd/vsftpd.conf b/install/debian/11/vsftpd/vsftpd.conf new file mode 100644 index 00000000..1ca1a992 --- /dev/null +++ b/install/debian/11/vsftpd/vsftpd.conf @@ -0,0 +1,26 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 +use_localtime=YES diff --git a/install/debian/12/apache2/apache2.conf b/install/debian/12/apache2/apache2.conf new file mode 100644 index 00000000..2be3e50d --- /dev/null +++ b/install/debian/12/apache2/apache2.conf @@ -0,0 +1,95 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 900 +ProxyTimeout 900 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/debian/12/apache2/status.conf b/install/debian/12/apache2/status.conf new file mode 100644 index 00000000..0d82a356 --- /dev/null +++ b/install/debian/12/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + # Allow from all + diff --git a/install/debian/12/bind/named.conf b/install/debian/12/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/debian/12/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/debian/12/clamav/clamd.conf b/install/debian/12/clamav/clamd.conf new file mode 100644 index 00000000..c636b6d3 --- /dev/null +++ b/install/debian/12/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean true +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 2M +MaxFileSize 2M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/debian/12/deb_signing.key b/install/debian/12/deb_signing.key new file mode 100644 index 00000000..d279abbd --- /dev/null +++ b/install/debian/12/deb_signing.key @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/12/dovecot/conf.d/10-auth.conf b/install/debian/12/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/debian/12/dovecot/conf.d/10-logging.conf b/install/debian/12/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/debian/12/dovecot/conf.d/10-mail.conf b/install/debian/12/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/debian/12/dovecot/conf.d/10-master.conf b/install/debian/12/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/debian/12/dovecot/conf.d/10-ssl.conf b/install/debian/12/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..3aaff6ee --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + mail_max_userip_connections = 50 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/debian/12/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/12/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/debian/12/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/debian/12/dovecot/dovecot.conf b/install/debian/12/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/debian/12/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/debian/12/exim/deny_senders b/install/debian/12/exim/deny_senders new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/install/debian/12/exim/deny_senders @@ -0,0 +1 @@ + diff --git a/install/debian/12/exim/dnsbl.conf b/install/debian/12/exim/dnsbl.conf new file mode 100644 index 00000000..279bafcd --- /dev/null +++ b/install/debian/12/exim/dnsbl.conf @@ -0,0 +1 @@ +bl.spamcop.net diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template new file mode 100644 index 00000000..15264797 --- /dev/null +++ b/install/debian/12/exim/exim4.conf.template @@ -0,0 +1,487 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are converted to SRS, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look converted to SRS but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +remote_forwarded_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/12/exim/exim4.conf.template.without-srs b/install/debian/12/exim/exim4.conf.template.without-srs new file mode 100644 index 00000000..78eda468 --- /dev/null +++ b/install/debian/12/exim/exim4.conf.template.without-srs @@ -0,0 +1,451 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/12/exim/spam-blocks.conf b/install/debian/12/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/debian/12/fail2ban/action.d/vesta.conf b/install/debian/12/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/debian/12/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/debian/12/fail2ban/filter.d/vesta.conf b/install/debian/12/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..36ec1001 --- /dev/null +++ b/install/debian/12/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccessful Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/debian/12/fail2ban/jail.local b/install/debian/12/fail2ban/jail.local new file mode 100644 index 00000000..eccea068 --- /dev/null +++ b/install/debian/12/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/12/firewall/ports.conf b/install/debian/12/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/12/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/12/firewall/rules.conf b/install/debian/12/firewall/rules.conf new file mode 100644 index 00000000..6da5a1c4 --- /dev/null +++ b/install/debian/12/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='yes' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/debian/12/logrotate/apache2 b/install/debian/12/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/debian/12/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/debian/12/logrotate/dovecot b/install/debian/12/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/debian/12/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/debian/12/logrotate/nginx b/install/debian/12/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/debian/12/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/debian/12/logrotate/vesta b/install/debian/12/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/debian/12/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/debian/12/mysql/my-large.cnf b/install/debian/12/mysql/my-large.cnf new file mode 100644 index 00000000..b056c316 --- /dev/null +++ b/install/debian/12/mysql/my-large.cnf @@ -0,0 +1,51 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/12/mysql/my-medium.cnf b/install/debian/12/mysql/my-medium.cnf new file mode 100644 index 00000000..33aa04c2 --- /dev/null +++ b/install/debian/12/mysql/my-medium.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/12/mysql/my-small.cnf b/install/debian/12/mysql/my-small.cnf new file mode 100644 index 00000000..857f48ce --- /dev/null +++ b/install/debian/12/mysql/my-small.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/12/nginx/nginx.conf b/install/debian/12/nginx/nginx.conf new file mode 100644 index 00000000..6efe2337 --- /dev/null +++ b/install/debian/12/nginx/nginx.conf @@ -0,0 +1,140 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +timer_resolution 50ms; #In order to free some CPU cycles +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 2400:cb00::/32; + set_real_ip_from 2606:4700::/32; + set_real_ip_from 2803:f800::/32; + set_real_ip_from 2405:b500::/32; + set_real_ip_from 2405:8100::/32; + set_real_ip_from 2a06:98c0::/29; + set_real_ip_from 2c0f:f248::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/debian/12/nginx/phpmyadmin.inc b/install/debian/12/nginx/phpmyadmin.inc new file mode 100644 index 00000000..cdfc93c4 --- /dev/null +++ b/install/debian/12/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/debian/12/nginx/phppgadmin.inc b/install/debian/12/nginx/phppgadmin.inc new file mode 100644 index 00000000..47cfcf4e --- /dev/null +++ b/install/debian/12/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/12/nginx/status.conf b/install/debian/12/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/debian/12/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/debian/12/nginx/webmail.inc b/install/debian/12/nginx/webmail.inc new file mode 100644 index 00000000..768c9049 --- /dev/null +++ b/install/debian/12/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/12/packages/default.pkg b/install/debian/12/packages/default.pkg new file mode 100644 index 00000000..cd1cbba1 --- /dev/null +++ b/install/debian/12/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='PHP-FPM-82' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='unlimited' +WEB_ALIASES='unlimited' +DNS_DOMAINS='unlimited' +DNS_RECORDS='unlimited' +MAIL_DOMAINS='unlimited' +MAIL_ACCOUNTS='unlimited' +DATABASES='unlimited' +CRON_JOBS='unlimited' +DISK_QUOTA='unlimited' +BANDWIDTH='unlimited' +NS='YOURHOSTNAME1,YOURHOSTNAME2' +SHELL='nologin' +BACKUPS='2' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/debian/12/pga/config.inc.php b/install/debian/12/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/debian/12/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/debian/12/pga/phppgadmin.conf b/install/debian/12/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/debian/12/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/debian/12/php-fpm/www.conf b/install/debian/12/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/debian/12/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/debian/12/php/php7.3-dedi.patch b/install/debian/12/php/php7.3-dedi.patch new file mode 100644 index 00000000..c044e002 --- /dev/null +++ b/install/debian/12/php/php7.3-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/12/php/php7.3-vps.patch b/install/debian/12/php/php7.3-vps.patch new file mode 100644 index 00000000..803b93e8 --- /dev/null +++ b/install/debian/12/php/php7.3-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/12/php/php7.4-dedi.patch b/install/debian/12/php/php7.4-dedi.patch new file mode 100644 index 00000000..3e5bd2fb --- /dev/null +++ b/install/debian/12/php/php7.4-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:25:15.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/12/php/php7.4-vps.patch b/install/debian/12/php/php7.4-vps.patch new file mode 100644 index 00000000..7c52d402 --- /dev/null +++ b/install/debian/12/php/php7.4-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:24:26.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/12/pma/apache.conf b/install/debian/12/pma/apache.conf new file mode 100644 index 00000000..2a8f69e2 --- /dev/null +++ b/install/debian/12/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/debian/12/pma/config.inc.php b/install/debian/12/pma/config.inc.php new file mode 100644 index 00000000..eafc6d67 --- /dev/null +++ b/install/debian/12/pma/config.inc.php @@ -0,0 +1,146 @@ +> $pmapath1 +sed -i '/savedsearches/d' $pmapath1 +sed -i '/navigationhiding/d' $pmapath1 +sed -i '/users/d' $pmapath1 +sed -i '/controlpass/d' $pmapath1 +sed -i '/favorite/d' $pmapath1 +sed -i '/usergroups/d' $pmapath1 +sed -i '/central_columns/d' $pmapath1 +sed -i '/designer_settings/d' $pmapath1 +sed -i '/export_templates/d' $pmapath1 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1 + +sed -i '/pmadb/d' $pmapath2 +sed -i '/controluser/d' $pmapath2 +sed -i '/bookmarktable/d' $pmapath2 +sed -i '/relation/d' $pmapath2 +sed -i '/userconfig/d' $pmapath2 +sed -i '/table_info/d' $pmapath2 +sed -i '/column_info/d' $pmapath2 +sed -i '/history/d' $pmapath2 +sed -i '/recent/d' $pmapath2 +sed -i '/table_uiprefs/d' $pmapath2 +sed -i '/tracking/d' $pmapath2 +sed -i '/table_coords/d' $pmapath2 +sed -i '/pdf_pages/d' $pmapath2 +sed -i '/designer_coords/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/savedsearches/d' $pmapath2 +sed -i '/navigationhiding/d' $pmapath2 +sed -i '/users/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/favorite/d' $pmapath2 +sed -i '/usergroups/d' $pmapath2 +sed -i '/central_columns/d' $pmapath2 +sed -i '/designer_settings/d' $pmapath2 +sed -i '/export_templates/d' $pmapath2 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2 + +#SOME WORK with DATABASE (table / user) +PMADB=phpmyadmin +PMAUSER=pma + +#DROP USER and TABLE +mysql -uroot < + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 100 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 +TransferLog /var/log/proftpd/xferlog +SystemLog /var/log/proftpd/proftpd.log + + + Umask 002 + + IdentLookups off + + AllowOverwrite yes + + AllowAll + + diff --git a/install/debian/12/proftpd/tls.conf b/install/debian/12/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/12/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/12/roundcube/apache.conf b/install/debian/12/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/debian/12/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/debian/12/roundcube/config.inc.php b/install/debian/12/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/debian/12/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/debian/12/roundcube/main.inc.php b/install/debian/12/roundcube/main.inc.php new file mode 100644 index 00000000..91f32000 --- /dev/null +++ b/install/debian/12/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = true; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'elastic'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/debian/12/roundcube/vesta.php b/install/debian/12/roundcube/vesta.php new file mode 100644 index 00000000..b3dd167f --- /dev/null +++ b/install/debian/12/roundcube/vesta.php @@ -0,0 +1,73 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/debian/12/sudo/admin b/install/debian/12/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/debian/12/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/12/templates/dns/child-ns.tpl b/install/debian/12/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/debian/12/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/dns/default.tpl b/install/debian/12/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/debian/12/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/dns/gmail.tpl b/install/debian/12/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/debian/12/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/dns/office365.tpl b/install/debian/12/templates/dns/office365.tpl new file mode 100644 index 00000000..dcf556e1 --- /dev/null +++ b/install/debian/12/templates/dns/office365.tpl @@ -0,0 +1,22 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:spf.protection.outlook.com -all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='XXXXXXX.mail.protection.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"MS=msXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='autodiscover' TYPE='CNAME' PRIORITY='' VALUE='autodiscover.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='sip' TYPE='CNAME' PRIORITY='' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='lyncdiscover' TYPE='CNAME' PRIORITY='' VALUE='webdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='enterpriseregistration' TYPE='CNAME' PRIORITY='' VALUE='enterpriseregistration.windows.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='enterpriseenrollment' TYPE='CNAME' PRIORITY='' VALUE='enterpriseenrollment.manage.microsoft.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='_sip._tls' TYPE='SRV' PRIORITY='100 1 443' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='22' RECORD='_sipfederationtls._tcp' TYPE='SRV' PRIORITY='100 1 5061' VALUE='sipfed.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/dns/yandex.tpl b/install/debian/12/templates/dns/yandex.tpl new file mode 100644 index 00000000..4ce768fe --- /dev/null +++ b/install/debian/12/templates/dns/yandex.tpl @@ -0,0 +1,16 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='domain.mail.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mx.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.yandex.net ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"yandex-verification: XXXXXXXXXXXXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh new file mode 100755 index 00000000..a4deb752 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.2-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_82" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_82) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi +if [ -f "/etc/php/8.2/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.2/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl new file mode 100644 index 00000000..809e7f33 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl new file mode 100644 index 00000000..679d1409 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82.sh b/install/debian/12/templates/web/apache2/PHP-FPM-82.sh new file mode 100755 index 00000000..a4deb752 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.2-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_82" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_82) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi +if [ -f "/etc/php/8.2/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.2/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82.stpl b/install/debian/12/templates/web/apache2/PHP-FPM-82.stpl new file mode 100644 index 00000000..e0d04794 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82.tpl b/install/debian/12/templates/web/apache2/PHP-FPM-82.tpl new file mode 100644 index 00000000..eba95935 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/12/templates/web/awstats/awstats.tpl b/install/debian/12/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..6bb51c50 --- /dev/null +++ b/install/debian/12/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1" +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/debian/12/templates/web/awstats/index.tpl b/install/debian/12/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/debian/12/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/debian/12/templates/web/awstats/nav.tpl b/install/debian/12/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/debian/12/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/debian/12/templates/web/nginx/caching.sh b/install/debian/12/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/debian/12/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/debian/12/templates/web/nginx/caching.stpl b/install/debian/12/templates/web/nginx/caching.stpl new file mode 100644 index 00000000..f5c9740f --- /dev/null +++ b/install/debian/12/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/caching.tpl b/install/debian/12/templates/web/nginx/caching.tpl new file mode 100644 index 00000000..73de28d5 --- /dev/null +++ b/install/debian/12/templates/web/nginx/caching.tpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl new file mode 100644 index 00000000..8e636db3 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.tpl b/install/debian/12/templates/web/nginx/force-https-legacy.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-legacy.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/force-https-public.stpl b/install/debian/12/templates/web/nginx/force-https-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/force-https-public.tpl b/install/debian/12/templates/web/nginx/force-https-public.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-public.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/force-https.stpl b/install/debian/12/templates/web/nginx/force-https.stpl new file mode 100644 index 00000000..55f41002 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/force-https.tpl b/install/debian/12/templates/web/nginx/force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.sh b/install/debian/12/templates/web/nginx/hosting-legacy.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-legacy.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.stpl b/install/debian/12/templates/web/nginx/hosting-legacy.stpl new file mode 100644 index 00000000..efdd3b87 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.tpl b/install/debian/12/templates/web/nginx/hosting-legacy.tpl new file mode 100644 index 00000000..a41d4054 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-legacy.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-public.stpl b/install/debian/12/templates/web/nginx/hosting-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-public.tpl b/install/debian/12/templates/web/nginx/hosting-public.tpl new file mode 100644 index 00000000..f5d8b327 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-public.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..f84f4781 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.tpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting.sh b/install/debian/12/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/hosting.stpl b/install/debian/12/templates/web/nginx/hosting.stpl new file mode 100644 index 00000000..5745311e --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting.tpl b/install/debian/12/templates/web/nginx/hosting.tpl new file mode 100644 index 00000000..61469ad2 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..cf8fad56 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..5931f617 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..3c2793d1 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..bb9a727b --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/default.stpl b/install/debian/12/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/default.tpl b/install/debian/12/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..a7564705 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/12/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6e67a4e0 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/12/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..d1096bff --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/12/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/12/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/12/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/12/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/joomla.stpl b/install/debian/12/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..d4f96ee3 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/joomla.tpl b/install/debian/12/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/laravel.stpl b/install/debian/12/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..db0b4dde --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/laravel.tpl b/install/debian/12/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/magento.stpl b/install/debian/12/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..f8ac30c9 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/magento.tpl b/install/debian/12/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/modx.stpl b/install/debian/12/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..420aeb9e --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/modx.tpl b/install/debian/12/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/moodle.stpl b/install/debian/12/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..8594ec94 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/moodle.tpl b/install/debian/12/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/no-php.stpl b/install/debian/12/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..4bb50383 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/no-php.tpl b/install/debian/12/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/odoo.stpl b/install/debian/12/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..e28afcfc --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/odoo.tpl b/install/debian/12/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/opencart.stpl b/install/debian/12/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..52706d21 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/opencart.tpl b/install/debian/12/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/owncloud.stpl b/install/debian/12/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..1b803f97 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/owncloud.tpl b/install/debian/12/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/piwik.stpl b/install/debian/12/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..1b299343 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/piwik.tpl b/install/debian/12/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/12/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..d26ed9f4 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/12/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..b92861b0 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/12/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/sendy.tpl b/install/debian/12/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress.stpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress.tpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress2.stpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..01dfee5b --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress2.tpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..a5fc46fb --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/private-force-https.stpl b/install/debian/12/templates/web/nginx/private-force-https.stpl new file mode 100644 index 00000000..bf805683 --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/private-force-https.tpl b/install/debian/12/templates/web/nginx/private-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/private-hosting.sh b/install/debian/12/templates/web/nginx/private-hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/private-hosting.stpl b/install/debian/12/templates/web/nginx/private-hosting.stpl new file mode 100644 index 00000000..8e5b3f7b --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-hosting.stpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/private-hosting.tpl b/install/debian/12/templates/web/nginx/private-hosting.tpl new file mode 100644 index 00000000..a8ee840e --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-hosting.tpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/proxy_ip.tpl b/install/debian/12/templates/web/nginx/proxy_ip.tpl new file mode 100644 index 00000000..ae195617 --- /dev/null +++ b/install/debian/12/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/debian/12/templates/web/php-fpm/default.tpl b/install/debian/12/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/debian/12/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/12/templates/web/php-fpm/no-php.tpl b/install/debian/12/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/debian/12/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/debian/12/templates/web/php-fpm/socket.tpl b/install/debian/12/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/debian/12/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/12/templates/web/skel/document_errors/403.html b/install/debian/12/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/debian/12/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/debian/12/templates/web/skel/document_errors/404.html b/install/debian/12/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/debian/12/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/debian/12/templates/web/skel/document_errors/50x.html b/install/debian/12/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/debian/12/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/debian/12/templates/web/skel/public_html/index.html b/install/debian/12/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/12/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/12/templates/web/skel/public_html/robots.txt b/install/debian/12/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/12/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/12/templates/web/skel/public_shtml/index.html b/install/debian/12/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/12/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/12/templates/web/skel/public_shtml/robots.txt b/install/debian/12/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/12/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/12/templates/web/suspend/.htaccess b/install/debian/12/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/debian/12/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/debian/12/templates/web/suspend/index.html b/install/debian/12/templates/web/suspend/index.html new file mode 100755 index 00000000..3815354d --- /dev/null +++ b/install/debian/12/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

Temporary under construction

+

This website is temporary under construction.

+
+ We will back again soon. +
+ + diff --git a/install/debian/12/templates/web/webalizer/webalizer.tpl b/install/debian/12/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/debian/12/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/debian/12/vsftpd/vsftpd.conf b/install/debian/12/vsftpd/vsftpd.conf new file mode 100644 index 00000000..1ca1a992 --- /dev/null +++ b/install/debian/12/vsftpd/vsftpd.conf @@ -0,0 +1,26 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 +use_localtime=YES diff --git a/install/debian/13/apache2/apache2.conf b/install/debian/13/apache2/apache2.conf new file mode 100644 index 00000000..2be3e50d --- /dev/null +++ b/install/debian/13/apache2/apache2.conf @@ -0,0 +1,95 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 900 +ProxyTimeout 900 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/debian/13/apache2/status.conf b/install/debian/13/apache2/status.conf new file mode 100644 index 00000000..0d82a356 --- /dev/null +++ b/install/debian/13/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + # Allow from all + diff --git a/install/debian/13/bind/named.conf b/install/debian/13/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/debian/13/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/debian/13/clamav/clamd.conf b/install/debian/13/clamav/clamd.conf new file mode 100644 index 00000000..c636b6d3 --- /dev/null +++ b/install/debian/13/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean true +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 2M +MaxFileSize 2M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/debian/13/deb_signing.key b/install/debian/13/deb_signing.key new file mode 100644 index 00000000..d279abbd --- /dev/null +++ b/install/debian/13/deb_signing.key @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/13/dovecot/conf.d/10-auth.conf b/install/debian/13/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/debian/13/dovecot/conf.d/10-logging.conf b/install/debian/13/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/debian/13/dovecot/conf.d/10-mail.conf b/install/debian/13/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/debian/13/dovecot/conf.d/10-master.conf b/install/debian/13/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/debian/13/dovecot/conf.d/10-ssl.conf b/install/debian/13/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..3aaff6ee --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + mail_max_userip_connections = 50 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/debian/13/dovecot/dovecot.conf b/install/debian/13/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/debian/13/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/debian/13/exim/deny_senders b/install/debian/13/exim/deny_senders new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/install/debian/13/exim/deny_senders @@ -0,0 +1 @@ + diff --git a/install/debian/13/exim/dnsbl.conf b/install/debian/13/exim/dnsbl.conf new file mode 100644 index 00000000..279bafcd --- /dev/null +++ b/install/debian/13/exim/dnsbl.conf @@ -0,0 +1 @@ +bl.spamcop.net diff --git a/install/debian/13/exim/exim4.conf.template b/install/debian/13/exim/exim4.conf.template new file mode 100644 index 00000000..15264797 --- /dev/null +++ b/install/debian/13/exim/exim4.conf.template @@ -0,0 +1,487 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are converted to SRS, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look converted to SRS but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +remote_forwarded_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/13/exim/exim4.conf.template.without-srs b/install/debian/13/exim/exim4.conf.template.without-srs new file mode 100644 index 00000000..78eda468 --- /dev/null +++ b/install/debian/13/exim/exim4.conf.template.without-srs @@ -0,0 +1,451 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/13/exim/spam-blocks.conf b/install/debian/13/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/debian/13/fail2ban/action.d/vesta.conf b/install/debian/13/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/debian/13/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/debian/13/fail2ban/filter.d/vesta.conf b/install/debian/13/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..36ec1001 --- /dev/null +++ b/install/debian/13/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccessful Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/debian/13/fail2ban/jail.local b/install/debian/13/fail2ban/jail.local new file mode 100644 index 00000000..eccea068 --- /dev/null +++ b/install/debian/13/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/13/firewall/ports.conf b/install/debian/13/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/13/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/13/firewall/rules.conf b/install/debian/13/firewall/rules.conf new file mode 100644 index 00000000..6da5a1c4 --- /dev/null +++ b/install/debian/13/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='yes' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/debian/13/logrotate/apache2 b/install/debian/13/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/debian/13/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/debian/13/logrotate/dovecot b/install/debian/13/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/debian/13/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/debian/13/logrotate/nginx b/install/debian/13/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/debian/13/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/debian/13/logrotate/vesta b/install/debian/13/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/debian/13/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/debian/13/mysql/my-large.cnf b/install/debian/13/mysql/my-large.cnf new file mode 100644 index 00000000..b056c316 --- /dev/null +++ b/install/debian/13/mysql/my-large.cnf @@ -0,0 +1,51 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/mysql/my-medium.cnf b/install/debian/13/mysql/my-medium.cnf new file mode 100644 index 00000000..33aa04c2 --- /dev/null +++ b/install/debian/13/mysql/my-medium.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/mysql/my-small.cnf b/install/debian/13/mysql/my-small.cnf new file mode 100644 index 00000000..857f48ce --- /dev/null +++ b/install/debian/13/mysql/my-small.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/nginx/nginx.conf b/install/debian/13/nginx/nginx.conf new file mode 100644 index 00000000..6efe2337 --- /dev/null +++ b/install/debian/13/nginx/nginx.conf @@ -0,0 +1,140 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +timer_resolution 50ms; #In order to free some CPU cycles +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 2400:cb00::/32; + set_real_ip_from 2606:4700::/32; + set_real_ip_from 2803:f800::/32; + set_real_ip_from 2405:b500::/32; + set_real_ip_from 2405:8100::/32; + set_real_ip_from 2a06:98c0::/29; + set_real_ip_from 2c0f:f248::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/debian/13/nginx/phpmyadmin.inc b/install/debian/13/nginx/phpmyadmin.inc new file mode 100644 index 00000000..cdfc93c4 --- /dev/null +++ b/install/debian/13/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/debian/13/nginx/phppgadmin.inc b/install/debian/13/nginx/phppgadmin.inc new file mode 100644 index 00000000..47cfcf4e --- /dev/null +++ b/install/debian/13/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/13/nginx/status.conf b/install/debian/13/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/debian/13/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/debian/13/nginx/webmail.inc b/install/debian/13/nginx/webmail.inc new file mode 100644 index 00000000..768c9049 --- /dev/null +++ b/install/debian/13/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/13/packages/default.pkg b/install/debian/13/packages/default.pkg new file mode 100644 index 00000000..cd1cbba1 --- /dev/null +++ b/install/debian/13/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='PHP-FPM-82' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='unlimited' +WEB_ALIASES='unlimited' +DNS_DOMAINS='unlimited' +DNS_RECORDS='unlimited' +MAIL_DOMAINS='unlimited' +MAIL_ACCOUNTS='unlimited' +DATABASES='unlimited' +CRON_JOBS='unlimited' +DISK_QUOTA='unlimited' +BANDWIDTH='unlimited' +NS='YOURHOSTNAME1,YOURHOSTNAME2' +SHELL='nologin' +BACKUPS='2' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/debian/13/pga/config.inc.php b/install/debian/13/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/debian/13/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/debian/13/pga/phppgadmin.conf b/install/debian/13/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/debian/13/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/debian/13/php-fpm/www.conf b/install/debian/13/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/debian/13/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/debian/13/php/php7.3-dedi.patch b/install/debian/13/php/php7.3-dedi.patch new file mode 100644 index 00000000..c044e002 --- /dev/null +++ b/install/debian/13/php/php7.3-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.3-vps.patch b/install/debian/13/php/php7.3-vps.patch new file mode 100644 index 00000000..803b93e8 --- /dev/null +++ b/install/debian/13/php/php7.3-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.4-dedi.patch b/install/debian/13/php/php7.4-dedi.patch new file mode 100644 index 00000000..3e5bd2fb --- /dev/null +++ b/install/debian/13/php/php7.4-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:25:15.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.4-vps.patch b/install/debian/13/php/php7.4-vps.patch new file mode 100644 index 00000000..7c52d402 --- /dev/null +++ b/install/debian/13/php/php7.4-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:24:26.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/pma/apache.conf b/install/debian/13/pma/apache.conf new file mode 100644 index 00000000..2a8f69e2 --- /dev/null +++ b/install/debian/13/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/debian/13/pma/config.inc.php b/install/debian/13/pma/config.inc.php new file mode 100644 index 00000000..eafc6d67 --- /dev/null +++ b/install/debian/13/pma/config.inc.php @@ -0,0 +1,146 @@ +> $pmapath1 +sed -i '/savedsearches/d' $pmapath1 +sed -i '/navigationhiding/d' $pmapath1 +sed -i '/users/d' $pmapath1 +sed -i '/controlpass/d' $pmapath1 +sed -i '/favorite/d' $pmapath1 +sed -i '/usergroups/d' $pmapath1 +sed -i '/central_columns/d' $pmapath1 +sed -i '/designer_settings/d' $pmapath1 +sed -i '/export_templates/d' $pmapath1 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1 + +sed -i '/pmadb/d' $pmapath2 +sed -i '/controluser/d' $pmapath2 +sed -i '/bookmarktable/d' $pmapath2 +sed -i '/relation/d' $pmapath2 +sed -i '/userconfig/d' $pmapath2 +sed -i '/table_info/d' $pmapath2 +sed -i '/column_info/d' $pmapath2 +sed -i '/history/d' $pmapath2 +sed -i '/recent/d' $pmapath2 +sed -i '/table_uiprefs/d' $pmapath2 +sed -i '/tracking/d' $pmapath2 +sed -i '/table_coords/d' $pmapath2 +sed -i '/pdf_pages/d' $pmapath2 +sed -i '/designer_coords/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/savedsearches/d' $pmapath2 +sed -i '/navigationhiding/d' $pmapath2 +sed -i '/users/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/favorite/d' $pmapath2 +sed -i '/usergroups/d' $pmapath2 +sed -i '/central_columns/d' $pmapath2 +sed -i '/designer_settings/d' $pmapath2 +sed -i '/export_templates/d' $pmapath2 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2 + +#SOME WORK with DATABASE (table / user) +PMADB=phpmyadmin +PMAUSER=pma + +#DROP USER and TABLE +mysql -uroot < + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 100 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 +TransferLog /var/log/proftpd/xferlog +SystemLog /var/log/proftpd/proftpd.log + + + Umask 002 + + IdentLookups off + + AllowOverwrite yes + + AllowAll + + diff --git a/install/debian/13/proftpd/tls.conf b/install/debian/13/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/13/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/13/roundcube/apache.conf b/install/debian/13/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/debian/13/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/debian/13/roundcube/config.inc.php b/install/debian/13/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/debian/13/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/debian/13/roundcube/main.inc.php b/install/debian/13/roundcube/main.inc.php new file mode 100644 index 00000000..91f32000 --- /dev/null +++ b/install/debian/13/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = true; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'elastic'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/debian/13/roundcube/vesta.php b/install/debian/13/roundcube/vesta.php new file mode 100644 index 00000000..b3dd167f --- /dev/null +++ b/install/debian/13/roundcube/vesta.php @@ -0,0 +1,73 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/debian/13/sudo/admin b/install/debian/13/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/debian/13/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/13/templates/dns/child-ns.tpl b/install/debian/13/templates/dns/child-ns.tpl new file mode 100644 index 00000000..42c046e4 --- /dev/null +++ b/install/debian/13/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/default.tpl b/install/debian/13/templates/dns/default.tpl new file mode 100644 index 00000000..e0a37e62 --- /dev/null +++ b/install/debian/13/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/gmail.tpl b/install/debian/13/templates/dns/gmail.tpl new file mode 100644 index 00000000..219c9d24 --- /dev/null +++ b/install/debian/13/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/office365.tpl b/install/debian/13/templates/dns/office365.tpl new file mode 100644 index 00000000..dcf556e1 --- /dev/null +++ b/install/debian/13/templates/dns/office365.tpl @@ -0,0 +1,22 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:spf.protection.outlook.com -all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='XXXXXXX.mail.protection.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"MS=msXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='autodiscover' TYPE='CNAME' PRIORITY='' VALUE='autodiscover.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='sip' TYPE='CNAME' PRIORITY='' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='lyncdiscover' TYPE='CNAME' PRIORITY='' VALUE='webdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='enterpriseregistration' TYPE='CNAME' PRIORITY='' VALUE='enterpriseregistration.windows.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='enterpriseenrollment' TYPE='CNAME' PRIORITY='' VALUE='enterpriseenrollment.manage.microsoft.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='_sip._tls' TYPE='SRV' PRIORITY='100 1 443' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='22' RECORD='_sipfederationtls._tcp' TYPE='SRV' PRIORITY='100 1 5061' VALUE='sipfed.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/yandex.tpl b/install/debian/13/templates/dns/yandex.tpl new file mode 100644 index 00000000..4ce768fe --- /dev/null +++ b/install/debian/13/templates/dns/yandex.tpl @@ -0,0 +1,16 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='domain.mail.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mx.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.yandex.net ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"yandex-verification: XXXXXXXXXXXXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl new file mode 100644 index 00000000..91e05b17 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl new file mode 100644 index 00000000..94acbf15 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl new file mode 100644 index 00000000..848abf7c --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl new file mode 100644 index 00000000..065c1f89 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/awstats/awstats.tpl b/install/debian/13/templates/web/awstats/awstats.tpl new file mode 100644 index 00000000..6bb51c50 --- /dev/null +++ b/install/debian/13/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1" +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/debian/13/templates/web/awstats/index.tpl b/install/debian/13/templates/web/awstats/index.tpl new file mode 100644 index 00000000..9df9bb5c --- /dev/null +++ b/install/debian/13/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/debian/13/templates/web/awstats/nav.tpl b/install/debian/13/templates/web/awstats/nav.tpl new file mode 100644 index 00000000..f29bed68 --- /dev/null +++ b/install/debian/13/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/debian/13/templates/web/nginx/caching.sh b/install/debian/13/templates/web/nginx/caching.sh new file mode 100644 index 00000000..09d8efe7 --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/debian/13/templates/web/nginx/caching.stpl b/install/debian/13/templates/web/nginx/caching.stpl new file mode 100644 index 00000000..f5c9740f --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/caching.tpl b/install/debian/13/templates/web/nginx/caching.tpl new file mode 100644 index 00000000..73de28d5 --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.tpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.stpl b/install/debian/13/templates/web/nginx/force-https-legacy.stpl new file mode 100644 index 00000000..8e636db3 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.tpl b/install/debian/13/templates/web/nginx/force-https-legacy.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-legacy.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https-public.stpl b/install/debian/13/templates/web/nginx/force-https-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/force-https-public.tpl b/install/debian/13/templates/web/nginx/force-https-public.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-public.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https.stpl b/install/debian/13/templates/web/nginx/force-https.stpl new file mode 100644 index 00000000..55f41002 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https.tpl b/install/debian/13/templates/web/nginx/force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.sh b/install/debian/13/templates/web/nginx/hosting-legacy.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.stpl b/install/debian/13/templates/web/nginx/hosting-legacy.stpl new file mode 100644 index 00000000..efdd3b87 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.tpl b/install/debian/13/templates/web/nginx/hosting-legacy.tpl new file mode 100644 index 00000000..a41d4054 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-public.stpl b/install/debian/13/templates/web/nginx/hosting-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-public.tpl b/install/debian/13/templates/web/nginx/hosting-public.tpl new file mode 100644 index 00000000..f5d8b327 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-public.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..f84f4781 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting.sh b/install/debian/13/templates/web/nginx/hosting.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/hosting.stpl b/install/debian/13/templates/web/nginx/hosting.stpl new file mode 100644 index 00000000..5745311e --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting.tpl b/install/debian/13/templates/web/nginx/hosting.tpl new file mode 100644 index 00000000..61469ad2 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..cf8fad56 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..5931f617 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..3c2793d1 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..bb9a727b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.stpl b/install/debian/13/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.tpl b/install/debian/13/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..a7564705 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6e67a4e0 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..d1096bff --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..d4f96ee3 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..db0b4dde --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.stpl b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..f8ac30c9 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.tpl b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.stpl b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..420aeb9e --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.tpl b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..8594ec94 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..4bb50383 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..e28afcfc --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..52706d21 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..1b803f97 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..1b299343 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..d26ed9f4 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..b92861b0 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..01dfee5b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..a5fc46fb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/private-force-https.stpl b/install/debian/13/templates/web/nginx/private-force-https.stpl new file mode 100644 index 00000000..bf805683 --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/private-force-https.tpl b/install/debian/13/templates/web/nginx/private-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/private-hosting.sh b/install/debian/13/templates/web/nginx/private-hosting.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/private-hosting.stpl b/install/debian/13/templates/web/nginx/private-hosting.stpl new file mode 100644 index 00000000..8e5b3f7b --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.stpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/private-hosting.tpl b/install/debian/13/templates/web/nginx/private-hosting.tpl new file mode 100644 index 00000000..a8ee840e --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.tpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/proxy_ip.tpl b/install/debian/13/templates/web/nginx/proxy_ip.tpl new file mode 100644 index 00000000..ae195617 --- /dev/null +++ b/install/debian/13/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/debian/13/templates/web/php-fpm/default.tpl b/install/debian/13/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/php-fpm/no-php.tpl b/install/debian/13/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/php-fpm/socket.tpl b/install/debian/13/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/skel/document_errors/403.html b/install/debian/13/templates/web/skel/document_errors/403.html new file mode 100644 index 00000000..9c3f6baa --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/debian/13/templates/web/skel/document_errors/404.html b/install/debian/13/templates/web/skel/document_errors/404.html new file mode 100644 index 00000000..2cee7708 --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/debian/13/templates/web/skel/document_errors/50x.html b/install/debian/13/templates/web/skel/document_errors/50x.html new file mode 100644 index 00000000..85ba648b --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/debian/13/templates/web/skel/public_html/index.html b/install/debian/13/templates/web/skel/public_html/index.html new file mode 100644 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/13/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/13/templates/web/skel/public_html/robots.txt b/install/debian/13/templates/web/skel/public_html/robots.txt new file mode 100644 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/13/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/13/templates/web/skel/public_shtml/index.html b/install/debian/13/templates/web/skel/public_shtml/index.html new file mode 100644 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/13/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/13/templates/web/skel/public_shtml/robots.txt b/install/debian/13/templates/web/skel/public_shtml/robots.txt new file mode 100644 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/13/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/13/templates/web/suspend/.htaccess b/install/debian/13/templates/web/suspend/.htaccess new file mode 100644 index 00000000..5a6df83f --- /dev/null +++ b/install/debian/13/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/debian/13/templates/web/suspend/index.html b/install/debian/13/templates/web/suspend/index.html new file mode 100644 index 00000000..3815354d --- /dev/null +++ b/install/debian/13/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

Temporary under construction

+

This website is temporary under construction.

+
+ We will back again soon. +
+ + diff --git a/install/debian/13/templates/web/webalizer/webalizer.tpl b/install/debian/13/templates/web/webalizer/webalizer.tpl new file mode 100644 index 00000000..068adcfb --- /dev/null +++ b/install/debian/13/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/debian/13/vsftpd/vsftpd.conf b/install/debian/13/vsftpd/vsftpd.conf new file mode 100644 index 00000000..1ca1a992 --- /dev/null +++ b/install/debian/13/vsftpd/vsftpd.conf @@ -0,0 +1,26 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 +use_localtime=YES diff --git a/install/debian/7/deb_signing.key b/install/debian/7/deb_signing.key index 2ad2db8b..d279abbd 100644 --- a/install/debian/7/deb_signing.key +++ b/install/debian/7/deb_signing.key @@ -1,30 +1,41 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.12 (GNU/Linux) -mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD -G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x -QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf -fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 -oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY -2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g -PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ -CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb -VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN -QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh -IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 -Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 -WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN -BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz -QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 -k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC -YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt -i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS -ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA -CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR -+EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 -XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC -CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN -qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq -ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== -=J2HJ +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI -----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/7/templates/web/nginx/caching.stpl b/install/debian/7/templates/web/nginx/caching.stpl index e149b98b..61b74814 100644 --- a/install/debian/7/templates/web/nginx/caching.stpl +++ b/install/debian/7/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/7/templates/web/nginx/caching.tpl b/install/debian/7/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100644 --- a/install/debian/7/templates/web/nginx/caching.tpl +++ b/install/debian/7/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/7/templates/web/nginx/default.stpl b/install/debian/7/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100644 --- a/install/debian/7/templates/web/nginx/default.stpl +++ b/install/debian/7/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/7/templates/web/nginx/default.tpl b/install/debian/7/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100644 --- a/install/debian/7/templates/web/nginx/default.tpl +++ b/install/debian/7/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/7/templates/web/nginx/hosting.stpl b/install/debian/7/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100644 --- a/install/debian/7/templates/web/nginx/hosting.stpl +++ b/install/debian/7/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/7/templates/web/nginx/hosting.tpl b/install/debian/7/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100644 --- a/install/debian/7/templates/web/nginx/hosting.tpl +++ b/install/debian/7/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/7/templates/web/nginx/http2.stpl b/install/debian/7/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/debian/7/templates/web/nginx/http2.stpl +++ b/install/debian/7/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/7/templates/web/nginx/http2.tpl b/install/debian/7/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/debian/7/templates/web/nginx/http2.tpl +++ b/install/debian/7/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/debian/8/deb_signing.key b/install/debian/8/deb_signing.key index 2ad2db8b..d279abbd 100644 --- a/install/debian/8/deb_signing.key +++ b/install/debian/8/deb_signing.key @@ -1,30 +1,41 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.12 (GNU/Linux) -mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD -G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x -QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf -fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 -oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY -2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g -PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ -CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb -VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN -QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh -IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 -Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 -WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN -BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz -QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 -k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC -YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt -i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS -ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA -CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR -+EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 -XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC -CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN -qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq -ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== -=J2HJ +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI -----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/8/exim/dnsbl.conf b/install/debian/8/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/8/exim/dnsbl.conf +++ b/install/debian/8/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/8/exim/exim4.conf.template b/install/debian/8/exim/exim4.conf.template index e49bbf4e..261947d2 100644 --- a/install/debian/8/exim/exim4.conf.template +++ b/install/debian/8/exim/exim4.conf.template @@ -87,16 +87,18 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept diff --git a/install/debian/8/nginx/nginx.conf b/install/debian/8/nginx/nginx.conf index 65520501..989c6b63 100644 --- a/install/debian/8/nginx/nginx.conf +++ b/install/debian/8/nginx/nginx.conf @@ -72,27 +72,28 @@ http { # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 173.245.48.0/20; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; - set_real_ip_from 104.16.0.0/12; - set_real_ip_from 108.162.192.0/18; - set_real_ip_from 131.0.72.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; set_real_ip_from 141.101.64.0/18; - set_real_ip_from 162.158.0.0/15; - set_real_ip_from 172.64.0.0/13; - set_real_ip_from 173.245.48.0/20; - set_real_ip_from 188.114.96.0/20; + set_real_ip_from 108.162.192.0/18; set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 131.0.72.0/22; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; - set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; + set_real_ip_from 2c0f:f248::/32; real_ip_header CF-Connecting-IP; diff --git a/install/debian/8/proftpd/proftpd.conf b/install/debian/8/proftpd/proftpd.conf index 69ec6b2e..d2bd8667 100644 --- a/install/debian/8/proftpd/proftpd.conf +++ b/install/debian/8/proftpd/proftpd.conf @@ -4,6 +4,8 @@ ServerAdmin root@localhost DefaultServer on DefaultRoot ~ !adm +Include /etc/proftpd/tls.conf + VRootEngine on VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf diff --git a/install/debian/8/proftpd/tls.conf b/install/debian/8/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/8/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/8/templates/web/apache2/basedir.stpl b/install/debian/8/templates/web/apache2/basedir.stpl index 2db1d52c..60a8f7fd 100644 --- a/install/debian/8/templates/web/apache2/basedir.stpl +++ b/install/debian/8/templates/web/apache2/basedir.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/basedir.tpl b/install/debian/8/templates/web/apache2/basedir.tpl index 96c94a1b..3b8f875a 100644 --- a/install/debian/8/templates/web/apache2/basedir.tpl +++ b/install/debian/8/templates/web/apache2/basedir.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/default.stpl b/install/debian/8/templates/web/apache2/default.stpl index ec34c279..3fc7e160 100644 --- a/install/debian/8/templates/web/apache2/default.stpl +++ b/install/debian/8/templates/web/apache2/default.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/default.tpl b/install/debian/8/templates/web/apache2/default.tpl index 3a227015..464257ec 100644 --- a/install/debian/8/templates/web/apache2/default.tpl +++ b/install/debian/8/templates/web/apache2/default.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/hosting.stpl b/install/debian/8/templates/web/apache2/hosting.stpl index c9c19512..b17014cd 100644 --- a/install/debian/8/templates/web/apache2/hosting.stpl +++ b/install/debian/8/templates/web/apache2/hosting.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value upload_max_filesize 10M php_admin_value max_execution_time 20 php_admin_value post_max_size 8M diff --git a/install/debian/8/templates/web/apache2/hosting.tpl b/install/debian/8/templates/web/apache2/hosting.tpl index 1eb26910..34f55b29 100644 --- a/install/debian/8/templates/web/apache2/hosting.tpl +++ b/install/debian/8/templates/web/apache2/hosting.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value upload_max_filesize 10M php_admin_value max_execution_time 20 php_admin_value post_max_size 8M diff --git a/install/debian/8/templates/web/apache2/phpcgi.stpl b/install/debian/8/templates/web/apache2/phpcgi.stpl index ae560dbe..7c1248d4 100644 --- a/install/debian/8/templates/web/apache2/phpcgi.stpl +++ b/install/debian/8/templates/web/apache2/phpcgi.stpl @@ -14,7 +14,7 @@ SSLRequireSSL AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/phpcgi.tpl b/install/debian/8/templates/web/apache2/phpcgi.tpl index c6796d29..603ea8b9 100644 --- a/install/debian/8/templates/web/apache2/phpcgi.tpl +++ b/install/debian/8/templates/web/apache2/phpcgi.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/phpfcgid.stpl b/install/debian/8/templates/web/apache2/phpfcgid.stpl index bc3688d9..98304f2a 100644 --- a/install/debian/8/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/8/templates/web/apache2/phpfcgid.stpl @@ -14,7 +14,7 @@ SSLRequireSSL AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/phpfcgid.tpl b/install/debian/8/templates/web/apache2/phpfcgid.tpl index a4c01269..525b1f53 100644 --- a/install/debian/8/templates/web/apache2/phpfcgid.tpl +++ b/install/debian/8/templates/web/apache2/phpfcgid.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/awstats/awstats.tpl b/install/debian/8/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/8/templates/web/awstats/awstats.tpl +++ b/install/debian/8/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/8/templates/web/nginx/caching.stpl b/install/debian/8/templates/web/nginx/caching.stpl index 3c56004d..d104643a 100644 --- a/install/debian/8/templates/web/nginx/caching.stpl +++ b/install/debian/8/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/8/templates/web/nginx/caching.tpl b/install/debian/8/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100644 --- a/install/debian/8/templates/web/nginx/caching.tpl +++ b/install/debian/8/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/8/templates/web/nginx/default.stpl b/install/debian/8/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100644 --- a/install/debian/8/templates/web/nginx/default.stpl +++ b/install/debian/8/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/8/templates/web/nginx/default.tpl b/install/debian/8/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100644 --- a/install/debian/8/templates/web/nginx/default.tpl +++ b/install/debian/8/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/8/templates/web/nginx/force-https-legacy.stpl b/install/debian/8/templates/web/nginx/force-https-legacy.stpl new file mode 100644 index 00000000..4e51748d --- /dev/null +++ b/install/debian/8/templates/web/nginx/force-https-legacy.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/force-https-legacy.tpl b/install/debian/8/templates/web/nginx/force-https-legacy.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/8/templates/web/nginx/force-https-legacy.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/8/templates/web/nginx/force-https-public.stpl b/install/debian/8/templates/web/nginx/force-https-public.stpl new file mode 100644 index 00000000..9522313b --- /dev/null +++ b/install/debian/8/templates/web/nginx/force-https-public.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/8/templates/web/nginx/force-https-public.tpl b/install/debian/8/templates/web/nginx/force-https-public.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/8/templates/web/nginx/force-https-public.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/8/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/8/templates/web/nginx/force-https-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2d62e72b --- /dev/null +++ b/install/debian/8/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/8/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/8/templates/web/nginx/force-https-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/8/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/8/templates/web/nginx/force-https.stpl b/install/debian/8/templates/web/nginx/force-https.stpl new file mode 100644 index 00000000..d138ea63 --- /dev/null +++ b/install/debian/8/templates/web/nginx/force-https.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/force-https.tpl b/install/debian/8/templates/web/nginx/force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/8/templates/web/nginx/force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/8/templates/web/nginx/hosting.stpl b/install/debian/8/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100644 --- a/install/debian/8/templates/web/nginx/hosting.stpl +++ b/install/debian/8/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/8/templates/web/nginx/hosting.tpl b/install/debian/8/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100644 --- a/install/debian/8/templates/web/nginx/hosting.tpl +++ b/install/debian/8/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/8/templates/web/nginx/http2.stpl b/install/debian/8/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/debian/8/templates/web/nginx/http2.stpl +++ b/install/debian/8/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/8/templates/web/nginx/http2.tpl b/install/debian/8/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/debian/8/templates/web/nginx/http2.tpl +++ b/install/debian/8/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/private-force-https.stpl b/install/debian/8/templates/web/nginx/private-force-https.stpl new file mode 100644 index 00000000..c77baf91 --- /dev/null +++ b/install/debian/8/templates/web/nginx/private-force-https.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/private-force-https.tpl b/install/debian/8/templates/web/nginx/private-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/8/templates/web/nginx/private-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/9/deb_signing.key b/install/debian/9/deb_signing.key index 2ad2db8b..d279abbd 100644 --- a/install/debian/9/deb_signing.key +++ b/install/debian/9/deb_signing.key @@ -1,30 +1,41 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.12 (GNU/Linux) -mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD -G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x -QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf -fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 -oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY -2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g -PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ -CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb -VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN -QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh -IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 -Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 -WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN -BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz -QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 -k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC -YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt -i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS -ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA -CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR -+EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 -XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC -CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN -qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq -ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== -=J2HJ +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI -----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/9/exim/dnsbl.conf b/install/debian/9/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/9/exim/dnsbl.conf +++ b/install/debian/9/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/9/exim/exim4.conf.template b/install/debian/9/exim/exim4.conf.template index e49bbf4e..261947d2 100644 --- a/install/debian/9/exim/exim4.conf.template +++ b/install/debian/9/exim/exim4.conf.template @@ -87,16 +87,18 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept diff --git a/install/debian/9/nginx/nginx.conf b/install/debian/9/nginx/nginx.conf index 745e1082..989c6b63 100644 --- a/install/debian/9/nginx/nginx.conf +++ b/install/debian/9/nginx/nginx.conf @@ -76,6 +76,8 @@ http { set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; set_real_ip_from 141.101.64.0/18; set_real_ip_from 108.162.192.0/18; set_real_ip_from 190.93.240.0/20; @@ -83,7 +85,6 @@ http { set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 162.158.0.0/15; - set_real_ip_from 104.16.0.0/12; set_real_ip_from 172.64.0.0/13; set_real_ip_from 131.0.72.0/22; set_real_ip_from 2400:cb00::/32; diff --git a/install/debian/9/proftpd/proftpd.conf b/install/debian/9/proftpd/proftpd.conf index 69ec6b2e..d2bd8667 100644 --- a/install/debian/9/proftpd/proftpd.conf +++ b/install/debian/9/proftpd/proftpd.conf @@ -4,6 +4,8 @@ ServerAdmin root@localhost DefaultServer on DefaultRoot ~ !adm +Include /etc/proftpd/tls.conf + VRootEngine on VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf diff --git a/install/debian/9/proftpd/tls.conf b/install/debian/9/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/9/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/9/templates/web/apache2/basedir.stpl b/install/debian/9/templates/web/apache2/basedir.stpl index 2db1d52c..60a8f7fd 100644 --- a/install/debian/9/templates/web/apache2/basedir.stpl +++ b/install/debian/9/templates/web/apache2/basedir.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/basedir.tpl b/install/debian/9/templates/web/apache2/basedir.tpl index 96c94a1b..3b8f875a 100644 --- a/install/debian/9/templates/web/apache2/basedir.tpl +++ b/install/debian/9/templates/web/apache2/basedir.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/default.stpl b/install/debian/9/templates/web/apache2/default.stpl index ec34c279..3fc7e160 100644 --- a/install/debian/9/templates/web/apache2/default.stpl +++ b/install/debian/9/templates/web/apache2/default.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/default.tpl b/install/debian/9/templates/web/apache2/default.tpl index 3a227015..464257ec 100644 --- a/install/debian/9/templates/web/apache2/default.tpl +++ b/install/debian/9/templates/web/apache2/default.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/hosting.stpl b/install/debian/9/templates/web/apache2/hosting.stpl index c9c19512..b17014cd 100644 --- a/install/debian/9/templates/web/apache2/hosting.stpl +++ b/install/debian/9/templates/web/apache2/hosting.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value upload_max_filesize 10M php_admin_value max_execution_time 20 php_admin_value post_max_size 8M diff --git a/install/debian/9/templates/web/apache2/hosting.tpl b/install/debian/9/templates/web/apache2/hosting.tpl index 1eb26910..34f55b29 100644 --- a/install/debian/9/templates/web/apache2/hosting.tpl +++ b/install/debian/9/templates/web/apache2/hosting.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value upload_max_filesize 10M php_admin_value max_execution_time 20 php_admin_value post_max_size 8M diff --git a/install/debian/9/templates/web/apache2/phpcgi.stpl b/install/debian/9/templates/web/apache2/phpcgi.stpl index ae560dbe..7c1248d4 100644 --- a/install/debian/9/templates/web/apache2/phpcgi.stpl +++ b/install/debian/9/templates/web/apache2/phpcgi.stpl @@ -14,7 +14,7 @@ SSLRequireSSL AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/phpcgi.tpl b/install/debian/9/templates/web/apache2/phpcgi.tpl index c6796d29..603ea8b9 100644 --- a/install/debian/9/templates/web/apache2/phpcgi.tpl +++ b/install/debian/9/templates/web/apache2/phpcgi.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/phpfcgid.stpl b/install/debian/9/templates/web/apache2/phpfcgid.stpl index bc3688d9..98304f2a 100644 --- a/install/debian/9/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/9/templates/web/apache2/phpfcgid.stpl @@ -14,7 +14,7 @@ SSLRequireSSL AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/phpfcgid.tpl b/install/debian/9/templates/web/apache2/phpfcgid.tpl index a4c01269..525b1f53 100644 --- a/install/debian/9/templates/web/apache2/phpfcgid.tpl +++ b/install/debian/9/templates/web/apache2/phpfcgid.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/awstats/awstats.tpl b/install/debian/9/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/9/templates/web/awstats/awstats.tpl +++ b/install/debian/9/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/9/templates/web/nginx/caching.stpl b/install/debian/9/templates/web/nginx/caching.stpl index 868e2fe9..f5c9740f 100644 --- a/install/debian/9/templates/web/nginx/caching.stpl +++ b/install/debian/9/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/9/templates/web/nginx/caching.tpl b/install/debian/9/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100644 --- a/install/debian/9/templates/web/nginx/caching.tpl +++ b/install/debian/9/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/9/templates/web/nginx/default.stpl b/install/debian/9/templates/web/nginx/default.stpl index f225becd..5a958ca4 100644 --- a/install/debian/9/templates/web/nginx/default.stpl +++ b/install/debian/9/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/9/templates/web/nginx/default.tpl b/install/debian/9/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100644 --- a/install/debian/9/templates/web/nginx/default.tpl +++ b/install/debian/9/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/9/templates/web/nginx/force-https-legacy.stpl b/install/debian/9/templates/web/nginx/force-https-legacy.stpl new file mode 100644 index 00000000..79e55a26 --- /dev/null +++ b/install/debian/9/templates/web/nginx/force-https-legacy.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/force-https-legacy.tpl b/install/debian/9/templates/web/nginx/force-https-legacy.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/9/templates/web/nginx/force-https-legacy.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/9/templates/web/nginx/force-https-public.stpl b/install/debian/9/templates/web/nginx/force-https-public.stpl new file mode 100644 index 00000000..ac422df6 --- /dev/null +++ b/install/debian/9/templates/web/nginx/force-https-public.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/9/templates/web/nginx/force-https-public.tpl b/install/debian/9/templates/web/nginx/force-https-public.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/9/templates/web/nginx/force-https-public.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/9/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/9/templates/web/nginx/force-https-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..7e0e71d1 --- /dev/null +++ b/install/debian/9/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/9/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/9/templates/web/nginx/force-https-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/9/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/9/templates/web/nginx/force-https.stpl b/install/debian/9/templates/web/nginx/force-https.stpl new file mode 100644 index 00000000..33fab443 --- /dev/null +++ b/install/debian/9/templates/web/nginx/force-https.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/force-https.tpl b/install/debian/9/templates/web/nginx/force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/9/templates/web/nginx/force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/9/templates/web/nginx/hosting.stpl b/install/debian/9/templates/web/nginx/hosting.stpl index 3b0e8ce9..605fa875 100644 --- a/install/debian/9/templates/web/nginx/hosting.stpl +++ b/install/debian/9/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/9/templates/web/nginx/hosting.tpl b/install/debian/9/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100644 --- a/install/debian/9/templates/web/nginx/hosting.tpl +++ b/install/debian/9/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/9/templates/web/nginx/http2.stpl b/install/debian/9/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/debian/9/templates/web/nginx/http2.stpl +++ b/install/debian/9/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/9/templates/web/nginx/http2.tpl b/install/debian/9/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/debian/9/templates/web/nginx/http2.tpl +++ b/install/debian/9/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/debian/9/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/9/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/9/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/private-force-https.stpl b/install/debian/9/templates/web/nginx/private-force-https.stpl new file mode 100644 index 00000000..64094fb8 --- /dev/null +++ b/install/debian/9/templates/web/nginx/private-force-https.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/private-force-https.tpl b/install/debian/9/templates/web/nginx/private-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/9/templates/web/nginx/private-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/rhel/5/templates/web/nginx/caching.stpl b/install/rhel/5/templates/web/nginx/caching.stpl index 5e1ac757..720b880b 100755 --- a/install/rhel/5/templates/web/nginx/caching.stpl +++ b/install/rhel/5/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/5/templates/web/nginx/caching.tpl b/install/rhel/5/templates/web/nginx/caching.tpl index 6d727c67..fc721982 100755 --- a/install/rhel/5/templates/web/nginx/caching.tpl +++ b/install/rhel/5/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/5/templates/web/nginx/default.stpl b/install/rhel/5/templates/web/nginx/default.stpl index 22bbd55a..92804815 100755 --- a/install/rhel/5/templates/web/nginx/default.stpl +++ b/install/rhel/5/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/5/templates/web/nginx/default.tpl b/install/rhel/5/templates/web/nginx/default.tpl index c1fec114..e49081a5 100755 --- a/install/rhel/5/templates/web/nginx/default.tpl +++ b/install/rhel/5/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/5/templates/web/nginx/hosting.stpl b/install/rhel/5/templates/web/nginx/hosting.stpl index c3414149..10dae25e 100755 --- a/install/rhel/5/templates/web/nginx/hosting.stpl +++ b/install/rhel/5/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/5/templates/web/nginx/hosting.tpl b/install/rhel/5/templates/web/nginx/hosting.tpl index 44d87496..de42b9df 100755 --- a/install/rhel/5/templates/web/nginx/hosting.tpl +++ b/install/rhel/5/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/5/templates/web/nginx/http2.stpl b/install/rhel/5/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/rhel/5/templates/web/nginx/http2.stpl +++ b/install/rhel/5/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/5/templates/web/nginx/http2.tpl b/install/rhel/5/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/rhel/5/templates/web/nginx/http2.tpl +++ b/install/rhel/5/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.stpl b/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.tpl b/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/caching.stpl b/install/rhel/6/templates/web/nginx/caching.stpl index 5e1ac757..720b880b 100755 --- a/install/rhel/6/templates/web/nginx/caching.stpl +++ b/install/rhel/6/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/6/templates/web/nginx/caching.tpl b/install/rhel/6/templates/web/nginx/caching.tpl index 6d727c67..fc721982 100755 --- a/install/rhel/6/templates/web/nginx/caching.tpl +++ b/install/rhel/6/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/6/templates/web/nginx/default.stpl b/install/rhel/6/templates/web/nginx/default.stpl index 22bbd55a..92804815 100755 --- a/install/rhel/6/templates/web/nginx/default.stpl +++ b/install/rhel/6/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/6/templates/web/nginx/default.tpl b/install/rhel/6/templates/web/nginx/default.tpl index c1fec114..e49081a5 100755 --- a/install/rhel/6/templates/web/nginx/default.tpl +++ b/install/rhel/6/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/6/templates/web/nginx/hosting.stpl b/install/rhel/6/templates/web/nginx/hosting.stpl index c3414149..10dae25e 100755 --- a/install/rhel/6/templates/web/nginx/hosting.stpl +++ b/install/rhel/6/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/6/templates/web/nginx/hosting.tpl b/install/rhel/6/templates/web/nginx/hosting.tpl index 44d87496..de42b9df 100755 --- a/install/rhel/6/templates/web/nginx/hosting.tpl +++ b/install/rhel/6/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/6/templates/web/nginx/http2.stpl b/install/rhel/6/templates/web/nginx/http2.stpl index cfdb9188..0810e9d4 100644 --- a/install/rhel/6/templates/web/nginx/http2.stpl +++ b/install/rhel/6/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/6/templates/web/nginx/http2.tpl b/install/rhel/6/templates/web/nginx/http2.tpl index b20e2922..9344a7a9 100644 --- a/install/rhel/6/templates/web/nginx/http2.tpl +++ b/install/rhel/6/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.stpl b/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.tpl b/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/caching.stpl b/install/rhel/7/templates/web/nginx/caching.stpl index 5e1ac757..720b880b 100755 --- a/install/rhel/7/templates/web/nginx/caching.stpl +++ b/install/rhel/7/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/7/templates/web/nginx/caching.tpl b/install/rhel/7/templates/web/nginx/caching.tpl index 6d727c67..fc721982 100755 --- a/install/rhel/7/templates/web/nginx/caching.tpl +++ b/install/rhel/7/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/7/templates/web/nginx/default.stpl b/install/rhel/7/templates/web/nginx/default.stpl index 22bbd55a..92804815 100755 --- a/install/rhel/7/templates/web/nginx/default.stpl +++ b/install/rhel/7/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/7/templates/web/nginx/default.tpl b/install/rhel/7/templates/web/nginx/default.tpl index c1fec114..e49081a5 100755 --- a/install/rhel/7/templates/web/nginx/default.tpl +++ b/install/rhel/7/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/7/templates/web/nginx/hosting.stpl b/install/rhel/7/templates/web/nginx/hosting.stpl index c3414149..10dae25e 100755 --- a/install/rhel/7/templates/web/nginx/hosting.stpl +++ b/install/rhel/7/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/7/templates/web/nginx/hosting.tpl b/install/rhel/7/templates/web/nginx/hosting.tpl index 44d87496..de42b9df 100755 --- a/install/rhel/7/templates/web/nginx/hosting.tpl +++ b/install/rhel/7/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/7/templates/web/nginx/http2.stpl b/install/rhel/7/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/rhel/7/templates/web/nginx/http2.stpl +++ b/install/rhel/7/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/7/templates/web/nginx/http2.tpl b/install/rhel/7/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/rhel/7/templates/web/nginx/http2.tpl +++ b/install/rhel/7/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.stpl b/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.tpl b/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/caching.stpl b/install/ubuntu/12.04/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/12.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.04/templates/web/nginx/caching.tpl b/install/ubuntu/12.04/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/12.04/templates/web/nginx/caching.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.04/templates/web/nginx/default.stpl b/install/ubuntu/12.04/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/12.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.04/templates/web/nginx/default.tpl b/install/ubuntu/12.04/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/12.04/templates/web/nginx/default.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.04/templates/web/nginx/hosting.stpl b/install/ubuntu/12.04/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/12.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.04/templates/web/nginx/hosting.tpl b/install/ubuntu/12.04/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/12.04/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.04/templates/web/nginx/http2.stpl b/install/ubuntu/12.04/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/12.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.04/templates/web/nginx/http2.tpl b/install/ubuntu/12.04/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/12.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/caching.stpl b/install/ubuntu/12.10/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/12.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.10/templates/web/nginx/caching.tpl b/install/ubuntu/12.10/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/12.10/templates/web/nginx/caching.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.10/templates/web/nginx/default.stpl b/install/ubuntu/12.10/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/12.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.10/templates/web/nginx/default.tpl b/install/ubuntu/12.10/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/12.10/templates/web/nginx/default.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.10/templates/web/nginx/hosting.stpl b/install/ubuntu/12.10/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/12.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.10/templates/web/nginx/hosting.tpl b/install/ubuntu/12.10/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/12.10/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.10/templates/web/nginx/http2.stpl b/install/ubuntu/12.10/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/12.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.10/templates/web/nginx/http2.tpl b/install/ubuntu/12.10/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/12.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/caching.stpl b/install/ubuntu/13.04/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/13.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.04/templates/web/nginx/caching.tpl b/install/ubuntu/13.04/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/13.04/templates/web/nginx/caching.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.04/templates/web/nginx/default.stpl b/install/ubuntu/13.04/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/13.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.04/templates/web/nginx/default.tpl b/install/ubuntu/13.04/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/13.04/templates/web/nginx/default.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.04/templates/web/nginx/hosting.stpl b/install/ubuntu/13.04/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/13.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.04/templates/web/nginx/hosting.tpl b/install/ubuntu/13.04/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/13.04/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.04/templates/web/nginx/http2.stpl b/install/ubuntu/13.04/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/13.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.04/templates/web/nginx/http2.tpl b/install/ubuntu/13.04/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/13.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/caching.stpl b/install/ubuntu/13.10/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/13.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.10/templates/web/nginx/caching.tpl b/install/ubuntu/13.10/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/13.10/templates/web/nginx/caching.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.10/templates/web/nginx/default.stpl b/install/ubuntu/13.10/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/13.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.10/templates/web/nginx/default.tpl b/install/ubuntu/13.10/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/13.10/templates/web/nginx/default.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.10/templates/web/nginx/hosting.stpl b/install/ubuntu/13.10/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/13.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.10/templates/web/nginx/hosting.tpl b/install/ubuntu/13.10/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/13.10/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.10/templates/web/nginx/http2.stpl b/install/ubuntu/13.10/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/13.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.10/templates/web/nginx/http2.tpl b/install/ubuntu/13.10/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/13.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/caching.stpl b/install/ubuntu/14.04/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/14.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.04/templates/web/nginx/caching.tpl b/install/ubuntu/14.04/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/14.04/templates/web/nginx/caching.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.04/templates/web/nginx/default.stpl b/install/ubuntu/14.04/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/14.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.04/templates/web/nginx/default.tpl b/install/ubuntu/14.04/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/14.04/templates/web/nginx/default.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.04/templates/web/nginx/hosting.stpl b/install/ubuntu/14.04/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/14.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.04/templates/web/nginx/hosting.tpl b/install/ubuntu/14.04/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/14.04/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.04/templates/web/nginx/http2.stpl b/install/ubuntu/14.04/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/14.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.04/templates/web/nginx/http2.tpl b/install/ubuntu/14.04/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/14.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/caching.stpl b/install/ubuntu/14.10/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/14.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.10/templates/web/nginx/caching.tpl b/install/ubuntu/14.10/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/14.10/templates/web/nginx/caching.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.10/templates/web/nginx/default.stpl b/install/ubuntu/14.10/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/14.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.10/templates/web/nginx/default.tpl b/install/ubuntu/14.10/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/14.10/templates/web/nginx/default.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.10/templates/web/nginx/hosting.stpl b/install/ubuntu/14.10/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/14.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.10/templates/web/nginx/hosting.tpl b/install/ubuntu/14.10/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/14.10/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.10/templates/web/nginx/http2.stpl b/install/ubuntu/14.10/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/14.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.10/templates/web/nginx/http2.tpl b/install/ubuntu/14.10/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/14.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/caching.stpl b/install/ubuntu/15.04/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/15.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.04/templates/web/nginx/caching.tpl b/install/ubuntu/15.04/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/15.04/templates/web/nginx/caching.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.04/templates/web/nginx/default.stpl b/install/ubuntu/15.04/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/15.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.04/templates/web/nginx/default.tpl b/install/ubuntu/15.04/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/15.04/templates/web/nginx/default.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.04/templates/web/nginx/hosting.stpl b/install/ubuntu/15.04/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/15.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.04/templates/web/nginx/hosting.tpl b/install/ubuntu/15.04/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/15.04/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.04/templates/web/nginx/http2.stpl b/install/ubuntu/15.04/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/15.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.04/templates/web/nginx/http2.tpl b/install/ubuntu/15.04/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/15.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/caching.stpl b/install/ubuntu/15.10/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/15.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.10/templates/web/nginx/caching.tpl b/install/ubuntu/15.10/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/15.10/templates/web/nginx/caching.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.10/templates/web/nginx/default.stpl b/install/ubuntu/15.10/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/15.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.10/templates/web/nginx/default.tpl b/install/ubuntu/15.10/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/15.10/templates/web/nginx/default.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.10/templates/web/nginx/hosting.stpl b/install/ubuntu/15.10/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/15.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.10/templates/web/nginx/hosting.tpl b/install/ubuntu/15.10/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/15.10/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.10/templates/web/nginx/http2.stpl b/install/ubuntu/15.10/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/15.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.10/templates/web/nginx/http2.tpl b/install/ubuntu/15.10/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/15.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/caching.stpl b/install/ubuntu/16.04/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/16.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.04/templates/web/nginx/caching.tpl b/install/ubuntu/16.04/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/16.04/templates/web/nginx/caching.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.04/templates/web/nginx/default.stpl b/install/ubuntu/16.04/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/16.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.04/templates/web/nginx/default.tpl b/install/ubuntu/16.04/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/16.04/templates/web/nginx/default.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.04/templates/web/nginx/hosting.stpl b/install/ubuntu/16.04/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/16.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.04/templates/web/nginx/hosting.tpl b/install/ubuntu/16.04/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/16.04/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.04/templates/web/nginx/http2.stpl b/install/ubuntu/16.04/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/16.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.04/templates/web/nginx/http2.tpl b/install/ubuntu/16.04/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/16.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/caching.stpl b/install/ubuntu/16.10/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/16.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.10/templates/web/nginx/caching.tpl b/install/ubuntu/16.10/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/16.10/templates/web/nginx/caching.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.10/templates/web/nginx/default.stpl b/install/ubuntu/16.10/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/16.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.10/templates/web/nginx/default.tpl b/install/ubuntu/16.10/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/16.10/templates/web/nginx/default.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.10/templates/web/nginx/hosting.stpl b/install/ubuntu/16.10/templates/web/nginx/hosting.stpl index 62620789..fc70c266 100755 --- a/install/ubuntu/16.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.10/templates/web/nginx/hosting.tpl b/install/ubuntu/16.10/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/16.10/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.10/templates/web/nginx/http2.stpl b/install/ubuntu/16.10/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/16.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.10/templates/web/nginx/http2.tpl b/install/ubuntu/16.10/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/16.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.stpl b/install/ubuntu/17.04/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/17.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.tpl b/install/ubuntu/17.04/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/17.04/templates/web/nginx/caching.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.04/templates/web/nginx/default.stpl b/install/ubuntu/17.04/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/17.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.04/templates/web/nginx/default.tpl b/install/ubuntu/17.04/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/17.04/templates/web/nginx/default.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.stpl b/install/ubuntu/17.04/templates/web/nginx/hosting.stpl index 1ef8994b..3e3567d6 100755 --- a/install/ubuntu/17.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.tpl b/install/ubuntu/17.04/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/17.04/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.stpl b/install/ubuntu/17.04/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/17.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.tpl b/install/ubuntu/17.04/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/17.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.stpl b/install/ubuntu/17.10/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/17.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.tpl b/install/ubuntu/17.10/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/17.10/templates/web/nginx/caching.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.10/templates/web/nginx/default.stpl b/install/ubuntu/17.10/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/17.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.10/templates/web/nginx/default.tpl b/install/ubuntu/17.10/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/17.10/templates/web/nginx/default.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.stpl b/install/ubuntu/17.10/templates/web/nginx/hosting.stpl index 1ef8994b..3e3567d6 100755 --- a/install/ubuntu/17.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.tpl b/install/ubuntu/17.10/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/17.10/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.stpl b/install/ubuntu/17.10/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/17.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.tpl b/install/ubuntu/17.10/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/17.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..a721dd81 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -37,7 +37,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.stpl b/install/ubuntu/18.04/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/18.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.tpl b/install/ubuntu/18.04/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/18.04/templates/web/nginx/caching.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.04/templates/web/nginx/default.stpl b/install/ubuntu/18.04/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/18.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.04/templates/web/nginx/default.tpl b/install/ubuntu/18.04/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/18.04/templates/web/nginx/default.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.stpl b/install/ubuntu/18.04/templates/web/nginx/hosting.stpl index 1ef8994b..3e3567d6 100755 --- a/install/ubuntu/18.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.tpl b/install/ubuntu/18.04/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/18.04/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.04/templates/web/nginx/http2.stpl b/install/ubuntu/18.04/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/18.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.04/templates/web/nginx/http2.tpl b/install/ubuntu/18.04/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/18.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl index c9f91854..b8bf770a 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -36,7 +36,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.10/templates/web/nginx/caching.stpl b/install/ubuntu/18.10/templates/web/nginx/caching.stpl index e149b98b..61b74814 100755 --- a/install/ubuntu/18.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/18.10/templates/web/nginx/caching.stpl @@ -34,6 +34,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.10/templates/web/nginx/caching.tpl b/install/ubuntu/18.10/templates/web/nginx/caching.tpl index 36761b65..73de28d5 100755 --- a/install/ubuntu/18.10/templates/web/nginx/caching.tpl +++ b/install/ubuntu/18.10/templates/web/nginx/caching.tpl @@ -32,6 +32,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.10/templates/web/nginx/default.stpl b/install/ubuntu/18.10/templates/web/nginx/default.stpl index 0e669b3d..418305a8 100755 --- a/install/ubuntu/18.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/18.10/templates/web/nginx/default.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.10/templates/web/nginx/default.tpl b/install/ubuntu/18.10/templates/web/nginx/default.tpl index 4d5c774b..bebd47a2 100755 --- a/install/ubuntu/18.10/templates/web/nginx/default.tpl +++ b/install/ubuntu/18.10/templates/web/nginx/default.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.10/templates/web/nginx/hosting.stpl b/install/ubuntu/18.10/templates/web/nginx/hosting.stpl index 1ef8994b..3e3567d6 100755 --- a/install/ubuntu/18.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/18.10/templates/web/nginx/hosting.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.10/templates/web/nginx/hosting.tpl b/install/ubuntu/18.10/templates/web/nginx/hosting.tpl index 15961c95..a41d4054 100755 --- a/install/ubuntu/18.10/templates/web/nginx/hosting.tpl +++ b/install/ubuntu/18.10/templates/web/nginx/hosting.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.10/templates/web/nginx/http2.stpl b/install/ubuntu/18.10/templates/web/nginx/http2.stpl index f225becd..5a958ca4 100644 --- a/install/ubuntu/18.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/18.10/templates/web/nginx/http2.stpl @@ -25,6 +25,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.10/templates/web/nginx/http2.tpl b/install/ubuntu/18.10/templates/web/nginx/http2.tpl index 4d5c774b..bebd47a2 100644 --- a/install/ubuntu/18.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/18.10/templates/web/nginx/http2.tpl @@ -23,6 +23,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl index c9f91854..b8bf770a 100644 --- a/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -36,7 +36,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl index 297fe0e8..b92861b0 100644 --- a/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -33,7 +33,7 @@ server { location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } error_page 403 /error/404.html; diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ec1928e0..98887225 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1,6 +1,6 @@ #!/bin/bash -# myVesta Debian installer v.05 +# myVesta Debian installer v 0.9 #----------------------------------------------------------# # Variables&Functions # @@ -18,8 +18,45 @@ os='debian' release=$(cat /etc/debian_version | tr "." "\n" | head -n1) codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" vestacp="$VESTA/install/$VERSION/$release" +ARCH="amd64" -if [ "$release" -eq 10 ]; then +if [ "$release" -eq 13 ]; then + software="nginx apache2 apache2-utils + libapache2-mod-fcgid php-fpm php + php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats + vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy + clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mariadb-server mariadb-common + mariadb-client postgresql postgresql-contrib phpmyadmin mc + flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl + unrar-free vim-common net-tools unzip iptables xxd spamd" +elif [ "$release" -eq 12 ]; then + software="nginx apache2 apache2-utils + libapache2-mod-fcgid php-fpm php + php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats + vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy + clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mariadb-server mariadb-common + mariadb-client postgresql postgresql-contrib phpmyadmin mc + flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl + unrar-free vim-common net-tools unzip iptables xxd spamd rsyslog" +elif [ "$release" -eq 11 ]; then + software="nginx apache2 apache2-utils + libapache2-mod-fcgid php-fpm php + php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats + vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy + clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mariadb-server mariadb-common + mariadb-client postgresql postgresql-contrib phppgadmin phpmyadmin mc + flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl + unrar-free vim-common net-tools unzip iptables" +elif [ "$release" -eq 10 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats @@ -77,7 +114,8 @@ help() { -v, --vsftpd Install Vsftpd [yes|no] default: no -j, --proftpd Install ProFTPD [yes|no] default: yes -k, --named Install Bind [yes|no] default: yes - -m, --mysql Install MySQL [yes|no] default: yes + -m, --mysql Install MariaDB [yes|no] default: yes + -d, --mysql8 Install MySQL 8 [yes|no] default: no -g, --postgresql Install PostgreSQL [yes|no] default: no -x, --exim Install Exim [yes|no] default: yes -z, --dovecot Install Dovecot [yes|no] default: yes @@ -105,7 +143,11 @@ help() { # Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - LENGTH=32 + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi while [ ${n:=1} -le $LENGTH ]; do PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" let n+=1 @@ -147,6 +189,25 @@ set_default_lang() { fi } +ensure_startup() { + echo "- making sure startup is enabled for: $1" + currentservice=$1 + unit_files="$(systemctl list-unit-files |grep $currentservice)" + if [[ "$unit_files" =~ "disabled" ]]; then + systemctl enable $currentservice + fi +} + +ensure_start() { + echo "- making sure $1 is started" + currentservice=$1 + systemctl status $currentservice.service > /dev/null 2>&1 + r=$? + if [ $r -ne 0 ]; then + systemctl start $currentservice + check_result $? "$currentservice start failed" + fi +} #----------------------------------------------------------# # Verifications # @@ -166,6 +227,7 @@ for arg; do --proftpd) args="${args}-j " ;; --named) args="${args}-k " ;; --mysql) args="${args}-m " ;; + --mysql8) args="${args}-d " ;; --postgresql) args="${args}-g " ;; --mongodb) args="${args}-d " ;; --exim) args="${args}-x " ;; @@ -201,7 +263,8 @@ while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:u:1:fh" Option; do v) vsftpd=$OPTARG ;; # Vsftpd j) proftpd=$OPTARG ;; # Proftpd k) named=$OPTARG ;; # Named - m) mysql=$OPTARG ;; # MySQL + m) mysql=$OPTARG ;; # MariaDB + d) mysql8=$OPTARG ;; # MySQL8 g) postgresql=$OPTARG ;; # PostgreSQL d) mongodb=$OPTARG ;; # MongoDB (unsupported) x) exim=$OPTARG ;; # Exim @@ -234,11 +297,12 @@ set_default_value 'vsftpd' 'no' set_default_value 'proftpd' 'yes' set_default_value 'named' 'yes' set_default_value 'mysql' 'yes' +set_default_value 'mysql8' 'no' set_default_value 'postgresql' 'no' set_default_value 'mongodb' 'no' set_default_value 'exim' 'yes' set_default_value 'dovecot' 'yes' -if [ $memory -lt 1500000 ]; then +if [ $memory -lt 2500000 ]; then set_default_value 'clamd' 'no' set_default_value 'spamd' 'no' else @@ -268,6 +332,9 @@ fi if [ "$iptables" = 'no' ]; then fail2ban='no' fi +if [ "$mysql8" = 'yes' ]; then + mysql='no' +fi # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then @@ -282,15 +349,18 @@ if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$force" ]; then check_result 1 "User admin exists" fi +echo "Updating apt, please wait..." +apt-get update > /dev/null 2>&1 + # Checking wget if [ ! -e '/usr/bin/wget' ]; then - apt-get -y install wget + apt-get -y install wget > /dev/null 2>&1 check_result $? "Can't install wget" fi # Check if gnupg2 is installed if [ $(dpkg-query -W -f='${Status}' gnupg2 2>/dev/null | grep -c "ok installed") -eq 0 ]; then - apt -y install gnupg2 + apt-get -y install gnupg2 > /dev/null 2>&1 fi # Check if apparmor is installed @@ -314,6 +384,15 @@ for pkg in exim4 mysql-server apache2 nginx vesta; do fi done rm -f $tmpfile + +if [ ! -z "$conflicts" ] && [[ "$conflicts" = *"exim4"* ]]; then + echo "=== Removing pre-installed exim4" + apt remove --purge -y exim4 exim4-base exim4-config + rm -rf /etc/exim4 + conflicts=$(echo "$conflicts" | sed -e "s/exim4//") + conflicts=$(echo "$conflicts" | sed -e "s/ //") +fi + if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo @@ -388,7 +467,10 @@ fi # DB stack if [ "$mysql" = 'yes' ]; then - echo ' - MySQL Database server' + echo ' - MariaDB Database server' +fi +if [ "$mysql8" = 'yes' ]; then + echo ' - MySQL 8 Database server' fi if [ "$postgresql" = 'yes' ]; then echo ' - PostgreSQL Database server' @@ -421,10 +503,16 @@ echo -e "\n\n" # Asking for confirmation to proceed if [ "$interactive" = 'yes' ]; then - read -p 'Would you like to continue [y/n]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 + prompt_to_continue=1; + if [ ! -z "$email" ] && [ ! -z "$secret_url" ] && [ ! -z "$port" ] && [ ! -z "$servername" ]; then + prompt_to_continue=0; + fi + if [ $prompt_to_continue -eq 1 ]; then + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi fi # Asking for contact email @@ -471,6 +559,8 @@ if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then fi echo "127.0.0.1 $servername" >> /etc/hosts fi +echo "$servername" > /etc/hostname +hostname $servername # Set email if it wasn't set if [ -z "$email" ]; then @@ -495,8 +585,8 @@ sleep 5 # Checking swap # #----------------------------------------------------------# -# Checking swap on small instances if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then + echo "== Checking swap on small instances" fallocate -l 1G /swapfile chmod 600 /swapfile mkswap /swapfile @@ -509,20 +599,24 @@ fi # Install repository # #----------------------------------------------------------# -# Updating system +echo "=== Updating system (apt-get -y upgrade)" apt-get -y upgrade check_result $? 'apt-get upgrade failed' -# Installing nginx repo -apt=/etc/apt/sources.list.d -echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list -wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key -apt-key add /tmp/nginx_signing.key +echo "=== Installing nginx repo" +apt="/etc/apt/sources.list.d" +# echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list +# wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key +# apt-key add /tmp/nginx_signing.key +echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list +curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1 -# Installing vesta repo -echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list -wget $CHOST/deb_signing.key -O deb_signing.key -apt-key add deb_signing.key +echo "=== Installing myVesta repo" +# echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list +# wget $CHOST/deb_signing.key -O deb_signing.key +# apt-key add deb_signing.key +echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/myvesta-keyring.gpg] https://$RHOST/$codename/ $codename vesta" > $apt/vesta.list +curl -s $CHOST/deb_signing.key | gpg --dearmor | tee /usr/share/keyrings/myvesta-keyring.gpg > /dev/null 2>&1 # Installing jessie backports if [ "$release" -eq 8 ]; then @@ -540,12 +634,15 @@ fi # Backup # #----------------------------------------------------------# -# Creating backup directory tree +mkdir /backup + +echo "=== Creating backup directory tree" mkdir -p $vst_backups cd $vst_backups mkdir nginx apache2 php php5 php5-fpm vsftpd proftpd bind exim4 dovecot clamd mkdir spamassassin mysql postgresql mongodb vesta +echo "=== Backing up old configs" # Backing up Nginx configuration service nginx stop > /dev/null 2>&1 cp -r /etc/nginx/* $vst_backups/nginx >/dev/null 2>&1 @@ -663,9 +760,53 @@ if [ "$mysql" = 'no' ]; then software=$(echo "$software" | sed -e 's/mysql-server//') software=$(echo "$software" | sed -e 's/mysql-client//') software=$(echo "$software" | sed -e 's/mysql-common//') + software=$(echo "$software" | sed -e 's/mariadb-server//') + software=$(echo "$software" | sed -e 's/mariadb-client//') + software=$(echo "$software" | sed -e 's/mariadb-common//') software=$(echo "$software" | sed -e 's/php5-mysql//') software=$(echo "$software" | sed -e 's/php-mysql//') software=$(echo "$software" | sed -e 's/phpMyAdmin//') + software=$(echo "$software" | sed -e 's/phpmyadmin//') + software=$(echo "$software" | sed -e 's/roundcube-mysql//') +fi +if [ "$mysql8" = 'yes' ]; then + echo "=== Preparing MySQL 8 apt repo" + if [ "$release" -lt 12 ]; then + software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') + software=$(echo "$software" | sed -e 's/exim4//') + #software="$software php-mysql roundcube-mysql" + echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list + echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list + echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list + echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list + echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + + # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 + key="467B942D3A79BD29" + readonly key + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) + do + gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break + done + gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg + gpgconf --kill all + rm -rf "${GNUPGHOME}" + unset GNUPGHOME + else + # check latest on: https://dev.mysql.com/downloads/repo/apt/ + wget https://dev.mysql.com/get/mysql-apt-config_0.8.34-1_all.deb + dpkg -i mysql-apt-config_0.8.34-1_all.deb + fi + + mpass=$(gen_pass) + debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass" + debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password $mpass" + debconf-set-selections <<< "mysql-community-server mysql-server/default-auth-override select Use Legacy Authentication Method (Retain MySQL 5.x Compatibility)" fi if [ "$postgresql" = 'no' ]; then software=$(echo "$software" | sed -e 's/postgresql-contrib//') @@ -687,39 +828,70 @@ fi #----------------------------------------------------------# # Update system packages +echo "=== Running: apt-get update" apt-get update -# Disable daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz +echo "=== Disable daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz" echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d chmod a+x /usr/sbin/policy-rc.d -# Install apt packages +if [ "$mysql8" = 'yes' ]; then + echo "=== Installing MySQL 8" + apt-get -y install mysql-server mysql-client mysql-common + #update-rc.d mysql defaults + currentservice='mysql' + ensure_startup $currentservice + ensure_start $currentservice + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysqladmin -u root password $mpass +fi + +echo "=== Installing all apt packages" +# echo "apt-get -y install $software" apt-get -y install $software + check_result $? "apt-get install failed" -# Restore policy +if [ "$mysql8" = 'yes' ]; then + if [ "$exim" = 'yes' ]; then + echo "=== Installing exim4" + apt-get -y install exim4 exim4-daemon-heavy + fi + echo "=== Installing phpmyadmin" + #apt-get -y --no-install-recommends install phpmyadmin + apt-get -y install phpmyadmin +fi + +echo "=== Enabling daemon autostart" rm -f /usr/sbin/policy-rc.d +if [ "$release" -gt 11 ]; then + echo "=== Setting up rsyslog" + currentservice='rsyslog' + ensure_startup $currentservice + ensure_start $currentservice +fi #----------------------------------------------------------# # Configure system # #----------------------------------------------------------# -# Enable SSH password auth +echo "== Enable SSH password auth" sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config -service ssh restart +systemctl restart ssh -# Disable awstats cron +echo "== Disable awstats cron" rm -f /etc/cron.d/awstats -# Set directory color +echo "== Set directory color" echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile -# Register /sbin/nologin and /usr/sbin/nologin +echo "== Register /sbin/nologin and /usr/sbin/nologin" echo "/sbin/nologin" >> /etc/shells echo "/usr/sbin/nologin" >> /etc/shells -# NTP Synchronization +echo "== NTP Synchronization" echo '#!/bin/sh' > /etc/cron.daily/ntpdate echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate chmod 775 /etc/cron.daily/ntpdate @@ -740,12 +912,12 @@ fi # Configure VESTA # #----------------------------------------------------------# -# Installing sudo configuration +echo "== Installing sudo configuration" mkdir -p /etc/sudoers.d cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin -# Configuring system env +echo "== Configuring system env" echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh chmod 755 /etc/profile.d/vesta.sh source /etc/profile.d/vesta.sh @@ -753,10 +925,10 @@ echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile -# Configuring logrotate for Vesta logs +echo "== Copying logrotate for myVesta logs" cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ -# Building directory tree and creating some blank files for vesta +echo "== Building directory tree and creating some blank files for myVesta" mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ $VESTA/data/sessions @@ -771,7 +943,7 @@ rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta chmod 770 $VESTA/data/sessions -# Generating vesta configuration +echo "== Generating vesta.conf" rm -f $VESTA/conf/vesta.conf 2>/dev/null touch $VESTA/conf/vesta.conf chmod 660 $VESTA/conf/vesta.conf @@ -801,7 +973,7 @@ if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf - if [ "$release" -eq 9 ] || [ "$release" -eq 10 ]; then + if [ "$release" -gt 8 ]; then if [ "$phpfpm" = 'yes' ]; then echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf fi @@ -833,7 +1005,11 @@ if [ "$exim" = 'yes' ]; then echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $VESTA/conf/vesta.conf fi if [ "$spamd" = 'yes' ]; then - echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + if [ "$release" -lt 12 ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + else + echo "ANTISPAM_SYSTEM='spamd'" >> $VESTA/conf/vesta.conf + fi fi if [ "$dovecot" = 'yes' ]; then echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf @@ -865,14 +1041,14 @@ echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf -# Installing hosting packages +echo "== Copying packages" cp -rf $vestacp/packages $VESTA/data/ -# Installing templates +echo "== Copying templates" cp -rf $vestacp/templates $VESTA/data/ if [ "$release" -eq 10 ]; then - # Symlink missing templates + echo "== Symlink missing templates" ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl @@ -887,8 +1063,56 @@ if [ "$release" -eq 10 ]; then ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-73.stpl ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-73.tpl fi +if [ "$release" -eq 11 ]; then + echo "== Symlink missing templates" + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl -# Set nameservers + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-74.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-74.tpl +fi +if [ "$release" -eq 12 ]; then + echo "== Symlink missing templates" + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl + + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl +fi +if [ "$release" -eq 13 ]; then + echo "== Symlink missing templates" + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl + + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.tpl +fi + +echo "== Set nameservers address" sed -i "s/YOURHOSTNAME1/ns1.$servername/" /usr/local/vesta/data/packages/default.pkg sed -i "s/YOURHOSTNAME2/ns2.$servername/" /usr/local/vesta/data/packages/default.pkg sed -i "s/ns1.domain.tld/ns1.$servername/" /usr/local/vesta/data/packages/default.pkg @@ -896,26 +1120,30 @@ sed -i "s/ns2.domain.tld/ns2.$servername/" /usr/local/vesta/data/packages/defaul sed -i "s/ns1.example.com/ns1.$servername/" /usr/local/vesta/data/packages/default.pkg sed -i "s/ns2.example.com/ns2.$servername/" /usr/local/vesta/data/packages/default.pkg -# Copying index.html to default documentroot +echo "== Copying index.html to default documentroot" cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/ sed -i 's/%domain%/It worked!/g' /var/www/index.html -# Installing firewall rules +echo "== Copying firewall rules" cp -rf $vestacp/firewall $VESTA/data/ -# Configuring server hostname +echo "== Configuring server hostname: $servername" $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null -# Generating SSL certificate +echo "== Generating myVesta unsigned SSL certificate" $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ - 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem + 'San Francisco' 'myVesta Control Panel' 'IT' > /tmp/vst.pem # Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) +if [ "$release" -lt 12 ]; then + key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) +else + key_start=$(grep -n "BEGIN PRIVATE KEY" /tmp/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END PRIVATE KEY" /tmp/vst.pem |cut -f 1 -d:) +fi -# Adding SSL certificate cd $VESTA/ssl sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key @@ -929,18 +1157,34 @@ rm /tmp/vst.pem #----------------------------------------------------------# if [ "$nginx" = 'yes' ]; then + echo "=== Configure nginx" rm -f /etc/nginx/conf.d/*.conf cp -f $vestacp/nginx/nginx.conf /etc/nginx/ cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ - cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + if [ "$release" -lt 12 ]; then + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + fi cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ + + # default user/pass for private-hosting.tpl: private / folder + echo 'private:$apr1$0MYnchM5$yVi/OTfp7o3lGNst/a8.90' > /etc/nginx/.htpasswd + echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains - update-rc.d nginx defaults - service nginx start - check_result $? "nginx start failed" + + if [ "$apache" = 'yes' ]; then + # SSL fix for Apache 2.4.65+ + echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + touch /usr/local/vesta/data/upgrades/fixssl.conf + fi + + #update-rc.d nginx defaults + #service nginx start + currentservice='nginx' + ensure_startup $currentservice + ensure_start $currentservice fi @@ -949,6 +1193,7 @@ fi #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then + echo "=== Configure Apache" cp -f $vestacp/apache2/apache2.conf /etc/apache2/ cp -f $vestacp/apache2/status.conf /etc/apache2/mods-enabled/ cp -f $vestacp/logrotate/apache2 /etc/logrotate.d/ @@ -971,12 +1216,16 @@ if [ "$apache" = 'yes' ]; then chmod a+x /var/log/apache2 chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log chmod 751 /var/log/apache2/domains - update-rc.d apache2 defaults - service apache2 start - check_result $? "apache2 start failed" + #update-rc.d apache2 defaults + #service apache2 start + currentservice='apache2' + ensure_startup $currentservice + ensure_start $currentservice else - update-rc.d apache2 disable >/dev/null 2>&1 - service apache2 stop >/dev/null 2>&1 + #update-rc.d apache2 disable >/dev/null 2>&1 + #service apache2 stop >/dev/null 2>&1 + systemctl disable apache2 + systemctl stop apache2 fi @@ -985,21 +1234,43 @@ fi #----------------------------------------------------------# if [ "$phpfpm" = 'yes' ]; then - if [ "$release" -eq 10 ]; then + echo "=== Configure PHP-FPM" + if [ "$release" -eq 13 ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php/8.4/fpm/pool.d/www.conf + #update-rc.d php8.4-fpm defaults + currentservice='php8.4-fpm' + ensure_startup $currentservice + ensure_start $currentservice + elif [ "$release" -eq 12 ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf + #update-rc.d php8.2-fpm defaults + currentservice='php8.2-fpm' + ensure_startup $currentservice + ensure_start $currentservice + elif [ "$release" -eq 11 ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php/7.4/fpm/pool.d/www.conf + #update-rc.d php7.4-fpm defaults + currentservice='php7.4-fpm' + ensure_startup $currentservice + ensure_start $currentservice + elif [ "$release" -eq 10 ]; then cp -f $vestacp/php-fpm/www.conf /etc/php/7.3/fpm/pool.d/www.conf - update-rc.d php7.3-fpm defaults - service php7.3-fpm start - check_result $? "php-fpm start failed" + #update-rc.d php7.3-fpm defaults + currentservice='php7.3-fpm' + ensure_startup $currentservice + ensure_start $currentservice elif [ "$release" -eq 9 ]; then cp -f $vestacp/php-fpm/www.conf /etc/php/7.0/fpm/pool.d/www.conf - update-rc.d php7.0-fpm defaults - service php7.0-fpm start - check_result $? "php-fpm start failed" + #update-rc.d php7.0-fpm defaults + currentservice='php7.0-fpm' + ensure_startup $currentservice + ensure_start $currentservice else cp -f $vestacp/php5-fpm/www.conf /etc/php5/fpm/pool.d/www.conf - update-rc.d php5-fpm defaults - service php5-fpm start - check_result $? "php-fpm start failed" + #update-rc.d php5-fpm defaults + currentservice='php5-fpm' + ensure_startup $currentservice + ensure_start $currentservice fi fi @@ -1008,6 +1279,7 @@ fi # Configure PHP # #----------------------------------------------------------# +echo "=== Configure PHP timezone" ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') if [ -z "$ZONE" ]; then ZONE='UTC' @@ -1023,10 +1295,12 @@ done #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then + echo "=== Configure VSFTPD" cp -f $vestacp/vsftpd/vsftpd.conf /etc/ - update-rc.d vsftpd defaults - service vsftpd start - check_result $? "vsftpd start failed" + #update-rc.d vsftpd defaults + currentservice='vsftpd' + ensure_startup $currentservice + ensure_start $currentservice # To be deleted after release 0.9.8-18 echo "/sbin/nologin" >> /etc/shells @@ -1038,11 +1312,20 @@ fi #----------------------------------------------------------# if [ "$proftpd" = 'yes' ]; then + echo "=== Configure ProFTPD" echo "127.0.0.1 $servername" >> /etc/hosts cp -f $vestacp/proftpd/proftpd.conf /etc/proftpd/ - update-rc.d proftpd defaults - service proftpd start - check_result $? "proftpd start failed" + cp -f $vestacp/proftpd/tls.conf /etc/proftpd/ + #update-rc.d proftpd defaults + currentservice='proftpd' + ensure_startup $currentservice + ensure_start $currentservice + + # Temporary ProFTPD fix for Debian12 + if [ "$release" -eq 12 ]; then + systemctl disable --now proftpd.socket + systemctl enable --now proftpd.service + fi fi @@ -1050,34 +1333,47 @@ fi # Configure MySQL/MariaDB # #----------------------------------------------------------# -if [ "$mysql" = 'yes' ]; then - mycnf="my-small.cnf" - if [ $memory -gt 1200000 ]; then - mycnf="my-medium.cnf" +if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then + + if [ "$mysql" = 'yes' ]; then + touch $VESTA/conf/mariadb_installed fi - if [ $memory -gt 3900000 ]; then - mycnf="my-large.cnf" + if [ "$mysql8" = 'yes' ]; then + touch $VESTA/conf/mysql8_installed fi - # MySQL configuration - cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf - mysql_install_db - update-rc.d mysql defaults - service mysql start - check_result $? "mysql start failed" + if [ "$mysql" = 'yes' ]; then + echo "=== Configure MariaDB" + mycnf="my-small.cnf" + if [ $memory -gt 1200000 ]; then + mycnf="my-medium.cnf" + fi + if [ $memory -gt 3900000 ]; then + mycnf="my-large.cnf" + fi - # Securing MySQL installation - mpass=$(gen_pass) - mysqladmin -u root password $mpass - echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf - chmod 600 /root/.my.cnf - mysql -e "DELETE FROM mysql.user WHERE User=''" - mysql -e "DROP DATABASE test" >/dev/null 2>&1 - mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" - mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" - mysql -e "FLUSH PRIVILEGES" + # MySQL configuration + cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf + mysql_install_db + # update-rc.d mysql defaults + currentservice='mysql' + ensure_startup $currentservice + ensure_start $currentservice + + # Securing MySQL installation + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysql -e "DELETE FROM mysql.user WHERE User=''" + mysql -e "DROP DATABASE test" >/dev/null 2>&1 + mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" + mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "FLUSH PRIVILEGES" + fi # Configuring phpMyAdmin + echo "=== Configure phpMyAdmin" if [ "$release" -eq 10 ]; then mkdir /etc/phpmyadmin mkdir -p /var/lib/phpmyadmin/tmp @@ -1094,7 +1390,7 @@ if [ "$mysql" = 'yes' ]; then mkdir /usr/share/phpmyadmin pma_v='4.9.7' - echo "(*) Installing phpMyAdmin version v$pma_v..." + echo "=== Installing phpMyAdmin version v$pma_v (Debian10 custom part)" cd /root/phpmyadmin @@ -1127,6 +1423,29 @@ if [ "$mysql" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php + fi + if [ "$release" -gt 10 ]; then + echo "=== Configure phpMyAdmin (Debian11 custom part)" + # Set config and log directory + sed -i "s|define('CONFIG_DIR', '');|define('CONFIG_DIR', '/etc/phpmyadmin/');|" /usr/share/phpmyadmin/libraries/vendor_config.php + sed -i "s|define('TEMP_DIR', './tmp/');|define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/');|" /usr/share/phpmyadmin/libraries/vendor_config.php + + # Create temporary folder and change permission + mkdir /usr/share/phpmyadmin/tmp + chmod 777 /usr/share/phpmyadmin/tmp + + mkdir /root/phpmyadmin + wget -nv -O /root/phpmyadmin/pma.sh http://c.myvestacp.com/debian/11/pma/pma.sh + wget -nv -O /root/phpmyadmin/create_tables.sql http://c.myvestacp.com/debian/11/pma/create_tables.sql + bash /root/phpmyadmin/pma.sh + blowfish=$(gen_pass) + echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi fi @@ -1135,16 +1454,21 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + echo "=== Configure PostgreSQL" ppass=$(gen_pass) cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ - service postgresql restart + currentservice='postgresql' + ensure_startup $currentservice + ensure_start $currentservice sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin - if [ "$apache" = 'yes' ]; then - cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + if [ "$release" -lt 12 ]; then + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + fi + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi - cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi @@ -1153,6 +1477,7 @@ fi #----------------------------------------------------------# if [ "$named" = 'yes' ]; then + echo "=== Configure Bind9" cp -f $vestacp/bind/named.conf /etc/bind/ sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options chown root:bind /etc/bind/named.conf @@ -1164,12 +1489,13 @@ if [ "$named" = 'yes' ]; then sed -i "s#/etc/bind/\*\* r,#/etc/bind/\*\* rw,\n /home/\*\* rwm,#g" /etc/apparmor.d/usr.sbin.named # service apparmor status >/dev/null 2>&1 # if [ $? -ne 0 ]; then - service apparmor restart + systemctl restart apparmor # fi fi - update-rc.d bind9 defaults - service bind9 start - check_result $? "bind9 start failed" + # update-rc.d bind9 defaults + currentservice='bind9' + ensure_startup $currentservice + ensure_start $currentservice fi #----------------------------------------------------------# @@ -1177,12 +1503,17 @@ fi #----------------------------------------------------------# if [ "$exim" = 'yes' ]; then + echo "=== Configure Exim" gpasswd -a Debian-exim mail cp -f $vestacp/exim/exim4.conf.template /etc/exim4/ cp -f $vestacp/exim/dnsbl.conf /etc/exim4/ cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ cp -f $vestacp/exim/deny_senders /etc/exim4/ touch /etc/exim4/white-blocks.conf + touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_email_account_max_recipients + touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_hosting_account_max_recipients if [ "$spamd" = 'yes' ]; then sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template @@ -1191,6 +1522,12 @@ if [ "$exim" = 'yes' ]; then sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template fi + # Generating SRS KEY - the code is taken from HestiaCP + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf + chmod 640 /etc/exim4/exim4.conf.template rm -rf /etc/exim4/domains mkdir -p /etc/exim4/domains @@ -1202,8 +1539,11 @@ if [ "$exim" = 'yes' ]; then update-rc.d -f postfix remove > /dev/null 2>&1 service postfix stop > /dev/null 2>&1 - update-rc.d exim4 defaults - service exim4 start + #update-rc.d exim4 defaults + currentservice='exim4' + ensure_startup $currentservice + systemctl restart $currentservice + # ensure_start $currentservice fi @@ -1212,13 +1552,15 @@ fi #----------------------------------------------------------# if [ "$dovecot" = 'yes' ]; then + echo "=== Configure Dovecot" gpasswd -a dovecot mail cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* - update-rc.d dovecot defaults - service dovecot start - check_result $? "dovecot start failed" + # update-rc.d dovecot defaults + currentservice='dovecot' + ensure_startup $currentservice + ensure_start $currentservice fi @@ -1227,13 +1569,20 @@ fi #----------------------------------------------------------# if [ "$clamd" = 'yes' ]; then + echo "=== Configure ClamAV" gpasswd -a clamav mail gpasswd -a clamav Debian-exim cp -f $vestacp/clamav/clamd.conf /etc/clamav/ mkdir -p /var/lib/clamav /usr/bin/freshclam - update-rc.d clamav-daemon defaults - if [ ! -d "/var/run/clamav" ]; then + + # update-rc.d clamav-daemon defaults + currentservice='clamav-daemon' + ensure_startup $currentservice + currentservice='clamav-freshclam' + ensure_startup $currentservice + + if [ ! -d "/var/run/clamav" ]; then mkdir /var/run/clamav fi chown -R clamav:clamav /var/run/clamav @@ -1249,8 +1598,11 @@ if [ "$clamd" = 'yes' ]; then wget -nv -O $clamavfolder/foxhole_all.cdb http://c.myvestacp.com/tools/clamav/foxhole_all.cdb chown clamav:clamav $clamavfolder/foxhole_all.cdb fi - service clamav-daemon start - check_result $? "clamav-daeom start failed" + + currentservice='clamav-daemon' + ensure_start $currentservice + currentservice='clamav-freshclam' + ensure_start $currentservice fi @@ -1259,14 +1611,35 @@ fi #----------------------------------------------------------# if [ "$spamd" = 'yes' ]; then - update-rc.d spamassassin defaults - sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin - service spamassassin start - check_result $? "spamassassin start failed" - unit_files="$(systemctl list-unit-files |grep spamassassin)" - if [[ "$unit_files" =~ "disabled" ]]; then - systemctl enable spamassassin + echo "=== Configure SpamAssassin" + #update-rc.d spamassassin defaults + if [ "$release" -lt 12 ]; then + sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin + currentservice='spamassassin' + else + currentservice='spamd' fi + + echo "=== Creating spamassassin /nonexistent folder" + mkdir /nonexistent + mkdir /nonexistent/.spamassassin + chown -R nobody:debian-spamd /nonexistent + + echo "=== Patching spamassassin dns_server" + sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf + + echo "== Adding myVesta rules to SpamAssassin" + cat < /etc/spamassassin/myvesta.cf +score RCVD_IN_RP_SAFE 0 +score RCVD_IN_RP_CERTIFIED 0 +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + + wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf + ensure_startup $currentservice + systemctl restart $currentservice fi @@ -1274,7 +1647,8 @@ fi # Configure RoundCube # #----------------------------------------------------------# -if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then +if [ "$exim" = 'yes' ] && { [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; } then + echo "=== Configure RoundCube" if [ "$apache" = 'yes' ]; then cp -f $vestacp/roundcube/apache.conf /etc/roundcube/ ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf @@ -1290,21 +1664,25 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ r="$(gen_pass)" mysql -e "CREATE DATABASE roundcube" - mysql -e "GRANT ALL ON roundcube.* - TO roundcube@localhost IDENTIFIED BY '$r'" + if [ "$mysql8" = 'yes' ]; then + mysql -e "CREATE USER 'roundcube'@'localhost' IDENTIFIED BY '$r';" + mysql -e "GRANT ALL ON roundcube.* + TO roundcube@localhost" + else + mysql -e "GRANT ALL ON roundcube.* + TO roundcube@localhost IDENTIFIED BY '$r'" + fi sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php sed -i "s/localhost/$servername/g" \ /etc/roundcube/plugins/password/config.inc.php mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql chmod a+r /etc/roundcube/main.inc.php - if [ "$release" -eq 8 ] || [ "$release" -eq 9 ] || [ "$release" -eq 10 ]; then - mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php - mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php - chmod 640 /etc/roundcube/debian-db-roundcube.php - chmod 640 /etc/roundcube/config.inc.php - chown root:www-data /etc/roundcube/debian-db-roundcube.php - chown root:www-data /etc/roundcube/config.inc.php - fi + mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php + mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/config.inc.php + chown root:www-data /etc/roundcube/debian-db-roundcube.php + chown root:www-data /etc/roundcube/config.inc.php sed -i "s#^\$config\['smtp_user'\].*#\$config\['smtp_user'\] = '%u';#g" /etc/roundcube/defaults.inc.php sed -i "s#^\$config\['smtp_pass'\].*#\$config\['smtp_pass'\] = '%p';#g" /etc/roundcube/defaults.inc.php if [ "$release" -eq 8 ]; then @@ -1340,6 +1718,7 @@ fi #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then + echo "=== Configure Fail2Ban" cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) @@ -1360,9 +1739,31 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local fi - update-rc.d fail2ban defaults - service fail2ban start - check_result $? "fail2ban start failed" + if [ ! -e /var/log/auth.log ]; then + # Debian workaround: auth logging was moved to systemd + # We took this fix from HestiaCP + touch /var/log/auth.log + chmod 640 /var/log/auth.log + chown root:adm /var/log/auth.log + fi + if [ "$proftpd" = 'yes' ]; then + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fi + + #update-rc.d fail2ban defaults + currentservice='fail2ban' + ensure_startup $currentservice + ensure_start $currentservice fi @@ -1370,7 +1771,13 @@ fi # Configure Admin User # #----------------------------------------------------------# -# Deleting old admin user +echo "=== Configure Admin User" +if [ "$release" -gt 10 ]; then + echo "=== Switching to sha512" + sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password +fi + +echo "== Deleting old admin user" if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then chattr -i /home/admin/conf > /dev/null 2>&1 userdel -f admin >/dev/null 2>&1 @@ -1382,14 +1789,14 @@ if [ ! -z "$(grep ^admin: /etc/group)" ]; then groupdel admin > /dev/null 2>&1 fi -# Adding vesta account +echo "== Adding vesta account" $VESTA/bin/v-add-user admin $vpass $email default System Administrator check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash $VESTA/bin/v-change-user-language admin $lang -# RoundCube permissions fix -if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then +if [ "$exim" = 'yes' ] && { [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; } then + echo "== RoundCube permissions fix" if [ ! -d "/var/log/roundcube" ]; then mkdir /var/log/roundcube fi @@ -1399,28 +1806,40 @@ fi # Vesta data sessions permissions chown admin:admin $VESTA/data/sessions -# Configuring system ips +echo "== Configuring system ips (this can take a few minutes, relax)" $VESTA/bin/v-update-sys-ip -# Get main ip +echo "== Get main ip" ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) local_ip=$ip +# Writing '$ip $servername' to /etc/hosts +echo "== Writing '$ip $servername' to /etc/hosts" +sed -i "/$servername/d" /etc/hosts +subdomain=$(echo "$servername" | cut -d . -f-1) +if [ "$servername" != "$subdomain" ]; then + echo "$ip $servername $subdomain" >> /etc/hosts +else + echo "$ip $servername" >> /etc/hosts +fi + # Firewall configuration if [ "$iptables" = 'yes' ]; then + echo "== Firewall configuration" $VESTA/bin/v-update-firewall fi -# Get public ip +echo "== Get public ip" pub_ip=$(curl -4 -s https://scripts.myvestacp.com/ip.php) if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + echo "== NAT detected" $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip ip=$pub_ip fi -# Configuring libapache2-mod-remoteip if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo "== Configuring libapache2-mod-remoteip" cd /etc/apache2/mods-available echo "" > remoteip.conf echo " RemoteIPHeader X-Real-IP" >> remoteip.conf @@ -1439,30 +1858,31 @@ if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then service apache2 restart fi -# Configuring mysql host -if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $mpass - # $VESTA/bin/v-add-database admin default default $(gen_pass) mysql +if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then + echo "== Configuring mysql host" + $VESTA/bin/v-add-database-host mysql localhost root $mpass + # $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi -# Configuring pgsql host if [ "$postgresql" = 'yes' ]; then + echo "== Configuring pgsql host" $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi -# Adding default domain +echo "== Adding default domain" $VESTA/bin/v-add-domain admin $servername check_result $? "can't create $servername domain" if [ "$named" = 'yes' ]; then - # Adding ns1 and ns2 A records + echo "== Adding ns1 and ns2 A records" /usr/local/vesta/bin/v-add-dns-record 'admin' "$servername" 'ns1' 'A' "$pub_ip" /usr/local/vesta/bin/v-add-dns-record 'admin' "$servername" 'ns2' 'A' "$pub_ip" fi if [ "$release" -eq 10 ]; then if [ -f "/etc/php/7.3/fpm/pool.d/$servername.conf" ]; then + echo "== FPM pool.d $servername tweaks" sed -i "/^group =/c\group = www-data" /etc/php/7.3/fpm/pool.d/$servername.conf sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/7.3/fpm/pool.d/$servername.conf sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/7.3/fpm/pool.d/$servername.conf @@ -1473,8 +1893,48 @@ if [ "$release" -eq 10 ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'no' fi fi +if [ "$release" -eq 11 ]; then + if [ -f "/etc/php/7.4/fpm/pool.d/$servername.conf" ]; then + echo "== FPM pool.d $servername tweaks" + sed -i "/^group =/c\group = www-data" /etc/php/7.4/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/7.4/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/7.4/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/7.4/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/7.4/fpm/pool.d/$servername.conf + service php7.4-fpm restart + ln -s /var/lib/roundcube /var/lib/roundcube/webmail + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' + fi +fi +if [ "$release" -eq 12 ]; then + if [ -f "/etc/php/8.2/fpm/pool.d/$servername.conf" ]; then + echo "== FPM pool.d $servername tweaks" + sed -i "/^group =/c\group = www-data" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/8.2/fpm/pool.d/$servername.conf + service php8.2-fpm restart + ln -s /var/lib/roundcube /var/lib/roundcube/webmail + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' + fi +fi +if [ "$release" -eq 13 ]; then + if [ -f "/etc/php/8.4/fpm/pool.d/$servername.conf" ]; then + echo "== FPM pool.d $servername tweaks" + sed -i "/^group =/c\group = www-data" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/8.4/fpm/pool.d/$servername.conf + service php8.4-fpm restart + ln -s /var/lib/roundcube /var/lib/roundcube/webmail + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' + fi +fi -# Adding cron jobs + +echo "== Adding cron jobs" command="sudo $VESTA/bin/v-update-sys-queue disk" $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue traffic" @@ -1489,31 +1949,38 @@ command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -service cron restart +command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" +$VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-df-snapshot-make" +$VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" +$VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" +systemctl restart cron.service -# Building inititall rrd images +echo "== Building inititall rrd images" $VESTA/bin/v-update-sys-rrd -# Enabling file system quota if [ "$quota" = 'yes' ]; then + echo "== Enabling file system quota" $VESTA/bin/v-add-sys-quota fi -# Enabling softaculous plugin +echo "== Enabling softaculous plugin" if [ "$softaculous" = 'yes' ]; then $VESTA/bin/v-add-vesta-softaculous fi # Starting vesta service -update-rc.d vesta defaults -service vesta start -check_result $? "vesta start failed" +#update-rc.d vesta defaults +currentservice='vesta' +ensure_startup $currentservice +ensure_start $currentservice chown admin:admin $VESTA/data/sessions -# Adding notifications +echo "== Adding notifications" $VESTA/upd/add_notifications.sh -# Adding cronjob for autoupdates +echo "== Adding cronjob for autoupdates" $VESTA/bin/v-add-cron-vesta-autoupdate @@ -1523,10 +1990,19 @@ $VESTA/bin/v-add-cron-vesta-autoupdate echo "=== Installing additional PHP libs" if [ "$release" -eq 9 ]; then - apt-get -y install php7.0-apcu php7.0-mbstring php7.0-bcmath php7.0-curl php7.0-gd php7.0-intl php7.0-mcrypt php7.0-mysql php7.0-mysqlnd php7.0-pdo php7.0-soap php7.0-json php7.0-xml php7.0-zip php7.0-memcache php7.0-memcached php7.0-zip + apt-get -y install php7.0-apcu php7.0-mbstring php7.0-bcmath php7.0-curl php7.0-gd php7.0-intl php7.0-mcrypt php7.0-mysql php7.0-mysqlnd php7.0-pdo php7.0-soap php7.0-json php7.0-xml php7.0-zip php7.0-memcache php7.0-memcached php7.0-zip php7.0-imagick php7.0-imap fi if [ "$release" -eq 10 ]; then - apt-get -y install php7.3-apcu php7.3-mbstring php7.3-bcmath php7.3-curl php7.3-gd php7.3-intl php7.3-mysql php7.3-mysqlnd php7.3-pdo php7.3-soap php7.3-json php7.3-xml php7.3-zip php7.3-memcache php7.3-memcached php7.3-zip + apt-get -y install php7.3-apcu php7.3-mbstring php7.3-bcmath php7.3-curl php7.3-gd php7.3-intl php7.3-mysql php7.3-mysqlnd php7.3-pdo php7.3-soap php7.3-json php7.3-xml php7.3-zip php7.3-memcache php7.3-memcached php7.3-zip php7.3-imagick php7.3-imap +fi +if [ "$release" -eq 11 ]; then + apt-get -y install php7.4-apcu php7.4-mbstring php7.4-bcmath php7.4-curl php7.4-gd php7.4-intl php7.4-mysql php7.4-mysqlnd php7.4-pdo php7.4-soap php7.4-json php7.4-xml php7.4-zip php7.4-memcache php7.4-memcached php7.4-zip php7.4-imagick php7.4-imap +fi +if [ "$release" -eq 12 ]; then + apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap +fi +if [ "$release" -eq 13 ]; then + apt-get -y install php8.4-apcu php8.4-mbstring php8.4-bcmath php8.4-curl php8.4-gd php8.4-intl php8.4-mysql php8.4-mysqlnd php8.4-pdo php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-zip php8.4-imagick php8.4-imap fi touch /var/log/php-mail.log @@ -1547,7 +2023,9 @@ if [ "$release" -eq 9 ]; then patch -p1 --directory=/ < /root/vesta-temp-dl/vesta/patch/php7.0-dedi.patch fi fi + update-alternatives --set php /usr/bin/php7.0 fi + if [ "$release" -eq 10 ]; then if [ $memory -lt 10000000 ]; then echo "=== Patching php7.3-vps" @@ -1557,9 +2035,37 @@ if [ "$release" -eq 10 ]; then echo "=== Patching php7.3-dedi" patch /etc/php/7.3/fpm/php.ini < $vestacp/php/php7.3-dedi.patch fi + update-alternatives --set php /usr/bin/php7.3 service php7.3-fpm restart fi +if [ "$release" -eq 11 ]; then + if [ $memory -lt 10000000 ]; then + echo "=== Patching php7.4-vps" + patch /etc/php/7.4/fpm/php.ini < $vestacp/php/php7.4-vps.patch + fi + if [ $memory -gt 9999999 ]; then + echo "=== Patching php7.4-dedi" + patch /etc/php/7.4/fpm/php.ini < $vestacp/php/php7.4-dedi.patch + fi + update-alternatives --set php /usr/bin/php7.4 + service php7.4-fpm restart +fi + +if [ "$release" -eq 12 ]; then + echo "=== Patching php8.2" + patch /etc/php/8.2/fpm/php.ini < /usr/local/vesta/src/deb/for-download/tools/patches/php8.2.patch + update-alternatives --set php /usr/bin/php8.2 + service php8.2-fpm restart +fi + +if [ "$release" -eq 13 ]; then + echo "=== Patching php8.4" + patch /etc/php/8.4/fpm/php.ini < /usr/local/vesta/src/deb/for-download/tools/patches/php8.2.patch + update-alternatives --set php /usr/bin/php8.4 + service php8.4-fpm restart +fi + # echo "=== Patching rcube_vcard.php" # wget -nv https://c.myvestacp.com/tools/patches/rcube_vcard.patch -O /root/rcube_vcard.patch # patch /usr/share/roundcube/program/lib/Roundcube/rcube_vcard.php < /root/rcube_vcard.patch @@ -1624,12 +2130,22 @@ touch /usr/local/vesta/data/upgrades/change-clamav-socket-v3 touch /usr/local/vesta/data/upgrades/change-clamav-socket-v4 touch /usr/local/vesta/data/upgrades/keeping-mpm-event touch /usr/local/vesta/data/upgrades/keeping-mpm-event-2 +touch /usr/local/vesta/data/upgrades/keeping-mpm-event-3 touch /usr/local/vesta/data/upgrades/fix_ssl_directive_in_templates touch /usr/local/vesta/data/upgrades/clamav_block_exe_in_archives touch /usr/local/vesta/data/upgrades/clearing-letsencrypt-pipe touch /usr/local/vesta/data/upgrades/limit_max_recipients touch /usr/local/vesta/data/upgrades/roundcube_smtp_auth touch /usr/local/vesta/data/upgrades/apache_status_public_access +touch /usr/local/vesta/data/upgrades/update-cloudflare-ips +touch /usr/local/vesta/data/upgrades/enable-tls-in-proftpd +touch /usr/local/vesta/data/upgrades/enable_cookie_httponly +touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply +touch /usr/local/vesta/data/upgrades/freshclam_start +touch /usr/local/vesta/data/upgrades/barracuda_rbl +touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed +touch /usr/local/vesta/data/upgrades/v-df-snapshot-make +touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php # Secret URL secretquery='' @@ -1644,18 +2160,24 @@ if [ "$port" != "8083" ]; then $VESTA/bin/v-change-vesta-port $port fi -echo "=== Set URL for phpmyadmin" echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf -if [ "$release" -eq 10 ]; then +if [ "$release" -gt 9 ]; then echo "=== Set max_length_of_MySQL_username=80" + echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf fi -echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf -echo "================================================================" +echo "=== Adding FileManager license to vesta.conf" +echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf # Removing old PHP sessions files -crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - +touch /var/spool/cron/crontabs/root +echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;" >> /var/spool/cron/crontabs/root + +if [ -f "/root/.bash_profile" ]; then + echo "=== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile +fi #----------------------------------------------------------# # myVesta Access Info # diff --git a/src/deb/for-download/nginx/nginx-deb12.conf b/src/deb/for-download/nginx/nginx-deb12.conf new file mode 100644 index 00000000..cf236824 --- /dev/null +++ b/src/deb/for-download/nginx/nginx-deb12.conf @@ -0,0 +1,128 @@ +user admin; +worker_processes 1; +error_log /usr/local/vesta/log/nginx-error.log; +pid /var/run/vesta-nginx.pid; + +events { + worker_connections 128; + use epoll; +} + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 3m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + access_log /usr/local/vesta/log/nginx-access.log main; + + + # SSL PCI Compliance + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_session_cache shared:SSL:10m; + ssl_prefer_server_ciphers on; + + + # Mime settings + include /usr/local/vesta/nginx/conf/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript application/javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + fastcgi_read_timeout 300; + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Vhost + server { + listen 8083 ssl; + server_name _; + root /usr/local/vesta/web; + charset utf-8; + + # Fix error "The plain HTTP request was sent to HTTPS port" + error_page 497 https://$host:$server_port$request_uri; + + # ssl on; + ssl_certificate /usr/local/vesta/ssl/certificate.crt; + ssl_certificate_key /usr/local/vesta/ssl/certificate.key; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + error_page 404 /error/404/index.html; + error_page 403 /error/index.html; + error_page 500 /error/index.html; + + location / { + expires max; + index index.php; + } + + location /error/ { + expires max; + index index.html; + } + + location /rrd/ { + expires off; + internal; + } + + location /backup/ { + root /; + internal; + } + + location ~ \.php$ { + include /usr/local/vesta/nginx/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/vesta/web/$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + fastcgi_pass unix:/var/run/vesta-php.sock; + fastcgi_intercept_errors on; + break; + } + } +} diff --git a/src/deb/for-download/php/php-fpm.conf b/src/deb/for-download/php/php-fpm.conf index d9a04795..cd0005f8 100644 --- a/src/deb/for-download/php/php-fpm.conf +++ b/src/deb/for-download/php/php-fpm.conf @@ -32,3 +32,5 @@ php_admin_value[upload_max_filesize] = 512M php_admin_value[max_execution_time] = 600 php_admin_value[max_input_time] = 600 php_admin_value[session.save_path] = /usr/local/vesta/data/sessions +php_admin_flag[session.cookie_httponly] = on +php_admin_flag[session.cookie_secure] = on diff --git a/src/deb/for-download/tools/W3TC.json b/src/deb/for-download/tools/W3TC.json index 7e1f0340..0ca4cf8d 100644 --- a/src/deb/for-download/tools/W3TC.json +++ b/src/deb/for-download/tools/W3TC.json @@ -1,5 +1,5 @@ { - "version": "0.14.3", + "version": "2.2.7", "cluster.messagebus.debug": false, "cluster.messagebus.enabled": false, "cluster.messagebus.sns.region": "", @@ -11,7 +11,7 @@ "dbcache.debug_purge": false, "dbcache.enabled": true, "dbcache.engine": "memcached", - "dbcache.file.gc": 3600, + "dbcache.file.gc": 7200, "dbcache.file.locking": false, "dbcache.lifetime": 3600, "dbcache.memcached.persistent": true, @@ -26,8 +26,12 @@ "dbcache.redis.servers": [ "127.0.0.1:6379" ], + "dbcache.redis.verify_tls_certificates": true, "dbcache.redis.password": "", "dbcache.redis.dbid": 0, + "dbcache.redis.timeout": 0, + "dbcache.redis.retry_interval": 0, + "dbcache.redis.read_timeout": 0, "dbcache.use_filters": false, "dbcache.reject.constants": [ "APP_REQUEST", @@ -60,24 +64,47 @@ "\\bsql_calc_found_rows\\b", "\\bfound_rows\\(\\)" ], + "docroot_fix.enable": false, "lazyload.enabled": false, + "lazyload.threshold": "", "lazyload.process_img": true, "lazyload.process_background": true, "lazyload.googlemaps.google_maps_easy": false, "lazyload.googlemaps.wp_google_maps": false, "lazyload.googlemaps.wp_google_map_plugin": false, "lazyload.exclude": [ - "skip_lazy" + "avia-bg-style-fixed", + "data-bgposition=", + "data-envira-src=", + "data-large_image=", + "data-lazy-original=", + "data-lazy-src=", + "data-lazyload=", + "data-lazysrc=", + "data-no-lazy=", + "data-src=", + "data-srcset=", + "fullurl=", + "lazy-slider-img=", + "loading=\"eager\"", + "no-lazy", + "rev-slidebg", + "skip-lazy", + "soliloquy-image", + "swatch-img", + "w3-total-cache", + "woocommerce\/assets\/images\/placeholder.png", + "wpcf7_captcha" ], "lazyload.embed_method": "async_head", "objectcache.configuration_overloaded": false, "objectcache.enabled": true, "objectcache.debug": false, "objectcache.debug_purge": false, - "objectcache.enabled_for_wp_admin": true, + "objectcache.enabled_for_wp_admin": false, "objectcache.fallback_transients": true, "objectcache.engine": "memcached", - "objectcache.file.gc": 3600, + "objectcache.file.gc": 7200, "objectcache.file.locking": false, "objectcache.memcached.servers": [ "127.0.0.1:11211" @@ -91,8 +118,12 @@ "objectcache.redis.servers": [ "127.0.0.1:6379" ], + "objectcache.redis.verify_tls_certificates": true, "objectcache.redis.password": "", "objectcache.redis.dbid": 0, + "objectcache.redis.timeout": 0, + "objectcache.redis.retry_interval": 0, + "objectcache.redis.read_timeout": 0, "objectcache.groups.global": [ "users", "userlogins", @@ -107,7 +138,6 @@ "global-posts" ], "objectcache.groups.nonpersistent": [ - "comment", "counts", "plugins" ], @@ -118,9 +148,9 @@ "pgcache.comment_cookie_ttl": 86400, "pgcache.debug": false, "pgcache.debug_purge": false, - "pgcache.engine": "memcached", + "pgcache.engine": "file_generic", "pgcache.file.gc": 3600, - "pgcache.file.nfs": true, + "pgcache.file.nfs": false, "pgcache.file.locking": false, "pgcache.lifetime": 86400, "pgcache.memcached.servers": [ @@ -135,11 +165,15 @@ "pgcache.redis.servers": [ "127.0.0.1:6379" ], + "pgcache.redis.verify_tls_certificates": true, "pgcache.redis.password": "", "pgcache.redis.dbid": 0, - "pgcache.cache.query": true, + "pgcache.redis.timeout": 0, + "pgcache.redis.retry_interval": 0, + "pgcache.redis.read_timeout": 0, + "pgcache.cache.query": false, "pgcache.cache.home": true, - "pgcache.cache.feed": true, + "pgcache.cache.feed": false, "pgcache.cache.nginx_handle_xml": false, "pgcache.cache.ssl": true, "pgcache.cache.404": false, @@ -167,11 +201,11 @@ ], "pgcache.late_init": false, "pgcache.late_caching": false, - "pgcache.mirrors.enabled": true, + "pgcache.mirrors.enabled": false, "pgcache.mirrors.home_urls": [ "" ], - "pgcache.reject.front_page": "0", + "pgcache.reject.front_page": false, "pgcache.reject.logged": true, "pgcache.reject.logged_roles": false, "pgcache.reject.roles": [ @@ -200,7 +234,7 @@ "wptouch_switch_toggle" ], "pgcache.reject.request_head": false, - "pgcache.purge.front_page": "1", + "pgcache.purge.front_page": true, "pgcache.purge.home": true, "pgcache.purge.post": true, "pgcache.purge.comments": false, @@ -222,7 +256,7 @@ ], "pgcache.purge.sitemap_regex": "([a-z0-9_\\-]*?)sitemap([a-z0-9_\\-]*)?\\.xml", "pgcache.prime.enabled": false, - "pgcache.prime.interval": 3600, + "pgcache.prime.interval": 900, "pgcache.prime.limit": 10, "pgcache.prime.sitemap": "", "pgcache.prime.post.enabled": false, @@ -267,8 +301,8 @@ "minify.debug": false, "minify.engine": "file", "minify.error.notification": "", - "minify.file.gc": "86400", - "minify.file.nfs": true, + "minify.file.gc": 86400, + "minify.file.nfs": false, "minify.file.locking": false, "minify.memcached.servers": [ "127.0.0.1:11211" @@ -282,43 +316,49 @@ "minify.redis.servers": [ "127.0.0.1:6379" ], + "minify.redis.verify_tls_certificates": true, "minify.redis.password": "", "minify.redis.dbid": 0, - "minify.rewrite": "1", + "minify.redis.timeout": 0, + "minify.redis.retry_interval": 0, + "minify.redis.read_timeout": 0, + "minify.rewrite": true, "minify.options": [], "minify.symlinks": [], - "minify.lifetime": "86400", + "minify.lifetime": 86400, "minify.upload": true, - "minify.html.enable": "1", + "minify.html.enable": false, "minify.html.engine": "html", - "minify.html.reject.feed": "0", - "minify.html.inline.css": "0", - "minify.html.inline.js": "0", - "minify.html.strip.crlf": "0", + "minify.html.reject.feed": false, + "minify.html.inline.css": false, + "minify.html.inline.js": false, + "minify.html.strip.crlf": false, "minify.html.comments.ignore": [ "google_ad_", - "RSPEAK_" + "RSPEAK_", + "mfunc" ], - "minify.css.combine": "0", - "minify.css.enable": "1", + "minify.css.enable": true, "minify.css.engine": "css", - "minify.css.http2push": "0", - "minify.css.strip.comments": "0", - "minify.css.strip.crlf": "0", + "minify.css.method": "both", + "minify.css.http2push": false, + "minify.css.strip.comments": false, + "minify.css.strip.crlf": false, "minify.css.embed": false, "minify.css.imports": "", "minify.css.groups": [], - "minify.js.http2push": "0", - "minify.js.enable": "1", + "minify.js.http2push": false, + "minify.js.enable": true, "minify.js.engine": "js", - "minify.js.combine.header": "0", + "minify.js.method": "both", + "minify.js.combine.header": false, "minify.js.header.embed_type": "blocking", "minify.js.combine.body": false, "minify.js.body.embed_type": "blocking", "minify.js.combine.footer": false, "minify.js.footer.embed_type": "blocking", - "minify.js.strip.comments": "0", - "minify.js.strip.crlf": "0", + "minify.js.strip.comments": false, + "minify.js.strip.crlf": false, "minify.js.groups": [], "minify.yuijs.path.java": "java", "minify.yuijs.path.jar": "yuicompressor.jar", @@ -353,28 +393,20 @@ "minify.htmltidy.options.clean": false, "minify.htmltidy.options.hide-comments": true, "minify.htmltidy.options.wrap": 0, - "minify.reject.logged": "0", - "minify.reject.ua": [ - "" - ], - "minify.reject.uri": [ - "" - ], - "minify.reject.files.js": [ - "" - ], - "minify.reject.files.css": [ - "" - ], + "minify.reject.logged": false, + "minify.reject.ua": [], + "minify.reject.uri": [], + "minify.reject.files.js": [], + "minify.reject.files.css": [], "minify.cache.files": [ "" ], - "minify.cache.files_regexp": "0", + "minify.cache.files_regexp": false, "cdn.configuration_overloaded": false, "cdn.enabled": false, "cdn.debug": false, "cdn.flush_manually": false, - "cdn.engine": "maxcdn", + "cdn.engine": "stackpath2", "cdn.uploads.enable": true, "cdn.includes.enable": true, "cdn.includes.files": "*.css;*.js;*.gif;*.png;*.jpg;*.xml", @@ -430,6 +462,7 @@ "cdn.s3.bucket.location": "us-east-1", "cdn.s3.cname": [], "cdn.s3.ssl": "auto", + "cdn.s3.public_objects": "enabled", "cdn.s3_compatible.api_host": "auto", "cdn.cf.key": "", "cdn.cf.secret": "", @@ -438,6 +471,7 @@ "cdn.cf.id": "", "cdn.cf.cname": [], "cdn.cf.ssl": "auto", + "cdn.cf.public_objects": "enabled", "cdn.cf2.key": "", "cdn.cf2.secret": "", "cdn.cf2.id": "", @@ -535,6 +569,9 @@ "cdnfsd.stackpath2.site_root_domain": 0, "cdnfsd.stackpath2.domain": [], "cdnfsd.stackpath2.ssl": "auto", + "cdnfsd.transparentcdn.client_id": "", + "cdnfsd.transparentcdn.client_secret": "", + "cdnfsd.transparentcdn.company_id": "", "varnish.configuration_overloaded": false, "varnish.enabled": false, "varnish.debug": false, @@ -547,7 +584,7 @@ "browsercache.no404wp": false, "browsercache.no404wp.exceptions": [ "robots\\.txt", - "[a-z0-9_\\-]*sitemap[a-z0-9_\\-]*\\.(xml|xsl|html)(\\.gz)?" + "[a-z0-9_\\-]*sitemap[a-z0-9_\\.\\-]*\\.(xml|xsl|html)(\\.gz)?" ], "browsercache.cssjs.last_modified": true, "browsercache.cssjs.compression": true, @@ -623,63 +660,136 @@ "mobile.configuration_overloaded": false, "mobile.enabled": false, "mobile.rgroups": { - "high": { + "tablets": { "theme": "", "enabled": false, "redirect": "", "agents": [ - "android", - "mobi", - "bada", - "incognito", + "a1-32ab0", + "a210", + "a211", + "b6000-h", + "b8000-h", + "bnrv200", + "bntv400", + "darwin", + "gt-n8005", + "gt-p3105", + "gt-p6810", + "gt-p7510", + "hmj37", + "hp-tablet", + "hp\\sslate", + "hp\\sslatebook", + "ht7s3", + "ideatab_a1107", + "ideataba2109a", + "ideos\\ss7", + "imm76d", + "ipad", + "k00f", + "kfjwi", + "kfot", + "kftt", "kindle", - "maemo", - "opera\\ mini", - "s8000", - "series60", - "ucbrowser", - "ucweb", - "webmate", - "webos" + "l-06c", + "lg-f200k", + "lg-f200l", + "lg-f200s", + "m470bsa", + "m470bse", + "maxwell", + "me173x", + "mediapad", + "midc497", + "msi\\senjoy\\s10\\splus", + "mz601", + "mz616", + "nexus", + "nookcolor", + "pg09410", + "pg41200", + "pmp5570c", + "pmp5588c", + "pocketbook", + "qmv7a", + "sgp311", + "sgpt12", + "shv-e230k", + "shw-m305w", + "shw-m380w", + "sm-p605", + "smarttab", + "sonysgp321", + "sph-p500", + "surfpad", + "tab07-200", + "tab10-201", + "tab465euk", + "tab474", + "tablet", + "tegranote", + "tf700t", + "thinkpad", + "viewpad", + "voltaire" ] }, - "low": { + "phones": { "theme": "", "enabled": false, "redirect": "", "agents": [ - "2\\.0\\ mmp", + "(android|bb\\d+|meego).+mobile", "240x320", + "2.0\\ mmp", + "\\bppc\\b", + "acer\\ s100", "alcatel", "amoi", + "archos5", "asus", - "au\\-mic", + "au-mic", "audiovox", "avantgo", + "bada", "benq", "bird", "blackberry", "blazer", "cdm", "cellphone", + "cupcake", "danger", "ddipocket", "docomo", + "docomo\\ ht-03a", "dopod", - "elaine\/3\\.0", + "dream", + "elaine\/3.0", "ericsson", "eudoraweb", "fly", + "froyo", + "googlebot-mobile", "haier", "hiptop", - "hp\\.ipaq", + "hp.ipaq", "htc", + "htc\\ hero", + "htc\\ magic", + "htc_dream", + "htc_magic", "huawei", - "i\\-mobile", + "i-mobile", "iemobile", "iemobile\/7", + "iemobile\/7.0", "iemobile\/9", - "j\\-phone", + "incognito", + "iphone", + "ipod", + "j-phone", "kddi", "konka", "kwc", @@ -687,27 +797,34 @@ "lenovo", "lg", "lg\/u990", + "lg-gw620", "lge\\ vx", + "liquid\\ build", + "maemo", "midp", - "midp\\-2\\.0", + "midp-2.0", "mmef20", "mmp", "mobilephone", - "mot\\-v", + "mot-mb200", + "mot-mb300", + "mot-v", "motorola", - "msie\\ 10\\.0", + "msie\\ 10.0", "netfront", "newgen", "newt", + "nexus\\ 7", + "nexus\\ one", "nintendo\\ ds", "nintendo\\ wii", "nitro", "nokia", "novarra", - "o2", "openweb", + "opera\\ mini", "opera\\ mobi", - "opera\\.mobi", + "opera.mobi", "p160u", "palm", "panasonic", @@ -719,40 +836,52 @@ "playbook", "playstation\\ portable", "portalmmm", - "\\bppc\\b", "proxinet", "psp", "qtek", + "s8000", "sagem", "samsung", + "samsung-s8000", "sanyo", "sch", - "sch\\-i800", + "sch-i800", "sec", "sendo", + "series60.*webkit", + "series60\/5.0", "sgh", "sharp", - "sharp\\-tq\\-gx10", + "sharp-tq-gx10", "small", "smartphone", "softbank", "sonyericsson", + "sonyericssone10", + "sonyericssonu20", + "sonyericssonx10", "sph", "symbian", "symbian\\ os", "symbianos", + "t-mobile\\ mytouch\\ 3g", + "t-mobile\\ opal", + "tattoo", "toshiba", + "touch", "treo", - "ts21i\\-10", - "up\\.browser", - "up\\.link", + "ts21i-10", + "up.browser", + "up.link", "uts", "vertu", "vodafone", "wap", + "webmate", + "webos", "willcome", "windows\\ ce", - "windows\\.ce", + "windows.ce", "winwap", "xda", "xoom", @@ -776,13 +905,13 @@ ] } }, - "common.track_usage": false, + "common.track_usage": true, "common.tweeted": false, - "config.check": false, + "config.check": true, "config.path": "", "widget.latest.items": 3, "widget.latest_news.items": 5, - "widget.pagespeed.enabled": true, + "widget.pagespeed.enabled": false, "widget.pagespeed.key": "", "widget.pagespeed.key.restrict.referrer": "", "widget.pagespeed.show_in_admin_bar": false, @@ -797,34 +926,28 @@ "timelimit.cdn_test": 300, "timelimit.domain_rename": 120, "timelimit.minify_recommendations": 600, - "common.instance_id": 393748815, + "common.instance_id": 1165104676, "common.force_master": true, "extensions.active": { - "newrelic": "w3-total-cache\/Extension_NewRelic_Plugin.php", - "fragmentcache": "w3-total-cache\/Extension_FragmentCache_Plugin.php", - "swarmify": "w3-total-cache\/Extension_Swarmify_Plugin.php" + "fragmentcache": "w3-total-cache\/Extension_FragmentCache_Plugin.php" }, "extensions.active_frontend": [], "extensions.active_dropin": [], "plugin.license_key": "", "plugin.type": "", - "common.support": "", - "timelimit.cdn_container_create": 300, + "jquerymigrate.disabled": false, + "imageservice": { + "compression": "lossy", + "auto": "enabled", + "visibility": "never" + }, + "imageservice.configuration_overloaded": true, + "robots_block.enable": false, "fragmentcache": { - "engine": "memcached", - "memcached.servers": [ - "127.0.0.1:11211" - ], - "memcached.persistent": "1", - "memcached.aws_autodiscovery": "0", - "memcached.username": "", - "memcached.password": "", - "lifetime": "3600", - "file.gc": "3600", - "groups": "" + "engine": "memcached" }, "pgcache.bad_behavior_path": "", "newrelic": { "monitoring_type": "apm" } -} \ No newline at end of file +} diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.sh index 4f54592d..081aaf19 100755 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.sh @@ -18,7 +18,7 @@ group = $1 pm = ondemand pm.max_children = 8 -request_terminate_timeout = 90s +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 30 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,6 +46,7 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" write_file=0 if [ ! -f "$pool_file_56" ]; then @@ -58,7 +59,8 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "/etc/php/5.6/fpm/pool.d/www.conf" ]; then rm /etc/php/5.6/fpm/pool.d/www.conf @@ -66,27 +68,39 @@ fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi + if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi if [ -f "$pool_file_73" ]; then rm $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm fi exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.stpl index eb5631db..a24b368f 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.tpl index cd4e797d..55bc8233 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.sh index fefdf195..10c58c57 100755 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.sh @@ -18,7 +18,7 @@ group = $1 pm = ondemand pm.max_children = 8 -request_terminate_timeout = 90s +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 30 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,10 +46,12 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi write_file=0 @@ -63,7 +65,8 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "/etc/php/7.0/fpm/pool.d/www.conf" ]; then rm /etc/php/7.0/fpm/pool.d/www.conf @@ -71,22 +74,32 @@ fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi if [ -f "$pool_file_73" ]; then rm $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm fi exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.stpl index 38285302..5d944c0f 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.tpl index 7d30d39c..c9378152 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.sh index 8688598c..90230674 100755 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.sh @@ -18,7 +18,7 @@ group = $1 pm = ondemand pm.max_children = 8 -request_terminate_timeout = 90s +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 30 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,15 +46,18 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi write_file=0 @@ -68,7 +71,8 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "/etc/php/7.1/fpm/pool.d/www.conf" ]; then rm /etc/php/7.1/fpm/pool.d/www.conf @@ -76,17 +80,27 @@ fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi + if [ -f "$pool_file_73" ]; then rm $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm fi exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.stpl index c5d284f7..a718b21f 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.tpl index 695b9937..9f0cf8a7 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.sh index 33442862..cc76256e 100755 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.sh @@ -18,7 +18,7 @@ group = $1 pm = ondemand pm.max_children = 8 -request_terminate_timeout = 90s +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 30 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,20 +46,24 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi write_file=0 @@ -73,7 +77,8 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi if [ -f "/etc/php/7.2/fpm/pool.d/www.conf" ]; then rm /etc/php/7.2/fpm/pool.d/www.conf @@ -81,12 +86,20 @@ fi if [ -f "$pool_file_73" ]; then rm $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm fi exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.stpl index 2b4363b4..20792e92 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.tpl index be2ca7ae..89b19147 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.sh index 1cddda74..a2fea927 100755 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.sh @@ -17,8 +17,8 @@ user = $1 group = $1 pm = ondemand -pm.max_children = 16 -request_terminate_timeout = 30s +pm.max_children = 8 +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 20 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,25 +46,30 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi write_file=0 @@ -78,7 +83,8 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "/etc/php/7.3/fpm/pool.d/www.conf" ]; then rm /etc/php/7.3/fpm/pool.d/www.conf @@ -86,7 +92,14 @@ fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm fi -exit 0 \ No newline at end of file +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.stpl index 9660c234..39777224 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.tpl index 892c0d1f..b6e306d7 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.sh index 72f9cec6..a2fea927 100755 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.sh @@ -18,7 +18,7 @@ group = $1 pm = ondemand pm.max_children = 8 -request_terminate_timeout = 90s +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 30 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,25 +46,30 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi write_file=0 @@ -78,7 +83,8 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "/etc/php/7.3/fpm/pool.d/www.conf" ]; then rm /etc/php/7.3/fpm/pool.d/www.conf @@ -86,7 +92,14 @@ fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm fi exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.stpl index 28224413..902d647a 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.tpl index 7bec5e73..40df2629 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.sh index 6f6290b1..e72bb003 100755 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.sh @@ -17,8 +17,8 @@ user = $1 group = $1 pm = ondemand -pm.max_children = 16 -request_terminate_timeout = 30s +pm.max_children = 8 +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 20 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,30 +46,36 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi if [ -f "$pool_file_73" ]; then rm $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi write_file=0 @@ -83,10 +89,17 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm fi if [ -f "/etc/php/7.4/fpm/pool.d/www.conf" ]; then rm /etc/php/7.4/fpm/pool.d/www.conf fi -exit 0 \ No newline at end of file +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.stpl index fdbc26f9..739cb48d 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.tpl index 614f20c3..f31ed5a8 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.sh index 482cdd7e..e72bb003 100755 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.sh @@ -18,7 +18,7 @@ group = $1 pm = ondemand pm.max_children = 8 -request_terminate_timeout = 90s +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 30 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -46,30 +46,36 @@ pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi if [ -f "$pool_file_73" ]; then rm $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi write_file=0 @@ -83,10 +89,17 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm fi if [ -f "/etc/php/7.4/fpm/pool.d/www.conf" ]; then rm /etc/php/7.4/fpm/pool.d/www.conf fi +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.stpl index df607247..fbc1d9c6 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.tpl index 7b6e2cb5..aaf8f62c 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.sh index 5f119dd8..a4842ac9 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.sh @@ -17,8 +17,8 @@ user = $1 group = $1 pm = ondemand -pm.max_children = 16 -request_terminate_timeout = 30s +pm.max_children = 8 +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 20 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -50,32 +50,38 @@ pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi if [ -f "$pool_file_73" ]; then rm $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm fi write_file=0 @@ -89,10 +95,11 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_80 - service php8.0-fpm restart + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm fi if [ -f "/etc/php/8.0/fpm/pool.d/www.conf" ]; then rm /etc/php/8.0/fpm/pool.d/www.conf fi -exit 0 \ No newline at end of file +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.stpl index 4ce4b993..b1335a44 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.tpl index 41a5d506..1b0a610c 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.sh index 5f119dd8..a4842ac9 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.sh @@ -17,8 +17,8 @@ user = $1 group = $1 pm = ondemand -pm.max_children = 16 -request_terminate_timeout = 30s +pm.max_children = 8 +request_terminate_timeout = 360s pm.max_requests = 4000 pm.process_idle_timeout = 10s pm.status_path = /status @@ -26,10 +26,10 @@ pm.status_path = /status php_admin_value[upload_tmp_dir] = /home/$1/tmp php_admin_value[session.save_path] = /home/$1/tmp php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 80M -php_admin_value[max_execution_time] = 20 -php_admin_value[post_max_size] = 80M -php_admin_value[memory_limit] = 256M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" php_admin_flag[mysql.allow_persistent] = off php_admin_flag[safe_mode] = off @@ -50,32 +50,38 @@ pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 - service php5.6-fpm restart + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm fi if [ -f "$pool_file_70" ]; then rm $pool_file_70 - service php7.0-fpm restart + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm fi if [ -f "$pool_file_71" ]; then rm $pool_file_71 - service php7.1-fpm restart + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm fi if [ -f "$pool_file_72" ]; then rm $pool_file_72 - service php7.2-fpm restart + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm fi if [ -f "$pool_file_73" ]; then rm $pool_file_73 - service php7.3-fpm restart + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm fi if [ -f "$pool_file_74" ]; then rm $pool_file_74 - service php7.4-fpm restart + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm fi write_file=0 @@ -89,10 +95,11 @@ else fi if [ $write_file -eq 1 ]; then echo "$pool_conf" > $pool_file_80 - service php8.0-fpm restart + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm fi if [ -f "/etc/php/8.0/fpm/pool.d/www.conf" ]; then rm /etc/php/8.0/fpm/pool.d/www.conf fi -exit 0 \ No newline at end of file +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.stpl index f39e9631..fae336fc 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.tpl index b9e32f14..64699c22 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.sh new file mode 100644 index 00000000..4b4f9d78 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.sh @@ -0,0 +1,112 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.1-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_81" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_81) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi +if [ -f "/etc/php/8.1/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.1/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.stpl new file mode 100644 index 00000000..4116fd42 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% +# +# RMode config +# RUidGid %user% %group% +# RGroups www-data +# +# +# AssignUserID %user% %group% +# + + + SetHandler "proxy:unix:/run/php/php8.1-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.tpl new file mode 100644 index 00000000..ee319a20 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + +# +# RMode config +# RUidGid %user% %group% +# RGroups www-data +# +# +# AssignUserID %user% %group% +# + + + SetHandler "proxy:unix:/run/php/php8.1-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.sh new file mode 100644 index 00000000..4b4f9d78 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.sh @@ -0,0 +1,112 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.1-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_81" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_81) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi +if [ -f "/etc/php/8.1/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.1/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.stpl new file mode 100644 index 00000000..5822a27a --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% +# +# RMode config +# RUidGid %user% %group% +# RGroups www-data +# +# +# AssignUserID %user% %group% +# + + + SetHandler "proxy:unix:/run/php/php8.1-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.tpl new file mode 100644 index 00000000..7864b3a4 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + +# +# RMode config +# RUidGid %user% %group% +# RGroups www-data +# +# +# AssignUserID %user% %group% +# + + + SetHandler "proxy:unix:/run/php/php8.1-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.sh new file mode 100644 index 00000000..a4deb752 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.2-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_82" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_82) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi +if [ -f "/etc/php/8.2/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.2/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.stpl new file mode 100644 index 00000000..809e7f33 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.tpl new file mode 100644 index 00000000..679d1409 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.sh new file mode 100644 index 00000000..a4deb752 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.2-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_82" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_82) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi +if [ -f "/etc/php/8.2/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.2/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.stpl new file mode 100644 index 00000000..e0d04794 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.tpl new file mode 100644 index 00000000..eba95935 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh new file mode 100644 index 00000000..f5e7c6fd --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh @@ -0,0 +1,126 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.3-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_83" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_83) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi +if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.3/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl new file mode 100644 index 00000000..cceed0ee --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl new file mode 100644 index 00000000..ac952817 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh new file mode 100644 index 00000000..f5e7c6fd --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh @@ -0,0 +1,126 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.3-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_83" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_83) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi +if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.3/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl new file mode 100644 index 00000000..f043bfa8 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl new file mode 100644 index 00000000..9b5bf916 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl new file mode 100644 index 00000000..91e05b17 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl new file mode 100644 index 00000000..94acbf15 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl new file mode 100644 index 00000000..848abf7c --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl new file mode 100644 index 00000000..065c1f89 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/create_wp_http b/src/deb/for-download/tools/create_wp_http deleted file mode 100644 index a3d69cf4..00000000 --- a/src/deb/for-download/tools/create_wp_http +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash - -if [ $# -lt 1 ]; then - echo usage: create_wp_http domain [db_name] [email] - exit 1 -fi - -domain=$1 - -PATH=$PATH:/usr/local/vesta/bin -export PATH - -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) - -START_DB="wp"; -if [ $# -gt 1 ]; then - START_DB=$2 -fi - -email="info@$domain"; -if [ $# -gt 2 ]; then - email=$3 -fi - -if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; - exit 1; -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; - exit 1; -fi - -WORKINGDIR="/home/$user/web/$domain/public_html" -# FILE=latest.tar.gz - -rm -rf $WORKINGDIR/* - -#DBUSERSUF=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 5 | head -n 1) -DBUSERSUF="$START_DB"; -DBUSERSUFB="$START_DB"; -DBUSER=$user\_$DBUSERSUFB; -DB_OK=0; -if [ ! -d "/var/lib/mysql/$DBUSER" ]; then - DB_OK=1; -fi - -if [ "$DB_OK" -eq "0" ]; then -i=1; -while [ $i -lt 99 ] -do -i=$((i+1)); -DBUSERSUF="${DBUSERSUFB}${i}"; -DBUSER=$user\_$DBUSERSUF; -if [ ! -d "/var/lib/mysql/$DBUSER" ]; then -break; -fi -done -fi - -PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1) - -v-add-database $user $DBUSERSUF $DBUSERSUF $PASSWDDB mysql - -cd /home/$user - -rm -rf /home/$user/wp -curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -chmod +x wp-cli.phar -sudo mv wp-cli.phar wp - -cd /home/$user/web/$domain/public_html - -sudo -H -u$user /home/$user/wp core download -sudo -H -u$user /home/$user/wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB - -password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12) - -sudo -H -u$user /home/$user/wp core install --url="$domain" --title="$domain" --admin_user="admin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR - -#FIX za https://github.com/wp-cli/wp-cli/issues/2632 - -mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = 'http://$domain' where option_name = 'siteurl'; update wp_options set option_value = 'http://$domain' where option_name = 'home';" - -# clear - -echo "=================================================================" -echo "Installation is complete. Your username/password is listed below." -echo "" -echo "Site: http://$domain/" -echo "" -echo "Login: http://$domain/wp-admin/" -echo "Username: admin" -echo "Password: $password" -echo "" -echo "=================================================================" - -chown -R $user:$user $WORKINGDIR - -rm -rf /home/$user/wp - -echo "create_wp: Done." -exit 0 \ No newline at end of file diff --git a/src/deb/for-download/tools/default-pool.d/5.6/www.conf b/src/deb/for-download/tools/default-pool.d/5.6/www.conf new file mode 100644 index 00000000..6bc161d0 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/5.6/www.conf @@ -0,0 +1,417 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all IPv4 addresses on a +; specific port; +; '[::]:port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php5.6-fpm.sock + +; Set listen(2) backlog. +; Default Value: 65535 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 65535 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/5.6/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/7.0/www.conf b/src/deb/for-download/tools/default-pool.d/7.0/www.conf new file mode 100644 index 00000000..5eafe960 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/7.0/www.conf @@ -0,0 +1,420 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php7.0-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.0/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/7.1/www.conf b/src/deb/for-download/tools/default-pool.d/7.1/www.conf new file mode 100644 index 00000000..fc09b4c0 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/7.1/www.conf @@ -0,0 +1,420 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php7.1-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.1/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/7.2/www.conf b/src/deb/for-download/tools/default-pool.d/7.2/www.conf new file mode 100644 index 00000000..86aca4cc --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/7.2/www.conf @@ -0,0 +1,424 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php7.2-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.2/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/7.3/www.conf b/src/deb/for-download/tools/default-pool.d/7.3/www.conf new file mode 100644 index 00000000..03ce7b03 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/7.3/www.conf @@ -0,0 +1,439 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php7.3-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.3/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/7.4/www.conf b/src/deb/for-download/tools/default-pool.d/7.4/www.conf new file mode 100644 index 00000000..8ef08a99 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/7.4/www.conf @@ -0,0 +1,439 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php7.4-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.4/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/8.0/www.conf b/src/deb/for-download/tools/default-pool.d/8.0/www.conf new file mode 100644 index 00000000..e21e6158 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/8.0/www.conf @@ -0,0 +1,455 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php8.0-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/8.0/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/8.1/www.conf b/src/deb/for-download/tools/default-pool.d/8.1/www.conf new file mode 100644 index 00000000..5278cea0 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/8.1/www.conf @@ -0,0 +1,463 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php8.1-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of rate to spawn child processes at once. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +; Default Value: 32 +;pm.max_spawn_rate = 32 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/8.1/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{milli}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/8.2/www.conf b/src/deb/for-download/tools/default-pool.d/8.2/www.conf new file mode 100644 index 00000000..ffdd57b7 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/8.2/www.conf @@ -0,0 +1,484 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php8.2-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Set the associated the route table (FIB). FreeBSD only +; Default Value: -1 +;listen.setfib = 1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or +; PROC_TRACE_CTL procctl for FreeBSD) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of rate to spawn child processes at once. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +; Default Value: 32 +;pm.max_spawn_rate = 32 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/8.2/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{milli}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" + +; A list of request_uri values which should be filtered from the access log. +; +; As a security precuation, this setting will be ignored if: +; - the request method is not GET or HEAD; or +; - there is a request body; or +; - there are query parameters; or +; - the response code is outwith the successful range of 200 to 299 +; +; Note: The paths are matched against the output of the access.format tag "%r". +; On common configurations, this may look more like SCRIPT_NAME than the +; expected pre-rewrite URI. +; +; Default Value: not set +;access.suppress_path[] = /ping +;access.suppress_path[] = /health_check.php + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/default-pool.d/8.3/www.conf b/src/deb/for-download/tools/default-pool.d/8.3/www.conf new file mode 100644 index 00000000..f18939a3 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/8.3/www.conf @@ -0,0 +1,490 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of the child processes. This can be used only if the master +; process running user is root. It is set after the child process is created. +; The user and group can be specified either by their name or by their numeric +; IDs. +; Note: If the user is root, the executable needs to be started with +; --allow-to-run-as-root option to work. +; Default Values: The user is set to master process running user by default. +; If the group is not set, the user's group is used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php8.3-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: Owner is set to the master process running user. If the group +; is not set, the owner's group is used. Mode is set to 0660. +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Set the associated the route table (FIB). FreeBSD only +; Default Value: -1 +;listen.setfib = 1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or +; PROC_TRACE_CTL procctl for FreeBSD) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of rate to spawn child processes at once. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +; Default Value: 32 +;pm.max_spawn_rate = 32 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/8.3/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{milli}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" + +; A list of request_uri values which should be filtered from the access log. +; +; As a security precuation, this setting will be ignored if: +; - the request method is not GET or HEAD; or +; - there is a request body; or +; - there are query parameters; or +; - the response code is outwith the successful range of 200 to 299 +; +; Note: The paths are matched against the output of the access.format tag "%r". +; On common configurations, this may look more like SCRIPT_NAME than the +; expected pre-rewrite URI. +; +; Default Value: not set +;access.suppress_path[] = /ping +;access.suppress_path[] = /health_check.php + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/imapsync/create-mail-sync.sh b/src/deb/for-download/tools/imapsync/create-mail-sync.sh new file mode 100644 index 00000000..94762505 --- /dev/null +++ b/src/deb/for-download/tools/imapsync/create-mail-sync.sh @@ -0,0 +1,103 @@ +#!/bin/bash + +################################## +# usage: ./create-mail-sync.sh SRCHOST EMAIL PASSWORD-ON-REMOTE-SERVER [PASSWORD-ON-THIS-SERVER] [TEST] +################################## + +if [ $# -lt 3 ]; then + echo "usage: ./create-mail-sync.sh SRCHOST EMAIL PASSWORD-ON-REMOTE-SERVER [PASSWORD-ON-THIS-SERVER] [TEST]" + exit 1 +fi + +if [ $# -eq 3 ]; then +SRCHOST=$1 +EMAIL=$2 +PASS=$3 +PASS2=$3 +TEST=1 +fi + +if [ $# -eq 4 ]; then +SRCHOST=$1 +EMAIL=$2 +PASS=$3 +PASS2=$4 +TEST=1 +fi + +if [ $# -eq 5 ]; then +SRCHOST=$1 +EMAIL=$2 +PASS=$3 +PASS2=$4 +TEST=$5 +fi + +TESTOPT="" +if [[ $TEST -eq 1 ]]; then + TESTOPT="--justlogin" +fi + +if [ ! -d "accounts" ]; then + mkdir accounts +fi +if [ -f "accounts/$EMAIL" ]; then + echo "********* EMAIL $EMAIL ALREADY EXISTS !!! ************" + exit 1; + exit +fi + +euser=$(echo $EMAIL | cut -d '@' -f 1) +domain=$(echo $EMAIL | cut -d '@' -f 2) +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +if [ "$user" != "" ]; then + echo "=== Email '$EMAIL' has username email part '$euser', domain is '$domain', and belongs to myVesta account: $user" + if [ ! -d "/home/$user/mail/$domain" ]; then + echo "======= Creating '$domail' in MAIL section" + /usr/local/vesta/bin/v-add-mail-domain "$user" "$domain" + fi + if [ ! -d "/home/$user/mail/$domain/$euser" ]; then + echo "======= Creating '$euser' mail account for domain '$domain'" + /usr/local/vesta/bin/v-add-mail-account "$user" "$domain" "$euser" "$PASS2" + echo "" + fi +fi + + +echo "Writing to: accounts/$EMAIL" +echo "#!/bin/bash + +# --- +# SRCHOST = $SRCHOST +# email = $EMAIL +# pass = $PASS +# pass2 = $PASS2 +# test = $TEST +# --- + +/root/imapsync/imapsync --host1 $SRCHOST --user1 $EMAIL --password1 '$PASS' --ssl1 --host2 localhost --user2 $EMAIL --password2 '$PASS2' $TESTOPT --addheader --automap \"\$@\" + +exit; +# --- +" > accounts/$EMAIL + +chmod a=rwx accounts/$EMAIL + +if [[ $TEST -eq 0 ]]; then + exit 0; +fi + +accounts/$EMAIL +RET=$? + +if [ $RET -eq 0 ]; then + # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" + sed -i "s/--justlogin//g" accounts/$EMAIL + echo "--- OK! ---" + echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log +else + echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" + rm accounts/$EMAIL + read -p "=== Press ENTER to continue ===" entered +fi +exit $RET; diff --git a/src/deb/for-download/tools/imapsync/import-from-file.sh b/src/deb/for-download/tools/imapsync/import-from-file.sh new file mode 100644 index 00000000..ac0c42f4 --- /dev/null +++ b/src/deb/for-download/tools/imapsync/import-from-file.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# +# This script reads email and password=s in following format: +# email1 pass +# email2 pass +# email3 pass + +# The first parameter is the text file from which we read emails and passwords +# The second parameter is SMTP Hostname +# The third parameter is domain if lines contains only username part + + +host='' +if [ $# -gt 1 ]; then + host=$2 +else + echo "Usage: ./import-from-file.sh 'FILE' 'SMTPHOST' ['DOMAIN']" + exit 1; +fi + +domain='' +if [ $# -gt 2 ]; then + domain=$3 +fi + +end_of_file=0 +while [[ $end_of_file == 0 ]]; do + + read -r line + end_of_file=$? + + if [ "$line" == "" ]; then + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + continue + fi + + email=$(echo "$line" | awk '{print $1}') + pass=$(echo "$line" | awk '{print $2}') + + if [[ $email != *"@"* ]]; then + email="$email@$domain" + fi + + echo "Extracted: '$email' = '$pass'" + + ./create-mail-sync.sh "$host" "$email" "$pass" + + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + +done < $1 diff --git a/src/deb/for-download/tools/imapsync/run-all.sh b/src/deb/for-download/tools/imapsync/run-all.sh new file mode 100644 index 00000000..fa535927 --- /dev/null +++ b/src/deb/for-download/tools/imapsync/run-all.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +cd accounts + +for name in * +do + if [ -f "$name" ]; then + ./$name + fi +done diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh new file mode 100644 index 00000000..0f6a343a --- /dev/null +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -0,0 +1,225 @@ +#!/bin/bash + +USER='webmail' +DOMAIN='' # enter domain or subdomain + +VERSION='1.6.6' +DOWNLOAD="https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz" + +LOGINMESSAGE1='Click here for NEW Webmail' +LOGINMESSAGE2='(it is adapted for mobile phones too)' + +DATABASE_NAME_WITHOUT_PREFIX="roundcube" + +############################################################################################################################# + +if [ $# -gt 0 ]; then + USER=$1 +fi +if [ $# -gt 1 ]; then + DOMAIN=$2 +fi + +DATABASE_NAME="${USER}_${DATABASE_NAME_WITHOUT_PREFIX}" + +if [ -z "$USER" ] || [ -z "$DOMAIN" ]; then + echo "Usage:" + echo "bash install-new-roundcube.sh VESTAUSER YOURDOMAIN.com" + exit 1 +fi + +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/db.sh + +# Defining password-gen function +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + LENGTH=32 + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} +DATABASE_PASSWORD=$(gen_pass) + +fix_ownership() { + chown -R $USER:$USER /home/$USER/web/$DOMAIN/public_html/ + find /home/$USER/web/$DOMAIN/public_html/ -type d -exec chmod 755 {} + + find /home/$USER/web/$DOMAIN/public_html/ -type f -exec chmod 644 {} + +} + + +if [ ! -d "/home/$USER" ]; then + echo "== Creating user: $USER" + USER_PASSWORD=$(gen_pass) + /usr/local/vesta/bin/v-add-user "$USER" "$USER_PASSWORD" "admin@$DOMAIN" 'default' 'Webmail' 'Roundcube' + /usr/local/vesta/bin/v-change-user-language "$USER" 'en' +fi + +if [ ! -d "/home/$USER/web/$DOMAIN" ]; then + echo "== Adding domain: $DOMAIN" + /usr/local/vesta/bin/v-add-domain "$USER" "$DOMAIN" "" "yes" + if [ ! -d "/home/$USER/web/$DOMAIN" ]; then + echo "ERROR: Can't create domain $DOMAIN, maybe it's already created under the other user?" + exit 1 + fi + if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl" ]; then + /usr/local/vesta/bin/v-change-web-domain-tpl "$USER" "$DOMAIN" 'PHP-FPM-74' 'yes' + fi +fi + +pub_ip=$(curl -4 -s https://scripts.myvestacp.com/ip.php) +domain_host_ip=$(host $DOMAIN | head -n 1 | awk '{print $NF}') +if [ "$pub_ip" != "$domain_host_ip" ]; then + echo "ERROR:" + echo "$DOMAIN is not pointing to $pub_ip" + echo "I see it is pointing to $domain_host_ip" + read -p "Are you sure you want to continue? (y/n)" answer + if [ "$answer" = "y" ] || [ "$answer" = "Y" ]; then + echo "Okay, we will continue." + else + echo "OK, good bye!" + exit 1 + fi +fi + +number_of_files=$(ls /home/$USER/web/$DOMAIN/public_html | wc -l) +if [ $number_of_files -ne 0 ]; then + if [ $number_of_files -eq 2 ] && [ -f "/home/$USER/web/$DOMAIN/public_html/index.html" ] && [ -f "/home/$USER/web/$DOMAIN/public_html/robots.txt" ]; then + rm /home/$USER/web/$DOMAIN/public_html/index.html + rm /home/$USER/web/$DOMAIN/public_html/robots.txt + else + echo "== public_html folder is not empty, aborting." + exit 1 + fi +fi + +if [ ! -f "/home/$USER/conf/web/ssl.$DOMAIN.ca" ]; then + www_host="www.$DOMAIN" + www_host_ip=$(host $www_host | head -n 1 | awk '{print $NF}') + if [ "$www_host_ip" != "$domain_host_ip" ]; then + echo "=== Deleting www" + /usr/local/vesta/bin/v-delete-web-domain-alias "$USER" "$DOMAIN" "$www_host" 'no' + /usr/local/vesta/bin/v-delete-dns-on-web-alias "$USER" "$DOMAIN" "$www_host" 'no' + www_host="" + fi + echo "== Installing LetsEncrypt SSL, please wait..." + /usr/local/vesta/bin/v-add-letsencrypt-domain "$USER" "$DOMAIN" "$www_host" 'yes' + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$USER" "$DOMAIN" 'force-https' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' +fi + +echo "== Downloading Roundcube..." +wget -nv "$DOWNLOAD" -O /root/roundcubemail.tar.gz + +echo "== Extracting Roundcube..." +tar --directory /home/$USER/web/$DOMAIN/public_html --strip-components=1 -xzf /root/roundcubemail.tar.gz roundcubemail-$VERSION/ + +fix_ownership + +DB_EXISTS=$(check_if_database_exists "$USER" "$DATABASE_NAME") +if [ "$DB_EXISTS" = "no" ]; then + echo "== Creating database: $DATABASE_NAME" + /usr/local/vesta/bin/v-add-database "$USER" "$DATABASE_NAME_WITHOUT_PREFIX" "$DATABASE_NAME_WITHOUT_PREFIX" "$DATABASE_PASSWORD" 'mysql' 'localhost' 'utf8' +else + echo "== Database $DATABASE_NAME already exists, and it's maybe used by another site. I will not continue. Please edit this script and enter other database name." + exit 1 +fi + +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-73.tpl" ]; then + echo "================================" + echo "== Installing php7.3-imap module" + apt update + apt install -y php7.3-imap + echo "================================" +fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl" ]; then + echo "================================" + echo "== Installing php7.4-imap module" + apt update + apt install -y php7.4-imap + echo "================================" +fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-80.tpl" ]; then + echo "================================" + echo "== Installing php8.0-imap module" + apt update + apt install -y php8.0-imap + echo "================================" +fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-81.tpl" ]; then + echo "================================" + echo "== Installing php8.1-imap module" + apt update + apt install -y php8.1-imap + echo "================================" +fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl" ]; then + echo "================================" + echo "== Installing php8.2-imap module" + apt update + apt install -y php8.2-imap + echo "================================" +fi + +echo "-------------------------------------" +echo "Go to:" +echo "https://${DOMAIN}/installer/" +echo "... and finish the Roundcube installation." +echo "" +echo "You will be asked for:" +echo "Database host: localhost" +echo "Database user: $DATABASE_NAME" +echo "Database name: $DATABASE_NAME" +echo "Database pass: $DATABASE_PASSWORD" +echo "" +echo "Suggestion: plugins to be enabled: new_user_dialog, password" +echo "-------------------------------------" +echo "" +echo "=== When you click 'Initialize database' button (and see DB Write: OK), you can consider the installation as done." +read -p "=== Then press Enter here, and this script will remove /home/$USER/web/$DOMAIN/public_html/installer folder ===" + +if [ ! -f "/home/$USER/web/$DOMAIN/public_html/config/config.inc.php" ]; then + echo "=== ERROR: You didn't finish the installation." + echo "=== Please read carefully what is written above." + read -p "=== Then press Enter when you finish installation ===" +fi +if [ ! -f "/home/$USER/web/$DOMAIN/public_html/config/config.inc.php" ]; then + echo "=== ERROR: You didn't finish the installation." + echo "=== Sorry, the script will exit now." + exit 1; +fi + +rm -rf /home/$USER/web/$DOMAIN/public_html/installer + +if [ -d "/home/$USER/web/$DOMAIN/public_html/plugins/password" ]; then + cp /usr/share/roundcube/plugins/password/config.inc.php /home/$USER/web/$DOMAIN/public_html/plugins/password/config.inc.php + cp /usr/share/roundcube/plugins/password/drivers/vesta.php /home/$USER/web/$DOMAIN/public_html/plugins/password/drivers/vesta.php +fi + +# wget -nv https://c.myvestacp.com/tools/roundcube-filters.tgz -O /root/roundcube-filters.tgz +# tar --directory /home/$USER/web/$DOMAIN/public_html/plugins -xzf /root/roundcube-filters.tgz +# sed -i "s/\$config\['plugins'\] = \[/\$config['plugins'] = ['filters', /g" /home/$USER/web/$DOMAIN/public_html/config/config.inc.php + +echo "\$config['session_lifetime'] = 1080;" >> /home/$USER/web/$DOMAIN/public_html/config/config.inc.php + +fix_ownership + +if [ -f "/usr/share/roundcube/skins/larry/templates/login.html" ]; then + check_grep=$(grep -c 'color: white; font-size: 12pt' /usr/share/roundcube/skins/larry/templates/login.html) + if [ "$check_grep" -eq 0 ]; then + sed -i "s||

$LOGINMESSAGE1
$LOGINMESSAGE2


\n\n|g" /usr/share/roundcube/skins/larry/templates/login.html + fi +fi + +check_grep=$(grep -c 'MAIL_URL=' /usr/local/vesta/conf/vesta.conf) +if [ "$check_grep" -eq 0 ]; then + echo "MAIL_URL='https://$DOMAIN/'" >> /usr/local/vesta/conf/vesta.conf +fi + + +echo "-------------------------------------" +echo "Roundcube installed!" +echo "Go to:" +echo "https://${DOMAIN}/" +echo "-------------------------------------" diff --git a/src/deb/for-download/tools/install-rocket-nginx.sh b/src/deb/for-download/tools/install-rocket-nginx.sh new file mode 100644 index 00000000..ca1f8b2a --- /dev/null +++ b/src/deb/for-download/tools/install-rocket-nginx.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl + +echo "Updating apt, please wait..." +apt-get update > /dev/null 2>&1 + +apt-get -y install git > /dev/null 2>&1 + +if [ ! -d "/etc/nginx/rocket-nginx" ]; then + cd /etc/nginx + git clone https://github.com/satellitewp/rocket-nginx.git +else + cd /etc/nginx/rocket-nginx + git pull + cd .. +fi + +cd rocket-nginx +cp rocket-nginx.ini.disabled rocket-nginx.ini +php rocket-parser.php +if [ -f "/etc/nginx/rocket-nginx/conf.d/default.conf" ]; then + /usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}' +fi diff --git a/src/deb/for-download/tools/install-softaculous.sh b/src/deb/for-download/tools/install-softaculous.sh index ba586930..b209c68d 100644 --- a/src/deb/for-download/tools/install-softaculous.sh +++ b/src/deb/for-download/tools/install-softaculous.sh @@ -15,7 +15,7 @@ rm -rf /usr/local/vesta/web/softaculous/ apt update -apt install --reinstall vesta-php +# apt install --reinstall vesta-php apt install --reinstall vesta-ioncube vesta-softaculous @@ -28,7 +28,11 @@ if [ -f "/usr/local/vesta/web/inc/login_url.php-bak" ]; then mv /usr/local/vesta/web/inc/login_url.php-bak /usr/local/vesta/web/inc/login_url.php fi +echo "" +echo "" echo "=== Softaculous installation done ===" +echo "" echo "Wait for about 5 minutes so softaculous-cron download all packages." echo "You can check if it is still downloading packages by running command:" -echo 'ps -Af | grep "cron.php" | grep -v "grep"' +echo 'ps -Af | grep "cron.php" | grep -v "grep"' +echo "" diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 761efac7..aa1b7353 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -11,6 +11,10 @@ inst_72=0 inst_73=0 inst_74=0 inst_80=0 +inst_81=0 +inst_82=0 +inst_83=0 +inst_84=0 ####################################################################### @@ -48,8 +52,20 @@ fi if [ $# -gt 7 ]; then inst_80=$8 fi +if [ $# -gt 8 ]; then + inst_81=$9 +fi +if [ $# -gt 9 ]; then + inst_82=${10} +fi +if [ $# -gt 10 ]; then + inst_83=${11} +fi +if [ $# -gt 11 ]; then + inst_84=${12} +fi -if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ]; then +if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ] || [ $inst_84 -eq 1 ]; then inst_repo=1 fi @@ -77,6 +93,10 @@ echo "inst_72=$inst_72" echo "inst_73=$inst_73" echo "inst_74=$inst_74" echo "inst_80=$inst_80" +echo "inst_81=$inst_81" +echo "inst_82=$inst_82" +echo "inst_83=$inst_83" +echo "inst_84=$inst_84" echo "wait_to_press_enter=$wait_to_press_enter" press_enter "=== Press enter to continue ===============================================================================" @@ -85,18 +105,20 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - if [ $debian_version -eq 8 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ jessie main" > /etc/apt/sources.list.d/php.list' + if [ $debian_version -ge 11 ]; then + wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi - if [ $debian_version -eq 9 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/php.list' + # if [ $debian_version -eq 10 ]; then + # sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' + # fi + if [ $debian_version -eq 11 ]; then + sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' fi - if [ $debian_version -eq 10 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' + if [ $debian_version -eq 12 ]; then + sh -c 'echo "deb https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php.list' fi apt update - apt upgrade -y + # apt upgrade -y press_enter "=== Press enter to continue ===============================================================================" fi @@ -107,7 +129,7 @@ service apache2 restart if [ "$inst_56" -eq 1 ]; then press_enter "=== Press enter to install PHP 5.6 ===============================================================================" - apt -y install php5.6-mbstring php5.6-bcmath php5.6-cli php5.6-curl php5.6-fpm php5.6-gd php5.6-intl php5.6-mcrypt php5.6-mysql php5.6-soap php5.6-xml php5.6-zip php5.6-memcache php5.6-memcached + apt -y install php5.6-mbstring php5.6-bcmath php5.6-cli php5.6-curl php5.6-fpm php5.6-gd php5.6-intl php5.6-mcrypt php5.6-mysql php5.6-soap php5.6-xml php5.6-zip php5.6-memcache php5.6-memcached php5.6-imagick update-rc.d php5.6-fpm defaults a2enconf php5.6-fpm systemctl restart apache2 @@ -126,7 +148,7 @@ fi if [ "$inst_70" -eq 1 ]; then press_enter "=== Press enter to install PHP 7.0 ===============================================================================" - apt -y install php7.0-mbstring php7.0-bcmath php7.0-cli php7.0-curl php7.0-fpm php7.0-gd php7.0-intl php7.0-mcrypt php7.0-mysql php7.0-soap php7.0-xml php7.0-zip php7.0-memcache php7.0-memcached + apt -y install php7.0-mbstring php7.0-bcmath php7.0-cli php7.0-curl php7.0-fpm php7.0-gd php7.0-intl php7.0-mcrypt php7.0-mysql php7.0-soap php7.0-xml php7.0-zip php7.0-memcache php7.0-memcached php7.0-imagick update-rc.d php7.0-fpm defaults a2enconf php7.0-fpm systemctl restart apache2 @@ -142,12 +164,15 @@ if [ "$inst_70" -eq 1 ]; then if [ $debian_version -eq 10 ]; then cp /etc/php/7.3/fpm/php.ini /etc/php/7.0/fpm/php.ini fi + if [ $debian_version -eq 11 ]; then + cp /etc/php/7.4/fpm/php.ini /etc/php/7.0/fpm/php.ini + fi press_enter "=== Press enter to continue ===============================================================================" fi if [ "$inst_71" -eq 1 ]; then press_enter "=== Press enter to install PHP 7.1 ===============================================================================" - apt -y install php7.1-mbstring php7.1-bcmath php7.1-cli php7.1-curl php7.1-fpm php7.1-gd php7.1-intl php7.1-mcrypt php7.1-mysql php7.1-soap php7.1-xml php7.1-zip php7.1-memcache php7.1-memcached + apt -y install php7.1-mbstring php7.1-bcmath php7.1-cli php7.1-curl php7.1-fpm php7.1-gd php7.1-intl php7.1-mcrypt php7.1-mysql php7.1-soap php7.1-xml php7.1-zip php7.1-memcache php7.1-memcached php7.1-imagick update-rc.d php7.1-fpm defaults a2enconf php7.1-fpm systemctl restart apache2 @@ -163,12 +188,15 @@ if [ "$inst_71" -eq 1 ]; then if [ $debian_version -eq 10 ]; then cp /etc/php/7.3/fpm/php.ini /etc/php/7.1/fpm/php.ini fi + if [ $debian_version -eq 11 ]; then + cp /etc/php/7.4/fpm/php.ini /etc/php/7.1/fpm/php.ini + fi press_enter "=== Press enter to continue ===============================================================================" fi if [ "$inst_72" -eq 1 ]; then press_enter "=== Press enter to install PHP 7.2 ===============================================================================" - apt -y install php7.2-mbstring php7.2-bcmath php7.2-cli php7.2-curl php7.2-fpm php7.2-gd php7.2-intl php7.2-mysql php7.2-soap php7.2-xml php7.2-zip php7.2-memcache php7.2-memcached + apt -y install php7.2-mbstring php7.2-bcmath php7.2-cli php7.2-curl php7.2-fpm php7.2-gd php7.2-intl php7.2-mysql php7.2-soap php7.2-xml php7.2-zip php7.2-memcache php7.2-memcached php7.2-imagick update-rc.d php7.2-fpm defaults a2enconf php7.2-fpm systemctl restart apache2 @@ -184,12 +212,15 @@ if [ "$inst_72" -eq 1 ]; then if [ $debian_version -eq 10 ]; then cp /etc/php/7.3/fpm/php.ini /etc/php/7.2/fpm/php.ini fi + if [ $debian_version -eq 11 ]; then + cp /etc/php/7.4/fpm/php.ini /etc/php/7.2/fpm/php.ini + fi press_enter "=== Press enter to continue ===============================================================================" fi if [ "$inst_73" -eq 1 ]; then press_enter "=== Press enter to install PHP 7.3 ===============================================================================" - apt -y install php7.3-mbstring php7.3-bcmath php7.3-cli php7.3-curl php7.3-fpm php7.3-gd php7.3-intl php7.3-mysql php7.3-soap php7.3-xml php7.3-zip php7.3-memcache php7.3-memcached + apt -y install php7.3-mbstring php7.3-bcmath php7.3-cli php7.3-curl php7.3-fpm php7.3-gd php7.3-intl php7.3-mysql php7.3-soap php7.3-xml php7.3-zip php7.3-memcache php7.3-memcached php7.3-imagick update-rc.d php7.3-fpm defaults a2enconf php7.3-fpm systemctl restart apache2 @@ -206,12 +237,15 @@ if [ "$inst_73" -eq 1 ]; then if [ $debian_version -eq 9 ]; then cp /etc/php/7.0/apache2/php.ini /etc/php/7.3/fpm/php.ini fi + if [ $debian_version -eq 11 ]; then + cp /etc/php/7.4/fpm/php.ini /etc/php/7.3/fpm/php.ini + fi press_enter "=== Press enter to continue ===============================================================================" fi if [ "$inst_74" -eq 1 ]; then press_enter "=== Press enter to install PHP 7.4 ===============================================================================" - apt -y install php7.4-mbstring php7.4-bcmath php7.4-cli php7.4-curl php7.4-fpm php7.4-gd php7.4-intl php7.4-mysql php7.4-soap php7.4-xml php7.4-zip php7.4-memcache php7.4-memcached + apt -y install php7.4-mbstring php7.4-bcmath php7.4-cli php7.4-curl php7.4-fpm php7.4-gd php7.4-intl php7.4-mysql php7.4-soap php7.4-xml php7.4-zip php7.4-memcache php7.4-memcached php7.4-imagick update-rc.d php7.4-fpm defaults a2enconf php7.4-fpm apt-get -y remove libapache2-mod-php7.4 @@ -237,7 +271,7 @@ fi if [ "$inst_80" -eq 1 ]; then press_enter "=== Press enter to install PHP 8.0 ===============================================================================" - apt -y install php8.0-mbstring php8.0-bcmath php8.0-cli php8.0-curl php8.0-fpm php8.0-gd php8.0-intl php8.0-mysql php8.0-soap php8.0-xml php8.0-zip php8.0-memcache php8.0-memcached + apt -y install php8.0-mbstring php8.0-bcmath php8.0-cli php8.0-curl php8.0-fpm php8.0-gd php8.0-intl php8.0-mysql php8.0-soap php8.0-xml php8.0-zip php8.0-memcache php8.0-memcached php8.0-imagick update-rc.d php8.0-fpm defaults a2enconf php8.0-fpm a2dismod php8.0 @@ -262,22 +296,168 @@ if [ "$inst_80" -eq 1 ]; then press_enter "=== PHP 8.0 installed, press enter to continue ===============================================================================" fi +if [ "$inst_81" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.1 ===============================================================================" + apt -y install php8.1-mbstring php8.1-bcmath php8.1-cli php8.1-curl php8.1-fpm php8.1-gd php8.1-intl php8.1-mysql php8.1-soap php8.1-xml php8.1-zip php8.1-memcache php8.1-memcached php8.1-imagick + update-rc.d php8.1-fpm defaults + a2enconf php8.1-fpm + a2dismod php8.1 + apt-get -y remove libapache2-mod-php8.1 + systemctl restart apache2 + cp -r /etc/php/8.1/ /root/vst_install_backups/php8.1/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-81.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-81.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-81.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-81.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-81.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-81.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-81-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-81-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-81-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-81-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-81-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-81-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-81.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-81-public.sh + echo "=== Patching php.ini for php8.1" + wget -nv https://c.myvestacp.com/tools/patches/php8.1.patch -O /root/php8.1.patch + patch /etc/php/8.1/fpm/php.ini < /root/php8.1.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.1/fpm/php.ini + fi + service php8.1-fpm restart + press_enter "=== PHP 8.1 installed, press enter to continue ===============================================================================" +fi -apt update -apt upgrade -y +if [ "$inst_82" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.2 ===============================================================================" + apt -y install php8.2-mbstring php8.2-bcmath php8.2-cli php8.2-curl php8.2-fpm php8.2-gd php8.2-intl php8.2-mysql php8.2-soap php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-imagick + update-rc.d php8.2-fpm defaults + a2enconf php8.2-fpm + a2dismod php8.2 + apt-get -y remove libapache2-mod-php8.2 + systemctl restart apache2 + cp -r /etc/php/8.2/ /root/vst_install_backups/php8.2/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-82.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-82.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-82.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-82-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-82-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-82-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82-public.sh + echo "=== Patching php.ini for php8.2" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.2.patch + patch /etc/php/8.2/fpm/php.ini < /root/php8.2.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.2/fpm/php.ini + fi + service php8.2-fpm restart + press_enter "=== PHP 8.2 installed, press enter to continue ===============================================================================" +fi -if [ $debian_version -eq 10 ]; then - a2dismod ruid2 - a2dismod suexec - a2dismod php5.6 - a2dismod php7.0 - a2dismod php7.1 - a2dismod php7.2 - a2dismod php7.3 - a2dismod php7.4 - a2dismod php8.0 - a2dismod mpm_prefork - a2enmod mpm_event - apt-get -y remove libapache2-mod-php8.0 +if [ "$inst_83" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.3 ===============================================================================" + apt -y install php8.3-mbstring php8.3-bcmath php8.3-cli php8.3-curl php8.3-fpm php8.3-gd php8.3-intl php8.3-mysql php8.3-soap php8.3-xml php8.3-zip php8.3-memcache php8.3-memcached php8.3-imagick + update-rc.d php8.3-fpm defaults + a2enconf php8.3-fpm + a2dismod php8.3 + apt-get -y remove libapache2-mod-php8.3 + systemctl restart apache2 + cp -r /etc/php/8.3/ /root/vst_install_backups/php8.3/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh + echo "=== Patching php.ini for php8.3" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.3.patch + patch /etc/php/8.3/fpm/php.ini < /root/php8.3.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.3/fpm/php.ini + fi + service php8.3-fpm restart + press_enter "=== PHP 8.3 installed, press enter to continue ===============================================================================" +fi + +if [ "$inst_84" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.4 ===============================================================================" + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick + update-rc.d php8.4-fpm defaults + a2enconf php8.4-fpm + a2dismod php8.4 + apt-get -y remove libapache2-mod-php8.4 + systemctl restart apache2 + cp -r /etc/php/8.4/ /root/vst_install_backups/php8.4/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + echo "=== Patching php.ini for php8.4" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.4.patch + patch /etc/php/8.4/fpm/php.ini < /root/php8.4.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.4/fpm/php.ini + fi + service php8.4-fpm restart + press_enter "=== PHP 8.4 installed, press enter to continue ===============================================================================" +fi + + +# apt update > /dev/null 2>&1 +# apt upgrade -y > /dev/null 2>&1 + +if [ $debian_version -ge 10 ]; then + a2dismod ruid2 > /dev/null 2>&1 + a2dismod suexec > /dev/null 2>&1 + a2dismod php5.6 > /dev/null 2>&1 + a2dismod php7.0 > /dev/null 2>&1 + a2dismod php7.1 > /dev/null 2>&1 + a2dismod php7.2 > /dev/null 2>&1 + a2dismod php7.3 > /dev/null 2>&1 + a2dismod php7.4 > /dev/null 2>&1 + a2dismod php8.0 > /dev/null 2>&1 + a2dismod php8.1 > /dev/null 2>&1 + a2dismod php8.2 > /dev/null 2>&1 + a2dismod php8.3 > /dev/null 2>&1 + a2dismod php8.4 > /dev/null 2>&1 + a2dismod mpm_prefork > /dev/null 2>&1 + a2enmod mpm_event > /dev/null 2>&1 + apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 service apache2 restart fi + +if [ -f "/usr/share/phpgate/phpgate.php" ]; then + echo "=== upgrading phpgate" + /usr/local/vesta/bin/v-commander 'm' 'inst pgw' 'q' + echo "=== upgrading phpgate done." + echo "" +fi + +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + echo "=== upgrading tailf_apache_error.php" + wget -nv http://dl.myvestacp.com/vesta/tailf.php -O /usr/local/bin/tailf.php + wget -nv http://dl.myvestacp.com/vesta/tailf_apache_error.php -O /usr/local/bin/tailf_apache_error.php + wget -nv http://dl.myvestacp.com/vesta/see-apache-processlist-once.sh -O /usr/local/bin/see-apache-processlist-once.sh + wget -nv http://dl.myvestacp.com/vesta/see-mysql-processlist-once.sh -O /usr/local/bin/see-mysql-processlist-once.sh + chmod u+x /usr/local/bin/see-apache-processlist-once.sh + chmod u+x /usr/local/bin/see-mysql-processlist-once.sh + + # ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" + # echo $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') + kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') + sleep 1 + # ps -Af | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" + # sleep 1 + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & + echo "=== upgrading tailf_apache_error.php done." + sleep 3 + echo "" +fi + +# Fixing php.ini files to have the correct disable_functions line +/usr/local/vesta/bin/v-fix-php-ini-disable-functions + +echo "Everything done." +echo "" diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl new file mode 100644 index 00000000..7597746c --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # #ssl_on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + # BEGIN SMUSH-WEBP + location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" { + root %sdocroot%; + add_header Vary Accept; + expires max; + set $image_path $2; + if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") { + break; + } + if ($http_accept !~* "webp") { + break; + } + # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp; + try_files /wp-content/smush-webp/$image_path.webp $uri =404; + } + # END SMUSH-WEBP + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl new file mode 100644 index 00000000..7e408254 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + # BEGIN SMUSH-WEBP + location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" { + root %sdocroot%; + add_header Vary Accept; + expires max; + set $image_path $2; + if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") { + break; + } + if ($http_accept !~* "webp") { + break; + } + # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp; + try_files /wp-content/smush-webp/$image_path.webp $uri =404; + } + # END SMUSH-WEBP + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl new file mode 100644 index 00000000..3bed6ce3 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + set $cache_uri $request_uri; + set $caching 'ON'; + + # POST requests and urls with a query string should always go to PHP + if ($request_method = POST) { + set $caching 'OFF'; + } + + if ($query_string ~* "(fb_action_ids=|fb_action_types=|fb_source=|fbclid=|utm_source=|utm_campaign=|utm_medium=|utm_expid=|utm_term=|utm_content=|utm_id=|utm_source_platform=|utm_creative_format=|utm_marketing_tactic=|_ga=|gclid=|campaignid=|adgroupid=|adid=|gbraid=|wbraid=|_gl=|gclsrc=|gdfms=|gdftrk=|gdffi=|_ke=|_kx=|trk_contact=|trk_msg=|trk_module=|trk_sid=|mc_cid=|mc_eid=|mkwid=|pcrid=|mtm_source=|mtm_medium=|mtm_campaign=|mtm_keyword=|mtm_cid=|mtm_content=|msclkid=|epik=|pp=|pk_source=|pk_medium=|pk_campaign=|pk_keyword=|pk_cid=|pk_content=|redirect_log_mongo_id=|redirect_mongo_id=|sb_referer_host=)") { + set $query_string_cachable 1; + } + + if ($query_string != "") { + set $query_string_cacheable 1$query_string_cacheable; + } + + if ($query_string_cacheable = 11) { + set $caching 'ON'; + } + + if ($query_string_cacheable = 1) { + set $caching 'OFF'; + } + + # Don't cache uris containing the following segments + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0–9_-]+-sitemap([0–9]+)?.xml)") { + set $caching 'OFF'; + } + + # Don't use the cache for logged-in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0–9]+|wp-postpass|wordpress_logged_in") { + set $caching 'OFF'; + } + + if ($caching = 'ON') { + set $cachefile "/wp-content/cache/supercache/$http_host/$cache_uri/index-https.html"; + set $cachestatus 'HIT'; + } + + if ($caching = 'OFF') { + set $cachestatus 'MISS'; + } + + add_header X-Cache-Status $cachestatus; + add_header X-Cache-File $cachefile; + + location / { + try_files $cachefile @fallback; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl new file mode 100644 index 00000000..f49e99dc --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.tpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.tpl new file mode 100644 index 00000000..29aadf7b --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl new file mode 100644 index 00000000..1387a879 --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass https://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.tpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl new file mode 100644 index 00000000..f49e99dc --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.tpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl new file mode 100644 index 00000000..70fa2866 --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -0,0 +1,70 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:4000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + + location /app { + proxy_pass http://127.0.0.1:6001; + proxy_set_header Host $host; + proxy_read_timeout 60; + proxy_connect_timeout 60; + proxy_redirect off; + + # Allow the use of websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.tpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.tpl new file mode 100644 index 00000000..ee8db90e --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.tpl @@ -0,0 +1,25 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } + + location /app { + proxy_pass http://127.0.0.1:6001; + proxy_set_header Host $host; + proxy_read_timeout 60; + proxy_connect_timeout 60; + proxy_redirect off; + + # Allow the use of websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + + +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl new file mode 100644 index 00000000..415b6f9c --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + location / { + # reverse proxy for next server + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + # we need to remove this 404 handling + # because next's _next folder and own handling + # try_files $uri $uri/ =404; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.tpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.tpl new file mode 100644 index 00000000..a62f7275 --- /dev/null +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.tpl @@ -0,0 +1,30 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + # reverse proxy for next server + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + # we need to remove this 404 handling + # because next's _next folder and own handling + # try_files $uri $uri/ =404; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/patches/exim_forwarding.patch b/src/deb/for-download/tools/patches/exim_forwarding.patch new file mode 100644 index 00000000..dcefe327 --- /dev/null +++ b/src/deb/for-download/tools/patches/exim_forwarding.patch @@ -0,0 +1,14 @@ +--- old 2023-03-23 14:17:42.536656160 +0100 ++++ new 2023-03-24 23:07:08.186018906 +0100 +@@ -140,6 +140,11 @@ + + warn set acl_m3 = no + ++ warn !authenticated = * ++ hosts = !+relay_from_hosts ++ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} ++ set acl_m3 = yes ++ + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] diff --git a/src/deb/for-download/tools/patches/exim_helo_authenticated.patch b/src/deb/for-download/tools/patches/exim_helo_authenticated.patch new file mode 100644 index 00000000..9dd8dbad --- /dev/null +++ b/src/deb/for-download/tools/patches/exim_helo_authenticated.patch @@ -0,0 +1,14 @@ +--- /etc/exim4/exim4.conf.template.orig 2023-04-12 19:05:20.745847763 +0200 ++++ /etc/exim4/exim4.conf.template 2023-04-12 19:34:29.000000000 +0200 +@@ -94 +94,2 @@ +- drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid ++ drop !authenticated = * ++ message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid +@@ -100 +101,2 @@ +- drop condition = ${if isip{$sender_helo_name}} ++ drop !authenticated = * ++ condition = ${if isip{$sender_helo_name}} +@@ -103 +105,2 @@ +- drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} ++ drop !authenticated = * ++ condition = ${if eq{[$interface_address]}{$sender_helo_name}} diff --git a/src/deb/for-download/tools/patches/fix-fpm-poold.sh b/src/deb/for-download/tools/patches/fix-fpm-poold.sh new file mode 100644 index 00000000..311ef9cd --- /dev/null +++ b/src/deb/for-download/tools/patches/fix-fpm-poold.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +if [ -d "/etc/php" ]; then + OLDVAL='php_admin_value\[upload_max_filesize\] = 80M' + NEWVAL='php_admin_value\[upload_max_filesize\] = 800M' + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + + OLDVAL='php_admin_value\[post_max_size\] = 80M' + NEWVAL='php_admin_value\[post_max_size\] = 800M' + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + + OLDVAL='php_admin_value\[memory_limit\] = 256M' + NEWVAL='php_admin_value\[memory_limit\] = 512M' + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + + OLDVAL='pm.max_children = ' + NEWVAL='pm.max_children = 3' + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + + OLDVAL='request_terminate_timeout = ' + NEWVAL='request_terminate_timeout = 360s' + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + + OLDVAL='php_admin_value\[max_execution_time\] = ' + NEWVAL='php_admin_value\[max_execution_time\] = 300' + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + + systemctl --full --type service --all | grep "php...-fpm" | awk '{print $1}' | xargs systemctl restart +fi + +if [ -f "/etc/apache2/mods-enabled/mpm_event.conf" ]; then + rm /etc/apache2/mods-enabled/mpm_event.conf + ln -s /etc/apache2/mods-available/mpm_event.conf /etc/apache2/mods-enabled/mpm_event.conf + sed -i "s#MaxRequestWorkers.*#MaxRequestWorkers 200#g" /etc/apache2/mods-available/mpm_event.conf + systemctl restart apache2 +fi diff --git a/src/deb/for-download/tools/patches/force-https.patch b/src/deb/for-download/tools/patches/force-https.patch new file mode 100644 index 00000000..05c2004d --- /dev/null +++ b/src/deb/for-download/tools/patches/force-https.patch @@ -0,0 +1,11 @@ +--- force-https.tpl.orig 2023-03-25 18:15:15.577555584 +0100 ++++ force-https.tpl 2023-03-25 16:51:48.044997322 +0100 +@@ -2,7 +2,7 @@ + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { +- rewrite ^(.*) https://%domain_idn%$1 permanent; ++ rewrite ^(.*) https://$host$1 permanent; + } + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + } diff --git a/src/deb/for-download/tools/patches/php8.1.patch b/src/deb/for-download/tools/patches/php8.1.patch new file mode 100644 index 00000000..9e1648ab --- /dev/null +++ b/src/deb/for-download/tools/patches/php8.1.patch @@ -0,0 +1,81 @@ +--- /etc/php/8.1/fpm/php.ini.orig 2023-03-16 15:37:38.000000000 +0100 ++++ /etc/php/8.1/fpm/php.ini 2023-03-22 14:58:38.000000000 +0100 +@@ -320,7 +320,7 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; https://php.net/disable-functions +-disable_functions = ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -423,7 +423,7 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; How many multipart body parts (combined input variable and file uploads) may + ; be accepted. +@@ -432,7 +432,7 @@ + + ; Maximum amount of memory a script may consume + ; https://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -700,7 +700,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; https://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 50M + + ; Automatically add files before PHP document. + ; https://php.net/auto-prepend-file +@@ -852,7 +852,7 @@ + + ; Maximum allowed size for uploaded files. + ; https://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1103,7 +1103,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1774,20 +1774,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/src/deb/for-download/tools/patches/php8.2.patch b/src/deb/for-download/tools/patches/php8.2.patch new file mode 100644 index 00000000..ed127499 --- /dev/null +++ b/src/deb/for-download/tools/patches/php8.2.patch @@ -0,0 +1,81 @@ +--- /etc/php/8.2/fpm/php.ini.orig 2023-03-21 14:35:10.000000000 +0100 ++++ /etc/php/8.2/fpm/php.ini 2023-03-21 14:43:42.000000000 +0100 +@@ -320,7 +320,7 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; https://php.net/disable-functions +-disable_functions = ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -423,7 +423,7 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; How many multipart body parts (combined input variable and file uploads) may + ; be accepted. +@@ -432,7 +432,7 @@ + + ; Maximum amount of memory a script may consume + ; https://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -700,7 +700,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; https://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 80M + + ; Automatically add files before PHP document. + ; https://php.net/auto-prepend-file +@@ -852,7 +852,7 @@ + + ; Maximum allowed size for uploaded files. + ; https://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 80M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1108,7 +1108,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1786,20 +1786,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl index 2597eb7f..1f67154e 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } @@ -29,6 +30,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.tpl index 851ac0dc..5a463370 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl index 6d4250ff..dfd00270 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } @@ -29,6 +30,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.tpl index 851ac0dc..5a463370 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl index ab527372..6d632713 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } @@ -29,6 +30,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.tpl index 851ac0dc..5a463370 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl new file mode 100644 index 00000000..b263d6b5 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl index dbb239fb..db6ab623 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass https://%ip%:%web_ssl_port%; } @@ -29,6 +30,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.tpl index 851ac0dc..5a463370 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.tpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; location / { - rewrite ^(.*) https://%domain_idn%$1 permanent; + rewrite ^(.*) https://$host$1 permanent; } include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl index 87c34de1..8435a72b 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } @@ -29,6 +30,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl index cfcba2e8..2cc5c781 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } @@ -26,6 +27,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl index 4318c814..856ebd56 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } @@ -29,6 +30,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl index d09c841b..5bf3fbf8 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } @@ -26,6 +27,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl index 24bf0c1f..5d42830f 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } @@ -29,6 +30,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl index 3b382c15..e57dbd1a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } @@ -26,6 +27,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl new file mode 100644 index 00000000..44f6162c --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl @@ -0,0 +1,92 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl new file mode 100644 index 00000000..b263d6b5 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl new file mode 100644 index 00000000..7203b88c --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl @@ -0,0 +1,92 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl index a5d163e3..42bc195b 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass https://%ip%:%web_ssl_port%; } @@ -29,6 +30,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl index 1441a6a9..177a71c6 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass http://%ip%:%web_port%; } @@ -26,6 +27,7 @@ server { } location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} location ~ /\.hg/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 8710008c..8f4d4e88 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -12,7 +12,7 @@ grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then - sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf + sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf echo "=== Added rate_limit to nginx.conf" fi @@ -22,6 +22,18 @@ if [ "$grepc" -eq 1 ]; then echo "=== Decrease addr zone to 1mb to nginx.conf" fi +grepc=$(grep -c 'zone=zone_site:1m' /etc/nginx/nginx.conf) +if [ "$grepc" -eq 0 ]; then + sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;|g' /etc/nginx/nginx.conf + echo "=== Added rate_limit 'zone_site' to nginx.conf" +fi + +grepc=$(grep -c 'zone=wfone:1m' /etc/nginx/nginx.conf) +if [ "$grepc" -eq 0 ]; then + sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;|g' /etc/nginx/nginx.conf + echo "=== Added rate_limit 'wfone' to nginx.conf" +fi + grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf) if [ "$grepc" -eq 1 ]; then sed -i 's|zone=one:10m|zone=one:1m|g' /etc/nginx/nginx.conf @@ -54,4 +66,14 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-burst wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl -service nginx restart +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl + +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl + +systemctl restart nginx diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-force-https.stpl new file mode 100644 index 00000000..58f1e9fa --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-force-https.stpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %sdocroot%; + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-hosting.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-hosting.stpl new file mode 100644 index 00000000..d4eaeed8 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-hosting.stpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %sdocroot%; + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-hosting.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-hosting.tpl new file mode 100644 index 00000000..3b162038 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-hosting.tpl @@ -0,0 +1,39 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %docroot%; + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl new file mode 100644 index 00000000..2a6a7671 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -0,0 +1,73 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %sdocroot%; + + # Serve WebP if browser supports it + location ~* ^/wp-content/.*\.(png|jpe?g)$ { + add_header Vary Accept; + expires 365d; + + if ($http_accept !~* "webp") { + break; + } + + try_files + /wp-content/webp-express/webp-images/doc-root/$uri.webp + $uri.webp + @webp_on_demand; + } + + # Route .webp requests to converter if not found + location @webp_on_demand { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow .webp passthrough (trigger php fallback if not found) + location ~* ^/wp-content/.*\.(png|jpe?g)\.webp$ { + try_files + $uri + @webp_realizer; + } + + location @webp_realizer { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow PHP access to WebP Express WOD handler + location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/roundcube-filters.tgz b/src/deb/for-download/tools/roundcube-filters.tgz new file mode 100644 index 00000000..c7c49690 Binary files /dev/null and b/src/deb/for-download/tools/roundcube-filters.tgz differ diff --git a/src/deb/for-download/tools/scanps/scanps.php b/src/deb/for-download/tools/scanps/scanps.php new file mode 100644 index 00000000..d2dbd2b3 --- /dev/null +++ b/src/deb/for-download/tools/scanps/scanps.php @@ -0,0 +1,60 @@ + /dev/null 2>&1 + +function my_exec($command) { + $out=array(); + $ret_no=0; + if (strpos($command, " > ")!==FALSE) $command.=" 2> /dev/null"; + else { + if (strpos($command, " 2>&1")===FALSE) $command.=" 2>&1"; + } + $ret = exec($command, $out, $ret_no); + return implode("\n", $out); +} + +function is_there($list, $what) { + $arr=explode("\n", $list); + $c=count($arr); + for ($i=1; $i<$c; $i++) if (strpos($arr[$i], $what)!==false) return true; + return false; +} + +$list=my_exec("ps -Af"); +if (is_there($list, "apt")) exit; // the server is in upgrading proccess + +$search_for1="mysqld"; +$search_for2="mariadbd"; +$v1=is_there($list, $search_for1); +$v2=is_there($list, $search_for2); +$sufix=""; + +if ($v1==false && $v2==false) { + echo "- reboot\n"; + $buffer="- reboot\n".$list; + $sufix="_".time(); + $fp = fopen('/var/log/scanps_cron'.$sufix.'.log', 'w'); + fwrite($fp, $buffer); + fclose($fp); + $out=array(); + $ret_no=0; + $uname_arr=posix_uname(); + $hostname=$uname_arr['nodename']; + $email=my_exec("export VESTA=/usr/local/vesta && /usr/local/vesta/bin/v-list-user 'admin' | grep 'EMAIL' | awk '{print $2}'"); + mail($email, 'VPS reboot - '.$hostname, $buffer, "From: ".$hostname." "); + sleep(10); + $ret = exec("sudo reboot", $out, $ret_no); + exit; +} else { + echo "- mysql ok\n"; + $fp = fopen('/var/log/scanps_cron.log', 'w'); + fwrite($fp, "- mysql ok"); + fclose($fp); + exit; +} diff --git a/src/deb/for-download/tools/scanps/scanps.sh b/src/deb/for-download/tools/scanps/scanps.sh new file mode 100644 index 00000000..b693d21a --- /dev/null +++ b/src/deb/for-download/tools/scanps/scanps.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# run 'crontab -e' and add the following: +# */5 * * * * /home/scanps.sh > /dev/null 2>&1 + +cd /home +php scanps.php \ No newline at end of file diff --git a/src/deb/for-download/tools/spamassassin/barracuda.cf b/src/deb/for-download/tools/spamassassin/barracuda.cf new file mode 100644 index 00000000..4d5aa0c4 --- /dev/null +++ b/src/deb/for-download/tools/spamassassin/barracuda.cf @@ -0,0 +1,9 @@ +header IN_BCUDA_RBL rbleval:check_rbl('bcuda', 'b.barracudacentral.org') +describe IN_BCUDA_RBL Received via a relay listed by Barracuda BRBL +tflags IN_BCUDA_RBL net +score RCVD_IN_BCUDA_RBL 1.00 + +header RCVD_IN_BCUDA_RELAY rbleval:check_rbl_sub('bcuda', '127.0.0.2') +describe RCVD_IN_BCUDA_RELAY BCUDA: relay ip is convicted spammer +tflags RCVD_IN_BCUDA_RELAY net +score RCVD_IN_BCUDA_RELAY 4.00 diff --git a/src/deb/ioncube/copyright b/src/deb/ioncube/copyright index bd92bd81..c62257d2 100644 --- a/src/deb/ioncube/copyright +++ b/src/deb/ioncube/copyright @@ -1,243 +1,243 @@ -LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE -OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) - -YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE -LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP -LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU -DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY -AND/OR USE THE LOADER SOFTWARE. - -DEFINITIONS - -The following definitions shall apply in this document: - -LOADER shall mean the ionCube PHP Loader software package or collection -of Loaders, including any modifications or upgrades to the software, used for -executing PHP scripts previously encoded with the ionCube PHP Encoder -software to render them non-humanly readable, and any associated -documentation or electronic or online materials relating to the software. - -ENCODER shall mean any ionCube PHP Encoder software or service used for the -purpose of producing non-humanly readable encoded files from PHP scripts. - -ENCODED FILE shall mean a non-humanly readable file produced by the -Encoder and being derived from humanly readable PHP script source. - -PROVIDER shall mean ionCube Ltd. - -USER/YOU shall mean any entity who has downloaded or obtained through any -other means a version of the Loader software. - - -1 LICENSE ENTITLEMENT - -1.1 The Loader is provided without charge. Title to the Loader does not pass -to the user in any circumstances. The Loader is supplied as object code. - -1.2 The provider grants a personal, non-transferable, non-exclusive licence to -use the Loader in accordance with the terms and conditions of this Licence -Agreement. - -1.3 The installation or downloading and use of the Loader entitles the user -to install and use the Loader for its own internal lawful purposes. - - -2 DISTRIBUTION - -2.1 The Loader may be freely distributed to third parties alone or as -part of a distribution containing other items provided that this license -is also included. - -2.2 The Loader may under no circumstances be branded as another product, -whether distributed or not. - -2.3 Distribution as part of a commercial product is permitted provided such -distribution is in accordance with clauses 2.1 and 2.2 with respect to the -Loader. - - -3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION - -Except insofar as the user is permitted to do so in accordance with applicable -law: - -3.1 Any analysis of the Loader and embedded data by any means and by -any entity whether human or otherwise and including but without limitation to -discover details of internal operation, to reverse engineer, to de-compile -object code, or to modify for the purposes of modifying behaviour is -forbidden. - -3.2 Any analysis of encoded files by any means and by any entity whether human -or otherwise and including but without limitation to discover details of file -format or for the purposes of modifying behaviour or scope of their usage is -forbidden. - - -4 WARRANTY - -THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED -WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE -DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED -OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN -CONJUNCTION WITH ANY OTHER PRODUCT. - - -5 LIMITATION OF LIABILITY - -5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY -PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER -CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE -AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS -EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL -WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING -FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR -OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY -LAW. - -5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT -ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS -A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS -OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE -PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH -DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS -TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. - -5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS -LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE -PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. - -5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY -E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY -THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING -TRANSMISSION. - - -6 BUG FIXING AND PRODUCT SUPPORT - -6.1 The provider will use reasonable endeavours to provide support to users. -The provider will at their discretion only provide support for the latest -release. - -6.2 Support comprises of fault reporting via tickets and fault diagnosis, -recommendations on workarounds, and where reasonably possible a timely -resolution. - -6.3 The user accepts that on occasion the ability of the provider to meet -anticipated or published support schedules may be impaired due to, but without -limitation, Internet service provider failures or software failures that -affect the ability to communicate for an indeterminate period. - -6.4 The provider reserves the right to refuse to provide support at any time. - -6.5 The provider wishes to maintain and offer a product of the highest -possible quality, and accordingly may from time to time and at its discretion -make product changes for the purpose of correcting behaviour in variance to -the published specification or the user's reasonable expectations. - -6.6 The provider reserves the right to charge for support where the user does -not have a valid support plan in place, or where the support offered exceeds -the scope of the active support plan. - - -7 PRODUCT UPGRADES - -7.1 The provider may from time to time release product upgrades. These will -be provided free of charge and attempts made to provide a timely notification -to customers of the existence of any new release. - - -8 ERRORS AND OMISSIONS - -Whilst reasonable endeavours are made to ensure the accuracy of documentation -concerning the details of the Loader, the user accepts the possibility of -inaccuracies in information presented in any format, including email -communications and online services. The provider shall under no circumstances -be liable for any events that arise as a result of unintentional inaccuracies -or omissions. - - -9 USER INDEMNITY - -You agree to fully indemnify, defend and hold the provider harmless -immediately upon demand from and against all actions, liability, claims, -losses, damages, costs and expenses (including legal/attorney fees) incurred -by the provider arising directly or indirectly as a result of your breach of -this Licence Agreement. - - -10 INTELLECTUAL PROPERTY RIGHTS - -10.1 The user acknowledges that the Loader and associated documentation and -materials contain proprietary information of the provider and are and shall -remain the exclusive property of the provider and/or its licensors and all -title, copyright, trade marks, trade names, patents and other intellectual -property rights therein of whatever nature shall remain the sole property of -the provider and/or its licensors. - -10.2 No title to or rights of ownership, copyright or other intellectual -property in the Loader is transferred to the user (other than the licence -rights expressly granted in this Licence Agreement). - - -11 TERMINATION - -11.1 The provider reserves the right to terminate this Licence Agreement -immediately by notice in writing against the user if the user is in breach of -any terms and conditions of this Licence Agreement. - -11.2 Termination of this Licence Agreement for any reason shall be without -prejudice to any other rights or remedies of the provider which may have -arisen on or before the date of termination under this Licence Agreement or in -law. - -11.3 The provisions of the following clauses shall survive any termination of -this agreement; clause 3, 5, 10 and 13. - - -12 GENERAL - -12.1 The provider reserves the right to transfer or assign all or any of its -rights and duties and responsibilities set out in this Licence Agreement to -another party. - -12.2 Headings have been included for convenience only and will not be used in -construing any provision of this Licence Agreement. - -12.3 No delay or failure by the provider to exercise any powers, rights or -remedies under this Licence Agreement will operate as a waiver of them nor -will any single or partial exercise of any such powers, rights or remedies -include any other or further exercise of them. - -12.4 If any part of this Licence Agreement is found by a court of competent -jurisdiction or other competent authority to be invalid, unlawful or -unenforceable then such part shall be severed from the remainder of this -Licence Agreement which will continue to be valid and enforceable to the -fullest extent permitted by applicable law. - -12.5 This Licence Agreement including the documents or other sources referred -to herein supersede all prior representations, understandings and agreements -between the user and the provider relating to the Loader and sets forth the -entire agreement and understanding between the user and the provider relating -to the Loader. - -12.6 Nothing in this Licence Agreement shall be deemed to constitute a -partnership between you and the provider nor constitute either party being an -agent of the other party. - -12.7 This Agreement does not create any rights or benefits enforceable by any -person not a party to it (within the meaning of the U.K.Contracts (Rights of -Third Parties) Act 1999) except that a person who under clause 12.1 is a -permitted successor or assignee of the rights or benefits of the provider may -enforce such rights or benefits. - - -13 GOVERNING LAW AND JURISDICTION - -This License Agreement and any issues relating thereto shall be construed and -interpreted in accordance with the laws of England and subject to the -exclusive jurisdiction of the English courts. - -Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 +LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE +OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) + +YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE +LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP +LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU +DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY +AND/OR USE THE LOADER SOFTWARE. + +DEFINITIONS + +The following definitions shall apply in this document: + +LOADER shall mean the ionCube PHP Loader software package or collection +of Loaders, including any modifications or upgrades to the software, used for +executing PHP scripts previously encoded with the ionCube PHP Encoder +software to render them non-humanly readable, and any associated +documentation or electronic or online materials relating to the software. + +ENCODER shall mean any ionCube PHP Encoder software or service used for the +purpose of producing non-humanly readable encoded files from PHP scripts. + +ENCODED FILE shall mean a non-humanly readable file produced by the +Encoder and being derived from humanly readable PHP script source. + +PROVIDER shall mean ionCube Ltd. + +USER/YOU shall mean any entity who has downloaded or obtained through any +other means a version of the Loader software. + + +1 LICENSE ENTITLEMENT + +1.1 The Loader is provided without charge. Title to the Loader does not pass +to the user in any circumstances. The Loader is supplied as object code. + +1.2 The provider grants a personal, non-transferable, non-exclusive licence to +use the Loader in accordance with the terms and conditions of this Licence +Agreement. + +1.3 The installation or downloading and use of the Loader entitles the user +to install and use the Loader for its own internal lawful purposes. + + +2 DISTRIBUTION + +2.1 The Loader may be freely distributed to third parties alone or as +part of a distribution containing other items provided that this license +is also included. + +2.2 The Loader may under no circumstances be branded as another product, +whether distributed or not. + +2.3 Distribution as part of a commercial product is permitted provided such +distribution is in accordance with clauses 2.1 and 2.2 with respect to the +Loader. + + +3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION + +Except insofar as the user is permitted to do so in accordance with applicable +law: + +3.1 Any analysis of the Loader and embedded data by any means and by +any entity whether human or otherwise and including but without limitation to +discover details of internal operation, to reverse engineer, to de-compile +object code, or to modify for the purposes of modifying behaviour is +forbidden. + +3.2 Any analysis of encoded files by any means and by any entity whether human +or otherwise and including but without limitation to discover details of file +format or for the purposes of modifying behaviour or scope of their usage is +forbidden. + + +4 WARRANTY + +THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED +WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE +DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED +OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN +CONJUNCTION WITH ANY OTHER PRODUCT. + + +5 LIMITATION OF LIABILITY + +5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY +PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER +CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE +AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS +EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL +WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING +FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR +OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY +LAW. + +5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT +ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS +A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS +OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE +PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH +DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS +TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. + +5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS +LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE +PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. + +5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY +E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY +THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING +TRANSMISSION. + + +6 BUG FIXING AND PRODUCT SUPPORT + +6.1 The provider will use reasonable endeavours to provide support to users. +The provider will at their discretion only provide support for the latest +release. + +6.2 Support comprises of fault reporting via tickets and fault diagnosis, +recommendations on workarounds, and where reasonably possible a timely +resolution. + +6.3 The user accepts that on occasion the ability of the provider to meet +anticipated or published support schedules may be impaired due to, but without +limitation, Internet service provider failures or software failures that +affect the ability to communicate for an indeterminate period. + +6.4 The provider reserves the right to refuse to provide support at any time. + +6.5 The provider wishes to maintain and offer a product of the highest +possible quality, and accordingly may from time to time and at its discretion +make product changes for the purpose of correcting behaviour in variance to +the published specification or the user's reasonable expectations. + +6.6 The provider reserves the right to charge for support where the user does +not have a valid support plan in place, or where the support offered exceeds +the scope of the active support plan. + + +7 PRODUCT UPGRADES + +7.1 The provider may from time to time release product upgrades. These will +be provided free of charge and attempts made to provide a timely notification +to customers of the existence of any new release. + + +8 ERRORS AND OMISSIONS + +Whilst reasonable endeavours are made to ensure the accuracy of documentation +concerning the details of the Loader, the user accepts the possibility of +inaccuracies in information presented in any format, including email +communications and online services. The provider shall under no circumstances +be liable for any events that arise as a result of unintentional inaccuracies +or omissions. + + +9 USER INDEMNITY + +You agree to fully indemnify, defend and hold the provider harmless +immediately upon demand from and against all actions, liability, claims, +losses, damages, costs and expenses (including legal/attorney fees) incurred +by the provider arising directly or indirectly as a result of your breach of +this Licence Agreement. + + +10 INTELLECTUAL PROPERTY RIGHTS + +10.1 The user acknowledges that the Loader and associated documentation and +materials contain proprietary information of the provider and are and shall +remain the exclusive property of the provider and/or its licensors and all +title, copyright, trade marks, trade names, patents and other intellectual +property rights therein of whatever nature shall remain the sole property of +the provider and/or its licensors. + +10.2 No title to or rights of ownership, copyright or other intellectual +property in the Loader is transferred to the user (other than the licence +rights expressly granted in this Licence Agreement). + + +11 TERMINATION + +11.1 The provider reserves the right to terminate this Licence Agreement +immediately by notice in writing against the user if the user is in breach of +any terms and conditions of this Licence Agreement. + +11.2 Termination of this Licence Agreement for any reason shall be without +prejudice to any other rights or remedies of the provider which may have +arisen on or before the date of termination under this Licence Agreement or in +law. + +11.3 The provisions of the following clauses shall survive any termination of +this agreement; clause 3, 5, 10 and 13. + + +12 GENERAL + +12.1 The provider reserves the right to transfer or assign all or any of its +rights and duties and responsibilities set out in this Licence Agreement to +another party. + +12.2 Headings have been included for convenience only and will not be used in +construing any provision of this Licence Agreement. + +12.3 No delay or failure by the provider to exercise any powers, rights or +remedies under this Licence Agreement will operate as a waiver of them nor +will any single or partial exercise of any such powers, rights or remedies +include any other or further exercise of them. + +12.4 If any part of this Licence Agreement is found by a court of competent +jurisdiction or other competent authority to be invalid, unlawful or +unenforceable then such part shall be severed from the remainder of this +Licence Agreement which will continue to be valid and enforceable to the +fullest extent permitted by applicable law. + +12.5 This Licence Agreement including the documents or other sources referred +to herein supersede all prior representations, understandings and agreements +between the user and the provider relating to the Loader and sets forth the +entire agreement and understanding between the user and the provider relating +to the Loader. + +12.6 Nothing in this Licence Agreement shall be deemed to constitute a +partnership between you and the provider nor constitute either party being an +agent of the other party. + +12.7 This Agreement does not create any rights or benefits enforceable by any +person not a party to it (within the meaning of the U.K.Contracts (Rights of +Third Parties) Act 1999) except that a person who under clause 12.1 is a +permitted successor or assignee of the rights or benefits of the provider may +enforce such rights or benefits. + + +13 GOVERNING LAW AND JURISDICTION + +This License Agreement and any issues relating thereto shall be construed and +interpreted in accordance with the laws of England and subject to the +exclusive jurisdiction of the English courts. + +Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 diff --git a/src/deb/latest.txt b/src/deb/latest.txt index c9ff1cd0..dcb1761c 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.8-26-43 +vesta-0.9.9-0-13 \ No newline at end of file diff --git a/src/deb/nginx/control b/src/deb/nginx/control index a263250f..86ae383a 100644 --- a/src/deb/nginx/control +++ b/src/deb/nginx/control @@ -1,10 +1,10 @@ Source: vesta-nginx Package: vesta-nginx Priority: optional -Version: 0.9.8-26 +Version: 0.9.8-26-44 Section: admin -Maintainer: Predrag Damnjanovic -Homepage: http://myvestacp.com +Maintainer: myVesta +Homepage: https://www.myvestacp.com Architecture: amd64 Depends: vesta Description: Vesta Nginx diff --git a/src/deb/nginx/copyright b/src/deb/nginx/copyright index 5f58e6bd..d6604bdf 100644 --- a/src/deb/nginx/copyright +++ b/src/deb/nginx/copyright @@ -1,9 +1,9 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: vesta-nginx -Source: http://myvestacp.com +Source: https://www.myvestacp.com Files: * -Copyright: 2019 MyVesta +Copyright: 2021 myVesta License: GPL-3.0+ Remarks: MyVesta is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin diff --git a/src/deb/php/control b/src/deb/php/control index fa32b0d5..d4298780 100644 --- a/src/deb/php/control +++ b/src/deb/php/control @@ -3,8 +3,8 @@ Package: vesta-php Priority: optional Version: 0.9.8-26 Section: admin -Maintainer: Predrag Damnjanovic -Homepage: http://myvestacp.com +Maintainer: myVesta +Homepage: https://www.myvestacp.com Architecture: amd64 Depends: vesta Description: Vesta php-fpm diff --git a/src/deb/php/copyright b/src/deb/php/copyright index af8b3c23..65ee43e2 100644 --- a/src/deb/php/copyright +++ b/src/deb/php/copyright @@ -1,9 +1,9 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: vesta-php -Source: http://myvestacp.com +Source: https://www.myvestacp.com Files: * -Copyright: 2019 MyVesta +Copyright: 2021 myVesta License: GPL-3.0+ Remarks: MyVesta is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin diff --git a/src/deb/vesta/control b/src/deb/vesta/control index 0cb5f67d..534e200a 100644 --- a/src/deb/vesta/control +++ b/src/deb/vesta/control @@ -3,8 +3,8 @@ Package: vesta Priority: optional Version: 0.9.8-26 Section: admin -Maintainer: Predrag Damnjanovic -Homepage: http://myvestacp.com +Maintainer: myVesta +Homepage: https://www.myvestacp.com Architecture: amd64 Depends: bash, awk, sed Description: Vesta diff --git a/src/deb/vesta/copyright b/src/deb/vesta/copyright index 8845a756..8930fb15 100644 --- a/src/deb/vesta/copyright +++ b/src/deb/vesta/copyright @@ -1,9 +1,9 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: vesta -Source: http://myvestacp.com +Source: https://www.myvestacp.com Files: * -Copyright: 2019 MyVesta +Copyright: 2021 myVesta License: GPL-3.0+ Remarks: MyVesta is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index acf13709..186f54d5 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -15,14 +15,303 @@ if [ ! -e "/usr/local/vesta/data/users/admin" ]; then exit fi +/usr/local/vesta/bin/v-ensure-poold-folders-not-empty + if [ ! -d "/usr/local/vesta/data/upgrades" ]; then mkdir -p /usr/local/vesta/data/upgrades fi +VESTA="/usr/local/vesta" + # show changelog after update echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# SSL fix for Apache 2.4.65+ +if [ ! -f "/usr/local/vesta/data/upgrades/fixssl.conf" ]; then + if [ "$release" -ge 11 ]; then + if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then + echo "== Fixing SSL for Apache 2.4.65+" + echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + touch /usr/local/vesta/data/upgrades/fixssl.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting Nginx" + systemctl restart nginx + fi + fi + fi +fi + +# Adding cron job for disk usage snapshot +if [ ! -f "/usr/local/vesta/data/upgrades/v-df-snapshot-make" ]; then + if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot" + command="sudo $VESTA/bin/v-df-snapshot-make" + $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/v-df-snapshot-make + systemctl restart cron.service + fi + if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot logs cleaner" + command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" + $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/v-df-snapshot-make + systemctl restart cron.service + fi +fi + +# Fixing PHP and .env permissions and ownership for all websites +if [ ! -f "/usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php" ]; then + # Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin + systemctl restart cron.service + fi + fi + echo "== Fixing PHP and .env permissions and ownership for all websites" + command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" + $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php + systemctl restart cron.service +fi + +if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then + echo "== Adding FileManager license to vesta.conf" + echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf +fi + +if [ -f "/root/.bash_profile" ]; then + if ! grep -q "v-cd-www" /root/.bash_profile; then + echo "== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile + fi +fi + +# Adding myVesta rules to SpamAssassin +if [ -d "/etc/spamassassin" ]; then + spamassassin_modified=0 + if [ ! -f "/etc/spamassassin/myvesta.cf" ]; then + touch /etc/spamassassin/myvesta.cf + fi + if ! grep -q 'RCVD_IN_RP_SAFE' /etc/spamassassin/myvesta.cf; then + echo "== Adding RCVD_IN_RP_ myVesta rules to SpamAssassin" + echo 'score RCVD_IN_RP_SAFE 0' >> /etc/spamassassin/myvesta.cf + echo 'score RCVD_IN_RP_CERTIFIED 0' >> /etc/spamassassin/myvesta.cf + spamassassin_modified=1 + fi + if ! grep -q 'SPF_FAIL' /etc/spamassassin/myvesta.cf; then + echo "== Adding SPF_FAIL myVesta rules to SpamAssassin" + cat <> /etc/spamassassin/myvesta.cf +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + spamassassin_modified=1 + fi + + if [ $spamassassin_modified -eq 1 ]; then + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') + if [ $spamassassin_running -eq 1 ]; then + echo "== Restarting SpamAssassin" + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi + fi + fi +fi + +# Adding ProFTPD to Fail2Ban +if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then + if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then + echo "== Adding ProFTPD to Fail2Ban" + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') + if [ $fail2ban_running -eq 1 ]; then + echo "== Restarting Fail2Ban" + systemctl restart fail2ban + fi + fi +fi + +# Removing SpamHaus DNSBL +if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then + sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf + touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed +fi + +# Fixing 'dh key too small' in dovecot +if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then + if grep -q 'dh key too small' /var/log/dovecot.log.1; then + if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then + echo "== Fixing 'dh key too small' in dovecot" + echo "ssl_dh=> /etc/dovecot/conf.d/10-ssl.conf + systemctl restart dovecot + fi + fi +fi + +# Patching exim4.conf for: smtputf8_advertise_hosts +if [ "$release" -ge 11 ]; then + if [ -f "/etc/exim4/exim4.conf.template" ]; then + if ! grep -q 'smtputf8_advertise_hosts' /etc/exim4/exim4.conf.template; then + echo 'Patching exim4.conf for: smtputf8_advertise_hosts' + sed -i "/^domainlist local_domains/i smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template + systemctl restart exim4 + fi + fi +fi + +# Patching exim4.conf for: Helo name contains a ip address +if [ -f "/etc/exim4/exim4.conf.template" ]; then + if grep -q 'drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid' /etc/exim4/exim4.conf.template; then + echo 'Patching exim4.conf for: Helo name contains a ip address' + patch /etc/exim4/exim4.conf.template < /usr/local/vesta/src/deb/for-download/tools/patches/exim_helo_authenticated.patch + sed -i '/telenor\.rs/d' /etc/exim4/exim4.conf.template + systemctl restart exim4 + fi +fi + +# Making sure yescrypt is disabled +if [ "$release" -ge 11 ]; then + sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password +fi + +# Creating /etc/nginx/.htpasswd if it does not exist +if [ ! -f "/etc/nginx/.htpasswd" ]; then + echo 'private:$apr1$0MYnchM5$yVi/OTfp7o3lGNst/a8.90' > /etc/nginx/.htpasswd +fi + +# Fixing Gmail hosts_try_fastopen in Exim4 +if [ "$release" -eq 11 ]; then + if [ -f "/etc/exim4/exim4.conf.template" ]; then + check_grep=$(grep -c 'hosts_try_fastopen' /etc/exim4/exim4.conf.template) + if [ "$check_grep" -eq 0 ]; then + echo "=== Fixing Gmail hosts_try_fastopen in Exim4" + FIND="dkim_strict = 0" + ADD=" hosts_try_fastopen = \!\*.l.google.com" + sed -i "s#$FIND#$FIND\n$ADD#g" /etc/exim4/exim4.conf.template + systemctl restart exim4 + fi + fi +fi + +if [ "$release" -ge 11 ]; then + check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) + if [ "$check_grep" -gt 0 ]; then + echo "=== Removing net.ipv4.tcp_window_scaling" + sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv4/tcp_window_scaling + fi +fi + +# Adding Barracuda RBL to SpamAssassin +if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then + spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin') + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') + if [ $spamassassin_installed -eq 1 ]; then + echo "== Adding Barracuda RBL to SpamAssassin" + wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf + fi + if [ $spamassassin_running -eq 1 ]; then + echo "== Restarting SpamAssassin" + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi + fi + touch /usr/local/vesta/data/upgrades/barracuda_rbl +fi + +# Checking if FreshClam is started after installation +if [ ! -f "/usr/local/vesta/data/upgrades/freshclam_start" ]; then + clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running') + freshclamdown=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-freshclam' | grep -c 'off') + if [ $clamavup -eq 1 ] && [ $freshclamdown -eq 1 ]; then + echo "== Starting FreshClam" + systemctl enable clamav-freshclam.service + systemctl start clamav-freshclam.service + fi + touch /usr/local/vesta/data/upgrades/freshclam_start +fi + +# Fix Autoreply issue with Exim 4.94+ +if [ ! -f "/usr/local/vesta/data/upgrades/fix_exim_494_autoreply" ]; then + if [ "$release" -eq 11 ]; then + touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply + if [ -f "/etc/exim4/exim4.conf.template" ]; then + echo "== Fix Autoreply issue with Exim 4.94+" + sed -i 's|file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}.msg|file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg|g' /etc/exim4/exim4.conf.template + sed -i 's| from = "${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"| from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"|g' /etc/exim4/exim4.conf.template + for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + /usr/local/vesta/bin/v-rebuild-mail-domains $user + done + systemctl restart exim4 + fi + fi +fi + +# Enabling session.cookie_httponly and session.cookie_secure in myvesta php-fpm +if [ ! -f "/usr/local/vesta/data/upgrades/enable_cookie_httponly" ]; then + touch /usr/local/vesta/data/upgrades/enable_cookie_httponly + check_grep=$(grep -c 'cookie_httponly' /usr/local/vesta/php/etc/php-fpm.conf) + if [ "$check_grep" -eq 0 ]; then + echo "== Enabling session.cookie_httponly and session.cookie_secure in myvesta php-fpm" + echo "php_admin_flag[session.cookie_httponly] = on" >> /usr/local/vesta/php/etc/php-fpm.conf + echo "php_admin_flag[session.cookie_secure] = on" >> /usr/local/vesta/php/etc/php-fpm.conf + systemctl restart vesta + fi +fi + +# Enabling TLS for ProFTPD FTPS +if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then + if [ -f "/etc/proftpd/proftpd.conf" ]; then + touch /usr/local/vesta/data/upgrades/enable-tls-in-proftpd + check_grep=$(grep -c 'tls' /etc/proftpd/proftpd.conf) + if [ "$check_grep" -eq 0 ]; then + echo "== Enabling TLS for ProFTPD FTPS" + wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf + sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf + proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running') + if [ $proftpd_running -eq 1 ]; then + echo "== Restarting ProFTPD" + systemctl restart proftpd + fi + fi + fi +fi + +# Updating CloudFlare IP addresses +if [ ! -f "/usr/local/vesta/data/upgrades/update-cloudflare-ips" ]; then + if [ -f "/etc/nginx/nginx.conf" ]; then + touch /usr/local/vesta/data/upgrades/update-cloudflare-ips + echo "== Updating CloudFlare IP addresses" + sed -i "s| set_real_ip_from 104.16.0.0\/12;| set_real_ip_from 104.16.0.0/13;\n set_real_ip_from 104.24.0.0/14;|g" /etc/nginx/nginx.conf + systemctl restart nginx + fi +fi + # Tuning of php-fpm pool.d config files (perfomances and limits) if [ ! -f "/usr/local/vesta/data/upgrades/tune-fpm-config-files-v2" ]; then touch /usr/local/vesta/data/upgrades/tune-fpm-config-files-v2 @@ -86,55 +375,76 @@ if [ "$check_cron" -eq 0 ]; then crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - fi -# make sure clamav-daemon.service has mkdir fix -if [ -f "/lib/systemd/system/clamav-daemon.service" ]; then - check_grep=$(grep -c 'mkdir' /lib/systemd/system/clamav-daemon.service) - if [ "$check_grep" -eq 0 ]; then - echo "=== patching clamav-daemon.service" - exec_pre1='ExecStartPre=-/bin/mkdir -p /var/run/clamav' - exec_pre2='ExecStartPre=-/bin/chown -R clamav:clamav /var/run/clamav' - sed -i "s|\[Service\]|[Service]\n$exec_pre1\n$exec_pre2|g" /lib/systemd/system/clamav-daemon.service - systemctl daemon-reload - systemctl restart clamav-daemon - systemctl restart clamav-freshclam - fi -fi +if [ $(systemctl list-unit-files | grep clamav-daemon | grep -c "disabled") -eq 0 ]; then + # Fixes only if ClamAV is enabled -# reverting to default clamd sock -if [ ! -f "/usr/local/vesta/data/upgrades/change-clamav-socket-v3" ]; then - touch /usr/local/vesta/data/upgrades/change-clamav-socket-v3 - if [ -f "/etc/clamav/clamd.conf" ]; then - sed -i "s#/var/lib/clamav/clamd.sock#/var/run/clamav/clamd.ctl#g" /etc/clamav/clamd.conf - if [ -f "/etc/exim4/exim4.conf.template" ]; then - sed -i "s#/var/lib/clamav/clamd.sock#/var/run/clamav/clamd.ctl#g" /etc/exim4/exim4.conf.template - fi - if [ -f "/lib/systemd/system/clamav-daemon.socket" ]; then - sed -i "s#/var/lib/clamav/clamd.sock#/run/clamav/clamd.ctl#g" /lib/systemd/system/clamav-daemon.socket - fi - systemctl daemon-reload - systemctl restart clamav-daemon - systemctl restart clamav-freshclam - if [ -f "/etc/exim4/exim4.conf.template" ]; then - systemctl restart exim4 - fi - fi -fi - -# reverting to default clamd sock -if [ ! -f "/usr/local/vesta/data/upgrades/change-clamav-socket-v4" ]; then - touch /usr/local/vesta/data/upgrades/change-clamav-socket-v4 - if [ -f "/etc/clamav/clamd.conf" ]; then - check_grep=$(grep -c '/var/lib/clamav/clamd.ctl' /etc/clamav/clamd.conf) - if [ "$check_grep" -eq 1 ]; then - sed -i "s#/var/lib/clamav/clamd.ctl#/var/run/clamav/clamd.ctl#g" /etc/clamav/clamd.conf + # make sure clamav-daemon.service has mkdir fix + if [ -f "/lib/systemd/system/clamav-daemon.service" ]; then + check_grep=$(grep -c 'mkdir' /lib/systemd/system/clamav-daemon.service) + if [ "$check_grep" -eq 0 ]; then + echo "=== patching clamav-daemon.service" + exec_pre1='ExecStartPre=-/bin/mkdir -p /var/run/clamav' + exec_pre2='ExecStartPre=-/bin/chown -R clamav:clamav /var/run/clamav' + sed -i "s|\[Service\]|[Service]\n$exec_pre1\n$exec_pre2|g" /lib/systemd/system/clamav-daemon.service + systemctl daemon-reload systemctl restart clamav-daemon + systemctl restart clamav-freshclam + fi + fi + + # reverting to default clamd sock + if [ ! -f "/usr/local/vesta/data/upgrades/change-clamav-socket-v3" ]; then + touch /usr/local/vesta/data/upgrades/change-clamav-socket-v3 + if [ -f "/etc/clamav/clamd.conf" ]; then + sed -i "s#/var/lib/clamav/clamd.sock#/var/run/clamav/clamd.ctl#g" /etc/clamav/clamd.conf + if [ -f "/etc/exim4/exim4.conf.template" ]; then + sed -i "s#/var/lib/clamav/clamd.sock#/var/run/clamav/clamd.ctl#g" /etc/exim4/exim4.conf.template + fi + if [ -f "/lib/systemd/system/clamav-daemon.socket" ]; then + sed -i "s#/var/lib/clamav/clamd.sock#/run/clamav/clamd.ctl#g" /lib/systemd/system/clamav-daemon.socket + fi + systemctl daemon-reload + systemctl restart clamav-daemon + systemctl restart clamav-freshclam + if [ -f "/etc/exim4/exim4.conf.template" ]; then + systemctl restart exim4 + fi + fi + fi + + # reverting to default clamd sock + if [ ! -f "/usr/local/vesta/data/upgrades/change-clamav-socket-v4" ]; then + touch /usr/local/vesta/data/upgrades/change-clamav-socket-v4 + if [ -f "/etc/clamav/clamd.conf" ]; then + check_grep=$(grep -c '/var/lib/clamav/clamd.ctl' /etc/clamav/clamd.conf) + if [ "$check_grep" -eq 1 ]; then + sed -i "s#/var/lib/clamav/clamd.ctl#/var/run/clamav/clamd.ctl#g" /etc/clamav/clamd.conf + systemctl restart clamav-daemon + fi + fi + fi + + # Block executable files inside zip/rar/tar archives in ClamAV + if [ ! -f "/usr/local/vesta/data/upgrades/clamav_block_exe_in_archives" ]; then + touch /usr/local/vesta/data/upgrades/clamav_block_exe_in_archives + if [ -f "/etc/exim4/exim4.conf.template" ]; then + check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template) + if [ "$check_grep" -eq 0 ]; then + folder="/var/lib/clamav" + if [ -d "$folder" ]; then + echo "=== Blocking executable files inside zip/rar/tar archives in ClamAV" + wget -nv -O $folder/foxhole_all.cdb http://c.myvestacp.com/tools/clamav/foxhole_all.cdb + chown clamav:clamav $folder/foxhole_all.cdb + service clamav-daemon restart + fi + fi fi fi fi # Making sure mpm_event will stay -if [ ! -f "/usr/local/vesta/data/upgrades/keeping-mpm-event-2" ]; then - touch /usr/local/vesta/data/upgrades/keeping-mpm-event-2 +if [ ! -f "/usr/local/vesta/data/upgrades/keeping-mpm-event-3" ]; then + touch /usr/local/vesta/data/upgrades/keeping-mpm-event-3 echo "=== scheduling keeping-mpm-event check script" echo "bash /usr/local/vesta/upd/keep_mpm_event.sh 'background' >> /usr/local/vesta/data/upgrades/keeping-mpm-event.log 2>&1" >> /usr/local/vesta/data/queue/restart.pipe /usr/local/vesta/bin/v-add-cron-restart-job > /dev/null 2>&1 @@ -149,23 +459,6 @@ if [ "$release" -eq 9 ] || [ "$release" -eq 10 ]; then fi fi -# Block executable files inside zip/rar/tar archives in ClamAV -if [ ! -f "/usr/local/vesta/data/upgrades/clamav_block_exe_in_archives" ]; then - touch /usr/local/vesta/data/upgrades/clamav_block_exe_in_archives - if [ -f "/etc/exim4/exim4.conf.template" ]; then - check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template) - if [ "$check_grep" -eq 0 ]; then - folder="/var/lib/clamav" - if [ -d "$folder" ]; then - echo "=== Blocking executable files inside zip/rar/tar archives in ClamAV" - wget -nv -O $folder/foxhole_all.cdb http://c.myvestacp.com/tools/clamav/foxhole_all.cdb - chown clamav:clamav $folder/foxhole_all.cdb - service clamav-daemon restart - fi - fi - fi -fi - # Clearing letsencrypt pipe if [ ! -f "/usr/local/vesta/data/upgrades/clearing-letsencrypt-pipe" ]; then touch /usr/local/vesta/data/upgrades/clearing-letsencrypt-pipe diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index d266d228..2d0e4874 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -7,8 +7,8 @@ build_deb_package=1 add_deb_to_apt_repo=0 -TARGET_DEB_NAME='buster' -TARGET_DEB_VER='10' +TARGET_DEB_NAME='trixie' +TARGET_DEB_VER='13' run_apt_update_and_install=1 wait_to_press_enter=1 @@ -29,10 +29,10 @@ if [ $# -gt 4 ]; then add_deb_to_apt_repo=$5 fi -MAINTAINER_EMAIL='predrag@myvestacp.com' +MAINTAINER_EMAIL='info@myvestacp.com' -TARGET_DEB_NAME_MAIN='buster' -TARGET_DEB_VER_MAIN='10' +TARGET_DEB_NAME_MAIN='trixie' +TARGET_DEB_VER_MAIN='13' # Set compiling directory BUILD_DIR="/usr/src/$TARGET_DEB_NAME" @@ -58,21 +58,32 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" -NGINX_V='1.17.7' -OPENSSL_V='1.1.1d' -PCRE_V='8.43' -ZLIB_V='1.2.11' -PHP_V='5.6.40' + +NGINX_V='1.29.1' +PHP_V='8.4.11' +OPENSSL_V='1.1.1w' +PCRE_V='8.45' +ZLIB_V='1.3.1' # Generate Links for sourcecode NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz' OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz' -PCRE='https://ftp.pcre.org/pub/pcre/pcre-'$PCRE_V'.tar.gz' -ZLIB='https://www.zlib.net/zlib-'$ZLIB_V'.tar.gz' -PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz' +# PRCE got moved to sourceforce.net +# PRCE2 in the feature use +# PCRE='https://github.com/PCRE2Project/pcre2/releases/download/pcre2-'$PCRE_V'/pcre2-'$PCRE_V'.tar.gz' +PCRE='https://sourceforge.net/projects/pcre/files/pcre/'$PCRE_V'/pcre-'$PCRE_V'.tar.gz/download' +# Zlib moved archives to Github +ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz' +PHP='https://www.php.net/distributions/php-'$PHP_V'.tar.gz' # Set package dependencies for compiling -SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + +if [ "$release" -lt 12 ]; then + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' +else + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync libsqlite3-dev libonig-dev' +fi function press_enter { if [ $wait_to_press_enter -eq 1 ]; then @@ -117,7 +128,10 @@ if [ $run_apt_update_and_install -eq 1 ]; then apt-get -qq install -y $SOFTWARE # Fix for Debian PHP Envroiment - if [ ! -e /usr/local/include/curl ]; then + if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then + ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl + fi + if [ ! -e /usr/local/include/curl ] && [ "$release" -eq 13 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi press_enter "=== Press enter to continue ===============================================================================" @@ -243,11 +257,18 @@ Pull: $TARGET_DEB_NAME EOF if [ ! -d "/root/.gnupg" ]; then - gpg --gen-key + gpg --full-gen-key gpg --armor --export $MAINTAINER_EMAIL --output $MAINTAINER_EMAIL.gpg.key press_enter "*** please copy above generated key to your clipboard and then paste it after pressing enter now ***" vi $PATH_OF_APT_REPO_ROOT/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/13/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/12/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/11/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/10/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/9/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/8/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/7/deb_signing.key fi echo "=== All done" @@ -376,7 +397,91 @@ if [ "$CWEB_B" = true ]; then tar -czf dovecot.tar.gz dovecot/ echo "=== All done for Debian10" ########## + cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/11 + + if [ -f "packages.tar.gz" ]; then + rm packages.tar.gz + fi + tar -czf packages.tar.gz packages/ + + if [ -f "templates.tar.gz" ]; then + rm templates.tar.gz + fi + tar -czf templates.tar.gz templates/ + + if [ -f "firewall.tar.gz" ]; then + rm firewall.tar.gz + fi + tar -czf firewall.tar.gz firewall/ + if [ -f "fail2ban.tar.gz" ]; then + rm fail2ban.tar.gz + fi + tar -czf fail2ban.tar.gz fail2ban/ + + if [ -f "dovecot.tar.gz" ]; then + rm dovecot.tar.gz + fi + tar -czf dovecot.tar.gz dovecot/ + echo "=== All done for Debian11" + ########## + cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/12 + + if [ -f "packages.tar.gz" ]; then + rm packages.tar.gz + fi + tar -czf packages.tar.gz packages/ + + if [ -f "templates.tar.gz" ]; then + rm templates.tar.gz + fi + tar -czf templates.tar.gz templates/ + + if [ -f "firewall.tar.gz" ]; then + rm firewall.tar.gz + fi + tar -czf firewall.tar.gz firewall/ + + if [ -f "fail2ban.tar.gz" ]; then + rm fail2ban.tar.gz + fi + tar -czf fail2ban.tar.gz fail2ban/ + + if [ -f "dovecot.tar.gz" ]; then + rm dovecot.tar.gz + fi + tar -czf dovecot.tar.gz dovecot/ + echo "=== All done for Debian12" + ########## + cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/13 + + if [ -f "packages.tar.gz" ]; then + rm packages.tar.gz + fi + tar -czf packages.tar.gz packages/ + + if [ -f "templates.tar.gz" ]; then + rm templates.tar.gz + fi + tar -czf templates.tar.gz templates/ + + if [ -f "firewall.tar.gz" ]; then + rm firewall.tar.gz + fi + tar -czf firewall.tar.gz firewall/ + + if [ -f "fail2ban.tar.gz" ]; then + rm fail2ban.tar.gz + fi + tar -czf fail2ban.tar.gz fail2ban/ + + if [ -f "dovecot.tar.gz" ]; then + rm dovecot.tar.gz + fi + tar -czf dovecot.tar.gz dovecot/ + echo "=== All done for Debian13" + ########## + cp /root/vesta/install/vst-install-debian.sh $PATH_OF_C_WEB_FOLDER_ROOT/vst-install-debian.sh mkdir $PATH_OF_C_WEB_FOLDER_ROOT/tools @@ -426,7 +531,7 @@ if [ "$NGINX_B" = true ]; then --with-openssl-opt=no-weak-ssl-ciphers \ --with-openssl-opt=no-ssl3 \ --with-pcre=../pcre-$PCRE_V \ - --with-pcre-jit \ + --with-pcre-jit \ --with-zlib=../zlib-$ZLIB_V # Check install directory and remove if exists @@ -469,7 +574,11 @@ if [ "$NGINX_B" = true ]; then echo "=== Get nginx.conf" cd $BUILD_DIR/vesta-nginx_$VESTA_V - cp /root/vesta/src/deb/for-download/nginx/nginx.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + if [ "$release" -lt 12 ]; then + cp /root/vesta/src/deb/for-download/nginx/nginx.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + else + cp /root/vesta/src/deb/for-download/nginx/nginx-deb12.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + fi # if [ $BUILDING_NOW -eq 1 ]; then echo "=== copy binary" @@ -517,11 +626,10 @@ if [ "$PHP_B" = true ]; then --with-zlib \ --with-fpm-user=admin \ --with-fpm-group=admin \ - --with-mysql \ --with-mysqli \ --with-curl \ --enable-mbstring \ - --with-mysql-sock=/var/run/mysqld/mysqld.sock + --with-mysql-sock=/var/run/mysqld/mysqld.sock # Check install directory and remove if exists if [ -d $INSTALL_DIR/php ]; then @@ -529,7 +637,7 @@ if [ "$PHP_B" = true ]; then fi press_enter "=== Press enter to compile PHP ===============================================================================" - + make && make install press_enter "=== Press enter to continue ===============================================================================" diff --git a/upd/keep_mpm_event.sh b/upd/keep_mpm_event.sh index 36ccae5f..9095a601 100644 --- a/upd/keep_mpm_event.sh +++ b/upd/keep_mpm_event.sh @@ -21,8 +21,8 @@ if [ "$1" = 'background' ]; then if [ "$check_grep" -eq 1 ]; then echo "=== OK, we have Apache2" release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -eq 10 ]; then - echo "=== OK, it's Debian 10" + if [ "$release" -ge 10 ]; then + echo "=== OK, it's Debian 10 or 11" switch_to_mpm_event=1 else check_grep=$(/usr/local/vesta/bin/v-list-sys-web-status | grep -c "Server MPM: event") @@ -40,6 +40,7 @@ fi if [ "$switch_to_mpm_event" -eq 1 ]; then echo "=== OK, let's ensure mpm_event" + a2dismod ruid2 > /dev/null 2>&1 a2dismod suexec > /dev/null 2>&1 a2dismod php5.6 > /dev/null 2>&1 @@ -49,10 +50,10 @@ if [ "$switch_to_mpm_event" -eq 1 ]; then a2dismod php7.3 > /dev/null 2>&1 a2dismod php7.4 > /dev/null 2>&1 a2dismod php8.0 > /dev/null 2>&1 + a2dismod php8.1 > /dev/null 2>&1 a2dismod mpm_prefork > /dev/null 2>&1 a2enmod mpm_event > /dev/null 2>&1 - apt-get -y remove libapache2-mod-php7.4 > /dev/null 2>&1 - apt-get -y remove libapache2-mod-php8.0 > /dev/null 2>&1 + apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 service apache2 restart echo "=== Done!" fi diff --git a/web/add/db/index.php b/web/add/db/index.php index 68f66b4a..e0529b32 100644 --- a/web/add/db/index.php +++ b/web/add/db/index.php @@ -98,7 +98,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',htmlentities($user)."_".htmlentities($_POST['v_database']),htmlentities($user)."_".htmlentities($_POST['v_database'])); - $_SESSION['ok_msg'] .= " / " . __('open %s',$db_admin) . ""; + $_SESSION['ok_msg'] .= " / " . __('open %s',$db_admin) . ""; unset($v_database); unset($v_dbuser); unset($v_password); diff --git a/web/add/dns/index.php b/web/add/dns/index.php index 7c18faab..b9e47abe 100644 --- a/web/add/dns/index.php +++ b/web/add/dns/index.php @@ -80,7 +80,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); unset($v_domain); } } @@ -128,7 +128,7 @@ if (!empty($_POST['ok_rec'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); unset($v_domain); unset($v_rec); unset($v_val); diff --git a/web/add/favorite/index.php b/web/add/favorite/index.php index e9f2e828..a3054d99 100644 --- a/web/add/favorite/index.php +++ b/web/add/favorite/index.php @@ -7,10 +7,9 @@ session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); // Check token -// if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { -// header('location: /login/'); -// exit(); -// } +if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token"); +} // Protect input $v_section = escapeshellarg($_REQUEST['v_section']); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index b260b465..6a8b6e9f 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -186,8 +186,8 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; unset($v_account); unset($v_password); unset($v_password); diff --git a/web/add/user/index.php b/web/add/user/index.php index 1ed521e3..b51f587d 100644 --- a/web/add/user/index.php +++ b/web/add/user/index.php @@ -100,7 +100,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { $_SESSION['ok_msg'] = __('USER_CREATED_OK',htmlentities($_POST['v_username']),htmlentities($_POST['v_username'])); - $_SESSION['ok_msg'] .= " / " . __('login as') ." ".htmlentities($_POST['v_username']). ""; + $_SESSION['ok_msg'] .= " / " . __('login as') ." ".htmlentities($_POST['v_username']). ""; unset($v_username); unset($v_password); unset($v_email); diff --git a/web/add/web/index.php b/web/add/web/index.php index d77b8f40..e11cff23 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -323,7 +323,7 @@ if (!empty($_POST['ok'])) { } if (!empty($_SESSION['error_msg']) && $domain_added) { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); $_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); header('Location: ' . $url); diff --git a/web/css/fonts/awesome5/fa-brands-400.svg b/web/css/fonts/awesome5/fa-brands-400.svg new file mode 100644 index 00000000..46ad237a --- /dev/null +++ b/web/css/fonts/awesome5/fa-brands-400.svg @@ -0,0 +1,3570 @@ + + + + + +Created by FontForge 20190801 at Mon Mar 23 10:45:51 2020 + By Robert Madole +Copyright (c) Font Awesome + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/web/css/fonts/awesome5/fa-brands-400.ttf b/web/css/fonts/awesome5/fa-brands-400.ttf new file mode 100644 index 00000000..948a2a6c Binary files /dev/null and b/web/css/fonts/awesome5/fa-brands-400.ttf differ diff --git a/web/css/fonts/awesome5/fa-brands-400.woff b/web/css/fonts/awesome5/fa-brands-400.woff new file mode 100644 index 00000000..2a89d521 Binary files /dev/null and b/web/css/fonts/awesome5/fa-brands-400.woff differ diff --git a/web/css/fonts/awesome5/fa-brands-400.woff2 b/web/css/fonts/awesome5/fa-brands-400.woff2 new file mode 100644 index 00000000..141a90a9 Binary files /dev/null and b/web/css/fonts/awesome5/fa-brands-400.woff2 differ diff --git a/web/css/fonts/awesome5/fa-regular-400.eot b/web/css/fonts/awesome5/fa-regular-400.eot new file mode 100644 index 00000000..38cf2517 Binary files /dev/null and b/web/css/fonts/awesome5/fa-regular-400.eot differ diff --git a/web/css/fonts/awesome5/fa-regular-400.svg b/web/css/fonts/awesome5/fa-regular-400.svg new file mode 100644 index 00000000..48634a9a --- /dev/null +++ b/web/css/fonts/awesome5/fa-regular-400.svg @@ -0,0 +1,803 @@ + + + + + +Created by FontForge 20190801 at Mon Mar 23 10:45:51 2020 + By Robert Madole +Copyright (c) Font Awesome + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/web/css/fonts/awesome5/fa-regular-400.ttf b/web/css/fonts/awesome5/fa-regular-400.ttf new file mode 100644 index 00000000..abe99e20 Binary files /dev/null and b/web/css/fonts/awesome5/fa-regular-400.ttf differ diff --git a/web/css/fonts/awesome5/fa-regular-400.woff b/web/css/fonts/awesome5/fa-regular-400.woff new file mode 100644 index 00000000..24de566a Binary files /dev/null and b/web/css/fonts/awesome5/fa-regular-400.woff differ diff --git a/web/css/fonts/awesome5/fa-regular-400.woff2 b/web/css/fonts/awesome5/fa-regular-400.woff2 new file mode 100644 index 00000000..7e0118e5 Binary files /dev/null and b/web/css/fonts/awesome5/fa-regular-400.woff2 differ diff --git a/web/css/fonts/awesome5/fa-solid-900.eot b/web/css/fonts/awesome5/fa-solid-900.eot new file mode 100644 index 00000000..d3b77c22 Binary files /dev/null and b/web/css/fonts/awesome5/fa-solid-900.eot differ diff --git a/web/css/fonts/awesome5/fa-solid-900.ttf b/web/css/fonts/awesome5/fa-solid-900.ttf new file mode 100644 index 00000000..5b979039 Binary files /dev/null and b/web/css/fonts/awesome5/fa-solid-900.ttf differ diff --git a/web/css/fonts/awesome5/fa-solid-900.woff b/web/css/fonts/awesome5/fa-solid-900.woff new file mode 100644 index 00000000..beec7917 Binary files /dev/null and b/web/css/fonts/awesome5/fa-solid-900.woff differ diff --git a/web/css/fonts/awesome5/fa-solid-900.woff2 b/web/css/fonts/awesome5/fa-solid-900.woff2 new file mode 100644 index 00000000..978a681a Binary files /dev/null and b/web/css/fonts/awesome5/fa-solid-900.woff2 differ diff --git a/web/css/fonts/font_awesome5.css b/web/css/fonts/font_awesome5.css new file mode 100644 index 00000000..d299e20b --- /dev/null +++ b/web/css/fonts/font_awesome5.css @@ -0,0 +1,5 @@ +/*! + * Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com + * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) + */ +.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa.fa-pull-left,.fab.fa-pull-left,.fal.fa-pull-left,.far.fa-pull-left,.fas.fa-pull-left{margin-right:.3em}.fa.fa-pull-right,.fab.fa-pull-right,.fal.fa-pull-right,.far.fa-pull-right,.fas.fa-pull-right{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical,.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)"}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical{-webkit-transform:scale(-1);transform:scale(-1)}:root .fa-flip-both,:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{-webkit-filter:none;filter:none}.fa-stack{display:inline-block;height:2em;line-height:2em;position:relative;vertical-align:middle;width:2.5em}.fa-stack-1x,.fa-stack-2x{left:0;position:absolute;text-align:center;width:100%}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-500px:before{content:"\f26e"}.fa-accessible-icon:before{content:"\f368"}.fa-accusoft:before{content:"\f369"}.fa-acquisitions-incorporated:before{content:"\f6af"}.fa-ad:before{content:"\f641"}.fa-address-book:before{content:"\f2b9"}.fa-address-card:before{content:"\f2bb"}.fa-adjust:before{content:"\f042"}.fa-adn:before{content:"\f170"}.fa-adobe:before{content:"\f778"}.fa-adversal:before{content:"\f36a"}.fa-affiliatetheme:before{content:"\f36b"}.fa-air-freshener:before{content:"\f5d0"}.fa-airbnb:before{content:"\f834"}.fa-algolia:before{content:"\f36c"}.fa-align-center:before{content:"\f037"}.fa-align-justify:before{content:"\f039"}.fa-align-left:before{content:"\f036"}.fa-align-right:before{content:"\f038"}.fa-alipay:before{content:"\f642"}.fa-allergies:before{content:"\f461"}.fa-amazon:before{content:"\f270"}.fa-amazon-pay:before{content:"\f42c"}.fa-ambulance:before{content:"\f0f9"}.fa-american-sign-language-interpreting:before{content:"\f2a3"}.fa-amilia:before{content:"\f36d"}.fa-anchor:before{content:"\f13d"}.fa-android:before{content:"\f17b"}.fa-angellist:before{content:"\f209"}.fa-angle-double-down:before{content:"\f103"}.fa-angle-double-left:before{content:"\f100"}.fa-angle-double-right:before{content:"\f101"}.fa-angle-double-up:before{content:"\f102"}.fa-angle-down:before{content:"\f107"}.fa-angle-left:before{content:"\f104"}.fa-angle-right:before{content:"\f105"}.fa-angle-up:before{content:"\f106"}.fa-angry:before{content:"\f556"}.fa-angrycreative:before{content:"\f36e"}.fa-angular:before{content:"\f420"}.fa-ankh:before{content:"\f644"}.fa-app-store:before{content:"\f36f"}.fa-app-store-ios:before{content:"\f370"}.fa-apper:before{content:"\f371"}.fa-apple:before{content:"\f179"}.fa-apple-alt:before{content:"\f5d1"}.fa-apple-pay:before{content:"\f415"}.fa-archive:before{content:"\f187"}.fa-archway:before{content:"\f557"}.fa-arrow-alt-circle-down:before{content:"\f358"}.fa-arrow-alt-circle-left:before{content:"\f359"}.fa-arrow-alt-circle-right:before{content:"\f35a"}.fa-arrow-alt-circle-up:before{content:"\f35b"}.fa-arrow-circle-down:before{content:"\f0ab"}.fa-arrow-circle-left:before{content:"\f0a8"}.fa-arrow-circle-right:before{content:"\f0a9"}.fa-arrow-circle-up:before{content:"\f0aa"}.fa-arrow-down:before{content:"\f063"}.fa-arrow-left:before{content:"\f060"}.fa-arrow-right:before{content:"\f061"}.fa-arrow-up:before{content:"\f062"}.fa-arrows-alt:before{content:"\f0b2"}.fa-arrows-alt-h:before{content:"\f337"}.fa-arrows-alt-v:before{content:"\f338"}.fa-artstation:before{content:"\f77a"}.fa-assistive-listening-systems:before{content:"\f2a2"}.fa-asterisk:before{content:"\f069"}.fa-asymmetrik:before{content:"\f372"}.fa-at:before{content:"\f1fa"}.fa-atlas:before{content:"\f558"}.fa-atlassian:before{content:"\f77b"}.fa-atom:before{content:"\f5d2"}.fa-audible:before{content:"\f373"}.fa-audio-description:before{content:"\f29e"}.fa-autoprefixer:before{content:"\f41c"}.fa-avianex:before{content:"\f374"}.fa-aviato:before{content:"\f421"}.fa-award:before{content:"\f559"}.fa-aws:before{content:"\f375"}.fa-baby:before{content:"\f77c"}.fa-baby-carriage:before{content:"\f77d"}.fa-backspace:before{content:"\f55a"}.fa-backward:before{content:"\f04a"}.fa-bacon:before{content:"\f7e5"}.fa-bahai:before{content:"\f666"}.fa-balance-scale:before{content:"\f24e"}.fa-balance-scale-left:before{content:"\f515"}.fa-balance-scale-right:before{content:"\f516"}.fa-ban:before{content:"\f05e"}.fa-band-aid:before{content:"\f462"}.fa-bandcamp:before{content:"\f2d5"}.fa-barcode:before{content:"\f02a"}.fa-bars:before{content:"\f0c9"}.fa-baseball-ball:before{content:"\f433"}.fa-basketball-ball:before{content:"\f434"}.fa-bath:before{content:"\f2cd"}.fa-battery-empty:before{content:"\f244"}.fa-battery-full:before{content:"\f240"}.fa-battery-half:before{content:"\f242"}.fa-battery-quarter:before{content:"\f243"}.fa-battery-three-quarters:before{content:"\f241"}.fa-battle-net:before{content:"\f835"}.fa-bed:before{content:"\f236"}.fa-beer:before{content:"\f0fc"}.fa-behance:before{content:"\f1b4"}.fa-behance-square:before{content:"\f1b5"}.fa-bell:before{content:"\f0f3"}.fa-bell-slash:before{content:"\f1f6"}.fa-bezier-curve:before{content:"\f55b"}.fa-bible:before{content:"\f647"}.fa-bicycle:before{content:"\f206"}.fa-biking:before{content:"\f84a"}.fa-bimobject:before{content:"\f378"}.fa-binoculars:before{content:"\f1e5"}.fa-biohazard:before{content:"\f780"}.fa-birthday-cake:before{content:"\f1fd"}.fa-bitbucket:before{content:"\f171"}.fa-bitcoin:before{content:"\f379"}.fa-bity:before{content:"\f37a"}.fa-black-tie:before{content:"\f27e"}.fa-blackberry:before{content:"\f37b"}.fa-blender:before{content:"\f517"}.fa-blender-phone:before{content:"\f6b6"}.fa-blind:before{content:"\f29d"}.fa-blog:before{content:"\f781"}.fa-blogger:before{content:"\f37c"}.fa-blogger-b:before{content:"\f37d"}.fa-bluetooth:before{content:"\f293"}.fa-bluetooth-b:before{content:"\f294"}.fa-bold:before{content:"\f032"}.fa-bolt:before{content:"\f0e7"}.fa-bomb:before{content:"\f1e2"}.fa-bone:before{content:"\f5d7"}.fa-bong:before{content:"\f55c"}.fa-book:before{content:"\f02d"}.fa-book-dead:before{content:"\f6b7"}.fa-book-medical:before{content:"\f7e6"}.fa-book-open:before{content:"\f518"}.fa-book-reader:before{content:"\f5da"}.fa-bookmark:before{content:"\f02e"}.fa-bootstrap:before{content:"\f836"}.fa-border-all:before{content:"\f84c"}.fa-border-none:before{content:"\f850"}.fa-border-style:before{content:"\f853"}.fa-bowling-ball:before{content:"\f436"}.fa-box:before{content:"\f466"}.fa-box-open:before{content:"\f49e"}.fa-box-tissue:before{content:"\f95b"}.fa-boxes:before{content:"\f468"}.fa-braille:before{content:"\f2a1"}.fa-brain:before{content:"\f5dc"}.fa-bread-slice:before{content:"\f7ec"}.fa-briefcase:before{content:"\f0b1"}.fa-briefcase-medical:before{content:"\f469"}.fa-broadcast-tower:before{content:"\f519"}.fa-broom:before{content:"\f51a"}.fa-brush:before{content:"\f55d"}.fa-btc:before{content:"\f15a"}.fa-buffer:before{content:"\f837"}.fa-bug:before{content:"\f188"}.fa-building:before{content:"\f1ad"}.fa-bullhorn:before{content:"\f0a1"}.fa-bullseye:before{content:"\f140"}.fa-burn:before{content:"\f46a"}.fa-buromobelexperte:before{content:"\f37f"}.fa-bus:before{content:"\f207"}.fa-bus-alt:before{content:"\f55e"}.fa-business-time:before{content:"\f64a"}.fa-buy-n-large:before{content:"\f8a6"}.fa-buysellads:before{content:"\f20d"}.fa-calculator:before{content:"\f1ec"}.fa-calendar:before{content:"\f133"}.fa-calendar-alt:before{content:"\f073"}.fa-calendar-check:before{content:"\f274"}.fa-calendar-day:before{content:"\f783"}.fa-calendar-minus:before{content:"\f272"}.fa-calendar-plus:before{content:"\f271"}.fa-calendar-times:before{content:"\f273"}.fa-calendar-week:before{content:"\f784"}.fa-camera:before{content:"\f030"}.fa-camera-retro:before{content:"\f083"}.fa-campground:before{content:"\f6bb"}.fa-canadian-maple-leaf:before{content:"\f785"}.fa-candy-cane:before{content:"\f786"}.fa-cannabis:before{content:"\f55f"}.fa-capsules:before{content:"\f46b"}.fa-car:before{content:"\f1b9"}.fa-car-alt:before{content:"\f5de"}.fa-car-battery:before{content:"\f5df"}.fa-car-crash:before{content:"\f5e1"}.fa-car-side:before{content:"\f5e4"}.fa-caravan:before{content:"\f8ff"}.fa-caret-down:before{content:"\f0d7"}.fa-caret-left:before{content:"\f0d9"}.fa-caret-right:before{content:"\f0da"}.fa-caret-square-down:before{content:"\f150"}.fa-caret-square-left:before{content:"\f191"}.fa-caret-square-right:before{content:"\f152"}.fa-caret-square-up:before{content:"\f151"}.fa-caret-up:before{content:"\f0d8"}.fa-carrot:before{content:"\f787"}.fa-cart-arrow-down:before{content:"\f218"}.fa-cart-plus:before{content:"\f217"}.fa-cash-register:before{content:"\f788"}.fa-cat:before{content:"\f6be"}.fa-cc-amazon-pay:before{content:"\f42d"}.fa-cc-amex:before{content:"\f1f3"}.fa-cc-apple-pay:before{content:"\f416"}.fa-cc-diners-club:before{content:"\f24c"}.fa-cc-discover:before{content:"\f1f2"}.fa-cc-jcb:before{content:"\f24b"}.fa-cc-mastercard:before{content:"\f1f1"}.fa-cc-paypal:before{content:"\f1f4"}.fa-cc-stripe:before{content:"\f1f5"}.fa-cc-visa:before{content:"\f1f0"}.fa-centercode:before{content:"\f380"}.fa-centos:before{content:"\f789"}.fa-certificate:before{content:"\f0a3"}.fa-chair:before{content:"\f6c0"}.fa-chalkboard:before{content:"\f51b"}.fa-chalkboard-teacher:before{content:"\f51c"}.fa-charging-station:before{content:"\f5e7"}.fa-chart-area:before{content:"\f1fe"}.fa-chart-bar:before{content:"\f080"}.fa-chart-line:before{content:"\f201"}.fa-chart-pie:before{content:"\f200"}.fa-check:before{content:"\f00c"}.fa-check-circle:before{content:"\f058"}.fa-check-double:before{content:"\f560"}.fa-check-square:before{content:"\f14a"}.fa-cheese:before{content:"\f7ef"}.fa-chess:before{content:"\f439"}.fa-chess-bishop:before{content:"\f43a"}.fa-chess-board:before{content:"\f43c"}.fa-chess-king:before{content:"\f43f"}.fa-chess-knight:before{content:"\f441"}.fa-chess-pawn:before{content:"\f443"}.fa-chess-queen:before{content:"\f445"}.fa-chess-rook:before{content:"\f447"}.fa-chevron-circle-down:before{content:"\f13a"}.fa-chevron-circle-left:before{content:"\f137"}.fa-chevron-circle-right:before{content:"\f138"}.fa-chevron-circle-up:before{content:"\f139"}.fa-chevron-down:before{content:"\f078"}.fa-chevron-left:before{content:"\f053"}.fa-chevron-right:before{content:"\f054"}.fa-chevron-up:before{content:"\f077"}.fa-child:before{content:"\f1ae"}.fa-chrome:before{content:"\f268"}.fa-chromecast:before{content:"\f838"}.fa-church:before{content:"\f51d"}.fa-circle:before{content:"\f111"}.fa-circle-notch:before{content:"\f1ce"}.fa-city:before{content:"\f64f"}.fa-clinic-medical:before{content:"\f7f2"}.fa-clipboard:before{content:"\f328"}.fa-clipboard-check:before{content:"\f46c"}.fa-clipboard-list:before{content:"\f46d"}.fa-clock:before{content:"\f017"}.fa-clone:before{content:"\f24d"}.fa-closed-captioning:before{content:"\f20a"}.fa-cloud:before{content:"\f0c2"}.fa-cloud-download-alt:before{content:"\f381"}.fa-cloud-meatball:before{content:"\f73b"}.fa-cloud-moon:before{content:"\f6c3"}.fa-cloud-moon-rain:before{content:"\f73c"}.fa-cloud-rain:before{content:"\f73d"}.fa-cloud-showers-heavy:before{content:"\f740"}.fa-cloud-sun:before{content:"\f6c4"}.fa-cloud-sun-rain:before{content:"\f743"}.fa-cloud-upload-alt:before{content:"\f382"}.fa-cloudscale:before{content:"\f383"}.fa-cloudsmith:before{content:"\f384"}.fa-cloudversify:before{content:"\f385"}.fa-cocktail:before{content:"\f561"}.fa-code:before{content:"\f121"}.fa-code-branch:before{content:"\f126"}.fa-codepen:before{content:"\f1cb"}.fa-codiepie:before{content:"\f284"}.fa-coffee:before{content:"\f0f4"}.fa-cog:before{content:"\f013"}.fa-cogs:before{content:"\f085"}.fa-coins:before{content:"\f51e"}.fa-columns:before{content:"\f0db"}.fa-comment:before{content:"\f075"}.fa-comment-alt:before{content:"\f27a"}.fa-comment-dollar:before{content:"\f651"}.fa-comment-dots:before{content:"\f4ad"}.fa-comment-medical:before{content:"\f7f5"}.fa-comment-slash:before{content:"\f4b3"}.fa-comments:before{content:"\f086"}.fa-comments-dollar:before{content:"\f653"}.fa-compact-disc:before{content:"\f51f"}.fa-compass:before{content:"\f14e"}.fa-compress:before{content:"\f066"}.fa-compress-alt:before{content:"\f422"}.fa-compress-arrows-alt:before{content:"\f78c"}.fa-concierge-bell:before{content:"\f562"}.fa-confluence:before{content:"\f78d"}.fa-connectdevelop:before{content:"\f20e"}.fa-contao:before{content:"\f26d"}.fa-cookie:before{content:"\f563"}.fa-cookie-bite:before{content:"\f564"}.fa-copy:before{content:"\f0c5"}.fa-copyright:before{content:"\f1f9"}.fa-cotton-bureau:before{content:"\f89e"}.fa-couch:before{content:"\f4b8"}.fa-cpanel:before{content:"\f388"}.fa-creative-commons:before{content:"\f25e"}.fa-creative-commons-by:before{content:"\f4e7"}.fa-creative-commons-nc:before{content:"\f4e8"}.fa-creative-commons-nc-eu:before{content:"\f4e9"}.fa-creative-commons-nc-jp:before{content:"\f4ea"}.fa-creative-commons-nd:before{content:"\f4eb"}.fa-creative-commons-pd:before{content:"\f4ec"}.fa-creative-commons-pd-alt:before{content:"\f4ed"}.fa-creative-commons-remix:before{content:"\f4ee"}.fa-creative-commons-sa:before{content:"\f4ef"}.fa-creative-commons-sampling:before{content:"\f4f0"}.fa-creative-commons-sampling-plus:before{content:"\f4f1"}.fa-creative-commons-share:before{content:"\f4f2"}.fa-creative-commons-zero:before{content:"\f4f3"}.fa-credit-card:before{content:"\f09d"}.fa-critical-role:before{content:"\f6c9"}.fa-crop:before{content:"\f125"}.fa-crop-alt:before{content:"\f565"}.fa-cross:before{content:"\f654"}.fa-crosshairs:before{content:"\f05b"}.fa-crow:before{content:"\f520"}.fa-crown:before{content:"\f521"}.fa-crutch:before{content:"\f7f7"}.fa-css3:before{content:"\f13c"}.fa-css3-alt:before{content:"\f38b"}.fa-cube:before{content:"\f1b2"}.fa-cubes:before{content:"\f1b3"}.fa-cut:before{content:"\f0c4"}.fa-cuttlefish:before{content:"\f38c"}.fa-d-and-d:before{content:"\f38d"}.fa-d-and-d-beyond:before{content:"\f6ca"}.fa-dailymotion:before{content:"\f952"}.fa-dashcube:before{content:"\f210"}.fa-database:before{content:"\f1c0"}.fa-deaf:before{content:"\f2a4"}.fa-delicious:before{content:"\f1a5"}.fa-democrat:before{content:"\f747"}.fa-deploydog:before{content:"\f38e"}.fa-deskpro:before{content:"\f38f"}.fa-desktop:before{content:"\f108"}.fa-dev:before{content:"\f6cc"}.fa-deviantart:before{content:"\f1bd"}.fa-dharmachakra:before{content:"\f655"}.fa-dhl:before{content:"\f790"}.fa-diagnoses:before{content:"\f470"}.fa-diaspora:before{content:"\f791"}.fa-dice:before{content:"\f522"}.fa-dice-d20:before{content:"\f6cf"}.fa-dice-d6:before{content:"\f6d1"}.fa-dice-five:before{content:"\f523"}.fa-dice-four:before{content:"\f524"}.fa-dice-one:before{content:"\f525"}.fa-dice-six:before{content:"\f526"}.fa-dice-three:before{content:"\f527"}.fa-dice-two:before{content:"\f528"}.fa-digg:before{content:"\f1a6"}.fa-digital-ocean:before{content:"\f391"}.fa-digital-tachograph:before{content:"\f566"}.fa-directions:before{content:"\f5eb"}.fa-discord:before{content:"\f392"}.fa-discourse:before{content:"\f393"}.fa-disease:before{content:"\f7fa"}.fa-divide:before{content:"\f529"}.fa-dizzy:before{content:"\f567"}.fa-dna:before{content:"\f471"}.fa-dochub:before{content:"\f394"}.fa-docker:before{content:"\f395"}.fa-dog:before{content:"\f6d3"}.fa-dollar-sign:before{content:"\f155"}.fa-dolly:before{content:"\f472"}.fa-dolly-flatbed:before{content:"\f474"}.fa-donate:before{content:"\f4b9"}.fa-door-closed:before{content:"\f52a"}.fa-door-open:before{content:"\f52b"}.fa-dot-circle:before{content:"\f192"}.fa-dove:before{content:"\f4ba"}.fa-download:before{content:"\f019"}.fa-draft2digital:before{content:"\f396"}.fa-drafting-compass:before{content:"\f568"}.fa-dragon:before{content:"\f6d5"}.fa-draw-polygon:before{content:"\f5ee"}.fa-dribbble:before{content:"\f17d"}.fa-dribbble-square:before{content:"\f397"}.fa-dropbox:before{content:"\f16b"}.fa-drum:before{content:"\f569"}.fa-drum-steelpan:before{content:"\f56a"}.fa-drumstick-bite:before{content:"\f6d7"}.fa-drupal:before{content:"\f1a9"}.fa-dumbbell:before{content:"\f44b"}.fa-dumpster:before{content:"\f793"}.fa-dumpster-fire:before{content:"\f794"}.fa-dungeon:before{content:"\f6d9"}.fa-dyalog:before{content:"\f399"}.fa-earlybirds:before{content:"\f39a"}.fa-ebay:before{content:"\f4f4"}.fa-edge:before{content:"\f282"}.fa-edit:before{content:"\f044"}.fa-egg:before{content:"\f7fb"}.fa-eject:before{content:"\f052"}.fa-elementor:before{content:"\f430"}.fa-ellipsis-h:before{content:"\f141"}.fa-ellipsis-v:before{content:"\f142"}.fa-ello:before{content:"\f5f1"}.fa-ember:before{content:"\f423"}.fa-empire:before{content:"\f1d1"}.fa-envelope:before{content:"\f0e0"}.fa-envelope-open:before{content:"\f2b6"}.fa-envelope-open-text:before{content:"\f658"}.fa-envelope-square:before{content:"\f199"}.fa-envira:before{content:"\f299"}.fa-equals:before{content:"\f52c"}.fa-eraser:before{content:"\f12d"}.fa-erlang:before{content:"\f39d"}.fa-ethereum:before{content:"\f42e"}.fa-ethernet:before{content:"\f796"}.fa-etsy:before{content:"\f2d7"}.fa-euro-sign:before{content:"\f153"}.fa-evernote:before{content:"\f839"}.fa-exchange-alt:before{content:"\f362"}.fa-exclamation:before{content:"\f12a"}.fa-exclamation-circle:before{content:"\f06a"}.fa-exclamation-triangle:before{content:"\f071"}.fa-expand:before{content:"\f065"}.fa-expand-alt:before{content:"\f424"}.fa-expand-arrows-alt:before{content:"\f31e"}.fa-expeditedssl:before{content:"\f23e"}.fa-external-link-alt:before{content:"\f35d"}.fa-external-link-square-alt:before{content:"\f360"}.fa-eye:before{content:"\f06e"}.fa-eye-dropper:before{content:"\f1fb"}.fa-eye-slash:before{content:"\f070"}.fa-facebook:before{content:"\f09a"}.fa-facebook-f:before{content:"\f39e"}.fa-facebook-messenger:before{content:"\f39f"}.fa-facebook-square:before{content:"\f082"}.fa-fan:before{content:"\f863"}.fa-fantasy-flight-games:before{content:"\f6dc"}.fa-fast-backward:before{content:"\f049"}.fa-fast-forward:before{content:"\f050"}.fa-faucet:before{content:"\f905"}.fa-fax:before{content:"\f1ac"}.fa-feather:before{content:"\f52d"}.fa-feather-alt:before{content:"\f56b"}.fa-fedex:before{content:"\f797"}.fa-fedora:before{content:"\f798"}.fa-female:before{content:"\f182"}.fa-fighter-jet:before{content:"\f0fb"}.fa-figma:before{content:"\f799"}.fa-file:before{content:"\f15b"}.fa-file-alt:before{content:"\f15c"}.fa-file-archive:before{content:"\f1c6"}.fa-file-audio:before{content:"\f1c7"}.fa-file-code:before{content:"\f1c9"}.fa-file-contract:before{content:"\f56c"}.fa-file-csv:before{content:"\f6dd"}.fa-file-download:before{content:"\f56d"}.fa-file-excel:before{content:"\f1c3"}.fa-file-export:before{content:"\f56e"}.fa-file-image:before{content:"\f1c5"}.fa-file-import:before{content:"\f56f"}.fa-file-invoice:before{content:"\f570"}.fa-file-invoice-dollar:before{content:"\f571"}.fa-file-medical:before{content:"\f477"}.fa-file-medical-alt:before{content:"\f478"}.fa-file-pdf:before{content:"\f1c1"}.fa-file-powerpoint:before{content:"\f1c4"}.fa-file-prescription:before{content:"\f572"}.fa-file-signature:before{content:"\f573"}.fa-file-upload:before{content:"\f574"}.fa-file-video:before{content:"\f1c8"}.fa-file-word:before{content:"\f1c2"}.fa-fill:before{content:"\f575"}.fa-fill-drip:before{content:"\f576"}.fa-film:before{content:"\f008"}.fa-filter:before{content:"\f0b0"}.fa-fingerprint:before{content:"\f577"}.fa-fire:before{content:"\f06d"}.fa-fire-alt:before{content:"\f7e4"}.fa-fire-extinguisher:before{content:"\f134"}.fa-firefox:before{content:"\f269"}.fa-firefox-browser:before{content:"\f907"}.fa-first-aid:before{content:"\f479"}.fa-first-order:before{content:"\f2b0"}.fa-first-order-alt:before{content:"\f50a"}.fa-firstdraft:before{content:"\f3a1"}.fa-fish:before{content:"\f578"}.fa-fist-raised:before{content:"\f6de"}.fa-flag:before{content:"\f024"}.fa-flag-checkered:before{content:"\f11e"}.fa-flag-usa:before{content:"\f74d"}.fa-flask:before{content:"\f0c3"}.fa-flickr:before{content:"\f16e"}.fa-flipboard:before{content:"\f44d"}.fa-flushed:before{content:"\f579"}.fa-fly:before{content:"\f417"}.fa-folder:before{content:"\f07b"}.fa-folder-minus:before{content:"\f65d"}.fa-folder-open:before{content:"\f07c"}.fa-folder-plus:before{content:"\f65e"}.fa-font:before{content:"\f031"}.fa-font-awesome:before{content:"\f2b4"}.fa-font-awesome-alt:before{content:"\f35c"}.fa-font-awesome-flag:before{content:"\f425"}.fa-font-awesome-logo-full:before{content:"\f4e6"}.fa-fonticons:before{content:"\f280"}.fa-fonticons-fi:before{content:"\f3a2"}.fa-football-ball:before{content:"\f44e"}.fa-fort-awesome:before{content:"\f286"}.fa-fort-awesome-alt:before{content:"\f3a3"}.fa-forumbee:before{content:"\f211"}.fa-forward:before{content:"\f04e"}.fa-foursquare:before{content:"\f180"}.fa-free-code-camp:before{content:"\f2c5"}.fa-freebsd:before{content:"\f3a4"}.fa-frog:before{content:"\f52e"}.fa-frown:before{content:"\f119"}.fa-frown-open:before{content:"\f57a"}.fa-fulcrum:before{content:"\f50b"}.fa-funnel-dollar:before{content:"\f662"}.fa-futbol:before{content:"\f1e3"}.fa-galactic-republic:before{content:"\f50c"}.fa-galactic-senate:before{content:"\f50d"}.fa-gamepad:before{content:"\f11b"}.fa-gas-pump:before{content:"\f52f"}.fa-gavel:before{content:"\f0e3"}.fa-gem:before{content:"\f3a5"}.fa-genderless:before{content:"\f22d"}.fa-get-pocket:before{content:"\f265"}.fa-gg:before{content:"\f260"}.fa-gg-circle:before{content:"\f261"}.fa-ghost:before{content:"\f6e2"}.fa-gift:before{content:"\f06b"}.fa-gifts:before{content:"\f79c"}.fa-git:before{content:"\f1d3"}.fa-git-alt:before{content:"\f841"}.fa-git-square:before{content:"\f1d2"}.fa-github:before{content:"\f09b"}.fa-github-alt:before{content:"\f113"}.fa-github-square:before{content:"\f092"}.fa-gitkraken:before{content:"\f3a6"}.fa-gitlab:before{content:"\f296"}.fa-gitter:before{content:"\f426"}.fa-glass-cheers:before{content:"\f79f"}.fa-glass-martini:before{content:"\f000"}.fa-glass-martini-alt:before{content:"\f57b"}.fa-glass-whiskey:before{content:"\f7a0"}.fa-glasses:before{content:"\f530"}.fa-glide:before{content:"\f2a5"}.fa-glide-g:before{content:"\f2a6"}.fa-globe:before{content:"\f0ac"}.fa-globe-africa:before{content:"\f57c"}.fa-globe-americas:before{content:"\f57d"}.fa-globe-asia:before{content:"\f57e"}.fa-globe-europe:before{content:"\f7a2"}.fa-gofore:before{content:"\f3a7"}.fa-golf-ball:before{content:"\f450"}.fa-goodreads:before{content:"\f3a8"}.fa-goodreads-g:before{content:"\f3a9"}.fa-google:before{content:"\f1a0"}.fa-google-drive:before{content:"\f3aa"}.fa-google-play:before{content:"\f3ab"}.fa-google-plus:before{content:"\f2b3"}.fa-google-plus-g:before{content:"\f0d5"}.fa-google-plus-square:before{content:"\f0d4"}.fa-google-wallet:before{content:"\f1ee"}.fa-gopuram:before{content:"\f664"}.fa-graduation-cap:before{content:"\f19d"}.fa-gratipay:before{content:"\f184"}.fa-grav:before{content:"\f2d6"}.fa-greater-than:before{content:"\f531"}.fa-greater-than-equal:before{content:"\f532"}.fa-grimace:before{content:"\f57f"}.fa-grin:before{content:"\f580"}.fa-grin-alt:before{content:"\f581"}.fa-grin-beam:before{content:"\f582"}.fa-grin-beam-sweat:before{content:"\f583"}.fa-grin-hearts:before{content:"\f584"}.fa-grin-squint:before{content:"\f585"}.fa-grin-squint-tears:before{content:"\f586"}.fa-grin-stars:before{content:"\f587"}.fa-grin-tears:before{content:"\f588"}.fa-grin-tongue:before{content:"\f589"}.fa-grin-tongue-squint:before{content:"\f58a"}.fa-grin-tongue-wink:before{content:"\f58b"}.fa-grin-wink:before{content:"\f58c"}.fa-grip-horizontal:before{content:"\f58d"}.fa-grip-lines:before{content:"\f7a4"}.fa-grip-lines-vertical:before{content:"\f7a5"}.fa-grip-vertical:before{content:"\f58e"}.fa-gripfire:before{content:"\f3ac"}.fa-grunt:before{content:"\f3ad"}.fa-guitar:before{content:"\f7a6"}.fa-gulp:before{content:"\f3ae"}.fa-h-square:before{content:"\f0fd"}.fa-hacker-news:before{content:"\f1d4"}.fa-hacker-news-square:before{content:"\f3af"}.fa-hackerrank:before{content:"\f5f7"}.fa-hamburger:before{content:"\f805"}.fa-hammer:before{content:"\f6e3"}.fa-hamsa:before{content:"\f665"}.fa-hand-holding:before{content:"\f4bd"}.fa-hand-holding-heart:before{content:"\f4be"}.fa-hand-holding-medical:before{content:"\f95c"}.fa-hand-holding-usd:before{content:"\f4c0"}.fa-hand-holding-water:before{content:"\f4c1"}.fa-hand-lizard:before{content:"\f258"}.fa-hand-middle-finger:before{content:"\f806"}.fa-hand-paper:before{content:"\f256"}.fa-hand-peace:before{content:"\f25b"}.fa-hand-point-down:before{content:"\f0a7"}.fa-hand-point-left:before{content:"\f0a5"}.fa-hand-point-right:before{content:"\f0a4"}.fa-hand-point-up:before{content:"\f0a6"}.fa-hand-pointer:before{content:"\f25a"}.fa-hand-rock:before{content:"\f255"}.fa-hand-scissors:before{content:"\f257"}.fa-hand-sparkles:before{content:"\f95d"}.fa-hand-spock:before{content:"\f259"}.fa-hands:before{content:"\f4c2"}.fa-hands-helping:before{content:"\f4c4"}.fa-hands-wash:before{content:"\f95e"}.fa-handshake:before{content:"\f2b5"}.fa-handshake-alt-slash:before{content:"\f95f"}.fa-handshake-slash:before{content:"\f960"}.fa-hanukiah:before{content:"\f6e6"}.fa-hard-hat:before{content:"\f807"}.fa-hashtag:before{content:"\f292"}.fa-hat-cowboy:before{content:"\f8c0"}.fa-hat-cowboy-side:before{content:"\f8c1"}.fa-hat-wizard:before{content:"\f6e8"}.fa-hdd:before{content:"\f0a0"}.fa-head-side-cough:before{content:"\f961"}.fa-head-side-cough-slash:before{content:"\f962"}.fa-head-side-mask:before{content:"\f963"}.fa-head-side-virus:before{content:"\f964"}.fa-heading:before{content:"\f1dc"}.fa-headphones:before{content:"\f025"}.fa-headphones-alt:before{content:"\f58f"}.fa-headset:before{content:"\f590"}.fa-heart:before{content:"\f004"}.fa-heart-broken:before{content:"\f7a9"}.fa-heartbeat:before{content:"\f21e"}.fa-helicopter:before{content:"\f533"}.fa-highlighter:before{content:"\f591"}.fa-hiking:before{content:"\f6ec"}.fa-hippo:before{content:"\f6ed"}.fa-hips:before{content:"\f452"}.fa-hire-a-helper:before{content:"\f3b0"}.fa-history:before{content:"\f1da"}.fa-hockey-puck:before{content:"\f453"}.fa-holly-berry:before{content:"\f7aa"}.fa-home:before{content:"\f015"}.fa-hooli:before{content:"\f427"}.fa-hornbill:before{content:"\f592"}.fa-horse:before{content:"\f6f0"}.fa-horse-head:before{content:"\f7ab"}.fa-hospital:before{content:"\f0f8"}.fa-hospital-alt:before{content:"\f47d"}.fa-hospital-symbol:before{content:"\f47e"}.fa-hospital-user:before{content:"\f80d"}.fa-hot-tub:before{content:"\f593"}.fa-hotdog:before{content:"\f80f"}.fa-hotel:before{content:"\f594"}.fa-hotjar:before{content:"\f3b1"}.fa-hourglass:before{content:"\f254"}.fa-hourglass-end:before{content:"\f253"}.fa-hourglass-half:before{content:"\f252"}.fa-hourglass-start:before{content:"\f251"}.fa-house-damage:before{content:"\f6f1"}.fa-house-user:before{content:"\f965"}.fa-houzz:before{content:"\f27c"}.fa-hryvnia:before{content:"\f6f2"}.fa-html5:before{content:"\f13b"}.fa-hubspot:before{content:"\f3b2"}.fa-i-cursor:before{content:"\f246"}.fa-ice-cream:before{content:"\f810"}.fa-icicles:before{content:"\f7ad"}.fa-icons:before{content:"\f86d"}.fa-id-badge:before{content:"\f2c1"}.fa-id-card:before{content:"\f2c2"}.fa-id-card-alt:before{content:"\f47f"}.fa-ideal:before{content:"\f913"}.fa-igloo:before{content:"\f7ae"}.fa-image:before{content:"\f03e"}.fa-images:before{content:"\f302"}.fa-imdb:before{content:"\f2d8"}.fa-inbox:before{content:"\f01c"}.fa-indent:before{content:"\f03c"}.fa-industry:before{content:"\f275"}.fa-infinity:before{content:"\f534"}.fa-info:before{content:"\f129"}.fa-info-circle:before{content:"\f05a"}.fa-instagram:before{content:"\f16d"}.fa-instagram-square:before{content:"\f955"}.fa-intercom:before{content:"\f7af"}.fa-internet-explorer:before{content:"\f26b"}.fa-invision:before{content:"\f7b0"}.fa-ioxhost:before{content:"\f208"}.fa-italic:before{content:"\f033"}.fa-itch-io:before{content:"\f83a"}.fa-itunes:before{content:"\f3b4"}.fa-itunes-note:before{content:"\f3b5"}.fa-java:before{content:"\f4e4"}.fa-jedi:before{content:"\f669"}.fa-jedi-order:before{content:"\f50e"}.fa-jenkins:before{content:"\f3b6"}.fa-jira:before{content:"\f7b1"}.fa-joget:before{content:"\f3b7"}.fa-joint:before{content:"\f595"}.fa-joomla:before{content:"\f1aa"}.fa-journal-whills:before{content:"\f66a"}.fa-js:before{content:"\f3b8"}.fa-js-square:before{content:"\f3b9"}.fa-jsfiddle:before{content:"\f1cc"}.fa-kaaba:before{content:"\f66b"}.fa-kaggle:before{content:"\f5fa"}.fa-key:before{content:"\f084"}.fa-keybase:before{content:"\f4f5"}.fa-keyboard:before{content:"\f11c"}.fa-keycdn:before{content:"\f3ba"}.fa-khanda:before{content:"\f66d"}.fa-kickstarter:before{content:"\f3bb"}.fa-kickstarter-k:before{content:"\f3bc"}.fa-kiss:before{content:"\f596"}.fa-kiss-beam:before{content:"\f597"}.fa-kiss-wink-heart:before{content:"\f598"}.fa-kiwi-bird:before{content:"\f535"}.fa-korvue:before{content:"\f42f"}.fa-landmark:before{content:"\f66f"}.fa-language:before{content:"\f1ab"}.fa-laptop:before{content:"\f109"}.fa-laptop-code:before{content:"\f5fc"}.fa-laptop-house:before{content:"\f966"}.fa-laptop-medical:before{content:"\f812"}.fa-laravel:before{content:"\f3bd"}.fa-lastfm:before{content:"\f202"}.fa-lastfm-square:before{content:"\f203"}.fa-laugh:before{content:"\f599"}.fa-laugh-beam:before{content:"\f59a"}.fa-laugh-squint:before{content:"\f59b"}.fa-laugh-wink:before{content:"\f59c"}.fa-layer-group:before{content:"\f5fd"}.fa-leaf:before{content:"\f06c"}.fa-leanpub:before{content:"\f212"}.fa-lemon:before{content:"\f094"}.fa-less:before{content:"\f41d"}.fa-less-than:before{content:"\f536"}.fa-less-than-equal:before{content:"\f537"}.fa-level-down-alt:before{content:"\f3be"}.fa-level-up-alt:before{content:"\f3bf"}.fa-life-ring:before{content:"\f1cd"}.fa-lightbulb:before{content:"\f0eb"}.fa-line:before{content:"\f3c0"}.fa-link:before{content:"\f0c1"}.fa-linkedin:before{content:"\f08c"}.fa-linkedin-in:before{content:"\f0e1"}.fa-linode:before{content:"\f2b8"}.fa-linux:before{content:"\f17c"}.fa-lira-sign:before{content:"\f195"}.fa-list:before{content:"\f03a"}.fa-list-alt:before{content:"\f022"}.fa-list-ol:before{content:"\f0cb"}.fa-list-ul:before{content:"\f0ca"}.fa-location-arrow:before{content:"\f124"}.fa-lock:before{content:"\f023"}.fa-lock-open:before{content:"\f3c1"}.fa-long-arrow-alt-down:before{content:"\f309"}.fa-long-arrow-alt-left:before{content:"\f30a"}.fa-long-arrow-alt-right:before{content:"\f30b"}.fa-long-arrow-alt-up:before{content:"\f30c"}.fa-low-vision:before{content:"\f2a8"}.fa-luggage-cart:before{content:"\f59d"}.fa-lungs:before{content:"\f604"}.fa-lungs-virus:before{content:"\f967"}.fa-lyft:before{content:"\f3c3"}.fa-magento:before{content:"\f3c4"}.fa-magic:before{content:"\f0d0"}.fa-magnet:before{content:"\f076"}.fa-mail-bulk:before{content:"\f674"}.fa-mailchimp:before{content:"\f59e"}.fa-male:before{content:"\f183"}.fa-mandalorian:before{content:"\f50f"}.fa-map:before{content:"\f279"}.fa-map-marked:before{content:"\f59f"}.fa-map-marked-alt:before{content:"\f5a0"}.fa-map-marker:before{content:"\f041"}.fa-map-marker-alt:before{content:"\f3c5"}.fa-map-pin:before{content:"\f276"}.fa-map-signs:before{content:"\f277"}.fa-markdown:before{content:"\f60f"}.fa-marker:before{content:"\f5a1"}.fa-mars:before{content:"\f222"}.fa-mars-double:before{content:"\f227"}.fa-mars-stroke:before{content:"\f229"}.fa-mars-stroke-h:before{content:"\f22b"}.fa-mars-stroke-v:before{content:"\f22a"}.fa-mask:before{content:"\f6fa"}.fa-mastodon:before{content:"\f4f6"}.fa-maxcdn:before{content:"\f136"}.fa-mdb:before{content:"\f8ca"}.fa-medal:before{content:"\f5a2"}.fa-medapps:before{content:"\f3c6"}.fa-medium:before{content:"\f23a"}.fa-medium-m:before{content:"\f3c7"}.fa-medkit:before{content:"\f0fa"}.fa-medrt:before{content:"\f3c8"}.fa-meetup:before{content:"\f2e0"}.fa-megaport:before{content:"\f5a3"}.fa-meh:before{content:"\f11a"}.fa-meh-blank:before{content:"\f5a4"}.fa-meh-rolling-eyes:before{content:"\f5a5"}.fa-memory:before{content:"\f538"}.fa-mendeley:before{content:"\f7b3"}.fa-menorah:before{content:"\f676"}.fa-mercury:before{content:"\f223"}.fa-meteor:before{content:"\f753"}.fa-microblog:before{content:"\f91a"}.fa-microchip:before{content:"\f2db"}.fa-microphone:before{content:"\f130"}.fa-microphone-alt:before{content:"\f3c9"}.fa-microphone-alt-slash:before{content:"\f539"}.fa-microphone-slash:before{content:"\f131"}.fa-microscope:before{content:"\f610"}.fa-microsoft:before{content:"\f3ca"}.fa-minus:before{content:"\f068"}.fa-minus-circle:before{content:"\f056"}.fa-minus-square:before{content:"\f146"}.fa-mitten:before{content:"\f7b5"}.fa-mix:before{content:"\f3cb"}.fa-mixcloud:before{content:"\f289"}.fa-mixer:before{content:"\f956"}.fa-mizuni:before{content:"\f3cc"}.fa-mobile:before{content:"\f10b"}.fa-mobile-alt:before{content:"\f3cd"}.fa-modx:before{content:"\f285"}.fa-monero:before{content:"\f3d0"}.fa-money-bill:before{content:"\f0d6"}.fa-money-bill-alt:before{content:"\f3d1"}.fa-money-bill-wave:before{content:"\f53a"}.fa-money-bill-wave-alt:before{content:"\f53b"}.fa-money-check:before{content:"\f53c"}.fa-money-check-alt:before{content:"\f53d"}.fa-monument:before{content:"\f5a6"}.fa-moon:before{content:"\f186"}.fa-mortar-pestle:before{content:"\f5a7"}.fa-mosque:before{content:"\f678"}.fa-motorcycle:before{content:"\f21c"}.fa-mountain:before{content:"\f6fc"}.fa-mouse:before{content:"\f8cc"}.fa-mouse-pointer:before{content:"\f245"}.fa-mug-hot:before{content:"\f7b6"}.fa-music:before{content:"\f001"}.fa-napster:before{content:"\f3d2"}.fa-neos:before{content:"\f612"}.fa-network-wired:before{content:"\f6ff"}.fa-neuter:before{content:"\f22c"}.fa-newspaper:before{content:"\f1ea"}.fa-nimblr:before{content:"\f5a8"}.fa-node:before{content:"\f419"}.fa-node-js:before{content:"\f3d3"}.fa-not-equal:before{content:"\f53e"}.fa-notes-medical:before{content:"\f481"}.fa-npm:before{content:"\f3d4"}.fa-ns8:before{content:"\f3d5"}.fa-nutritionix:before{content:"\f3d6"}.fa-object-group:before{content:"\f247"}.fa-object-ungroup:before{content:"\f248"}.fa-odnoklassniki:before{content:"\f263"}.fa-odnoklassniki-square:before{content:"\f264"}.fa-oil-can:before{content:"\f613"}.fa-old-republic:before{content:"\f510"}.fa-om:before{content:"\f679"}.fa-opencart:before{content:"\f23d"}.fa-openid:before{content:"\f19b"}.fa-opera:before{content:"\f26a"}.fa-optin-monster:before{content:"\f23c"}.fa-orcid:before{content:"\f8d2"}.fa-osi:before{content:"\f41a"}.fa-otter:before{content:"\f700"}.fa-outdent:before{content:"\f03b"}.fa-page4:before{content:"\f3d7"}.fa-pagelines:before{content:"\f18c"}.fa-pager:before{content:"\f815"}.fa-paint-brush:before{content:"\f1fc"}.fa-paint-roller:before{content:"\f5aa"}.fa-palette:before{content:"\f53f"}.fa-palfed:before{content:"\f3d8"}.fa-pallet:before{content:"\f482"}.fa-paper-plane:before{content:"\f1d8"}.fa-paperclip:before{content:"\f0c6"}.fa-parachute-box:before{content:"\f4cd"}.fa-paragraph:before{content:"\f1dd"}.fa-parking:before{content:"\f540"}.fa-passport:before{content:"\f5ab"}.fa-pastafarianism:before{content:"\f67b"}.fa-paste:before{content:"\f0ea"}.fa-patreon:before{content:"\f3d9"}.fa-pause:before{content:"\f04c"}.fa-pause-circle:before{content:"\f28b"}.fa-paw:before{content:"\f1b0"}.fa-paypal:before{content:"\f1ed"}.fa-peace:before{content:"\f67c"}.fa-pen:before{content:"\f304"}.fa-pen-alt:before{content:"\f305"}.fa-pen-fancy:before{content:"\f5ac"}.fa-pen-nib:before{content:"\f5ad"}.fa-pen-square:before{content:"\f14b"}.fa-pencil-alt:before{content:"\f303"}.fa-pencil-ruler:before{content:"\f5ae"}.fa-penny-arcade:before{content:"\f704"}.fa-people-arrows:before{content:"\f968"}.fa-people-carry:before{content:"\f4ce"}.fa-pepper-hot:before{content:"\f816"}.fa-percent:before{content:"\f295"}.fa-percentage:before{content:"\f541"}.fa-periscope:before{content:"\f3da"}.fa-person-booth:before{content:"\f756"}.fa-phabricator:before{content:"\f3db"}.fa-phoenix-framework:before{content:"\f3dc"}.fa-phoenix-squadron:before{content:"\f511"}.fa-phone:before{content:"\f095"}.fa-phone-alt:before{content:"\f879"}.fa-phone-slash:before{content:"\f3dd"}.fa-phone-square:before{content:"\f098"}.fa-phone-square-alt:before{content:"\f87b"}.fa-phone-volume:before{content:"\f2a0"}.fa-photo-video:before{content:"\f87c"}.fa-php:before{content:"\f457"}.fa-pied-piper:before{content:"\f2ae"}.fa-pied-piper-alt:before{content:"\f1a8"}.fa-pied-piper-hat:before{content:"\f4e5"}.fa-pied-piper-pp:before{content:"\f1a7"}.fa-pied-piper-square:before{content:"\f91e"}.fa-piggy-bank:before{content:"\f4d3"}.fa-pills:before{content:"\f484"}.fa-pinterest:before{content:"\f0d2"}.fa-pinterest-p:before{content:"\f231"}.fa-pinterest-square:before{content:"\f0d3"}.fa-pizza-slice:before{content:"\f818"}.fa-place-of-worship:before{content:"\f67f"}.fa-plane:before{content:"\f072"}.fa-plane-arrival:before{content:"\f5af"}.fa-plane-departure:before{content:"\f5b0"}.fa-plane-slash:before{content:"\f969"}.fa-play:before{content:"\f04b"}.fa-play-circle:before{content:"\f144"}.fa-playstation:before{content:"\f3df"}.fa-plug:before{content:"\f1e6"}.fa-plus:before{content:"\f067"}.fa-plus-circle:before{content:"\f055"}.fa-plus-square:before{content:"\f0fe"}.fa-podcast:before{content:"\f2ce"}.fa-poll:before{content:"\f681"}.fa-poll-h:before{content:"\f682"}.fa-poo:before{content:"\f2fe"}.fa-poo-storm:before{content:"\f75a"}.fa-poop:before{content:"\f619"}.fa-portrait:before{content:"\f3e0"}.fa-pound-sign:before{content:"\f154"}.fa-power-off:before{content:"\f011"}.fa-pray:before{content:"\f683"}.fa-praying-hands:before{content:"\f684"}.fa-prescription:before{content:"\f5b1"}.fa-prescription-bottle:before{content:"\f485"}.fa-prescription-bottle-alt:before{content:"\f486"}.fa-print:before{content:"\f02f"}.fa-procedures:before{content:"\f487"}.fa-product-hunt:before{content:"\f288"}.fa-project-diagram:before{content:"\f542"}.fa-pump-medical:before{content:"\f96a"}.fa-pump-soap:before{content:"\f96b"}.fa-pushed:before{content:"\f3e1"}.fa-puzzle-piece:before{content:"\f12e"}.fa-python:before{content:"\f3e2"}.fa-qq:before{content:"\f1d6"}.fa-qrcode:before{content:"\f029"}.fa-question:before{content:"\f128"}.fa-question-circle:before{content:"\f059"}.fa-quidditch:before{content:"\f458"}.fa-quinscape:before{content:"\f459"}.fa-quora:before{content:"\f2c4"}.fa-quote-left:before{content:"\f10d"}.fa-quote-right:before{content:"\f10e"}.fa-quran:before{content:"\f687"}.fa-r-project:before{content:"\f4f7"}.fa-radiation:before{content:"\f7b9"}.fa-radiation-alt:before{content:"\f7ba"}.fa-rainbow:before{content:"\f75b"}.fa-random:before{content:"\f074"}.fa-raspberry-pi:before{content:"\f7bb"}.fa-ravelry:before{content:"\f2d9"}.fa-react:before{content:"\f41b"}.fa-reacteurope:before{content:"\f75d"}.fa-readme:before{content:"\f4d5"}.fa-rebel:before{content:"\f1d0"}.fa-receipt:before{content:"\f543"}.fa-record-vinyl:before{content:"\f8d9"}.fa-recycle:before{content:"\f1b8"}.fa-red-river:before{content:"\f3e3"}.fa-reddit:before{content:"\f1a1"}.fa-reddit-alien:before{content:"\f281"}.fa-reddit-square:before{content:"\f1a2"}.fa-redhat:before{content:"\f7bc"}.fa-redo:before{content:"\f01e"}.fa-redo-alt:before{content:"\f2f9"}.fa-registered:before{content:"\f25d"}.fa-remove-format:before{content:"\f87d"}.fa-renren:before{content:"\f18b"}.fa-reply:before{content:"\f3e5"}.fa-reply-all:before{content:"\f122"}.fa-replyd:before{content:"\f3e6"}.fa-republican:before{content:"\f75e"}.fa-researchgate:before{content:"\f4f8"}.fa-resolving:before{content:"\f3e7"}.fa-restroom:before{content:"\f7bd"}.fa-retweet:before{content:"\f079"}.fa-rev:before{content:"\f5b2"}.fa-ribbon:before{content:"\f4d6"}.fa-ring:before{content:"\f70b"}.fa-road:before{content:"\f018"}.fa-robot:before{content:"\f544"}.fa-rocket:before{content:"\f135"}.fa-rocketchat:before{content:"\f3e8"}.fa-rockrms:before{content:"\f3e9"}.fa-route:before{content:"\f4d7"}.fa-rss:before{content:"\f09e"}.fa-rss-square:before{content:"\f143"}.fa-ruble-sign:before{content:"\f158"}.fa-ruler:before{content:"\f545"}.fa-ruler-combined:before{content:"\f546"}.fa-ruler-horizontal:before{content:"\f547"}.fa-ruler-vertical:before{content:"\f548"}.fa-running:before{content:"\f70c"}.fa-rupee-sign:before{content:"\f156"}.fa-sad-cry:before{content:"\f5b3"}.fa-sad-tear:before{content:"\f5b4"}.fa-safari:before{content:"\f267"}.fa-salesforce:before{content:"\f83b"}.fa-sass:before{content:"\f41e"}.fa-satellite:before{content:"\f7bf"}.fa-satellite-dish:before{content:"\f7c0"}.fa-save:before{content:"\f0c7"}.fa-schlix:before{content:"\f3ea"}.fa-school:before{content:"\f549"}.fa-screwdriver:before{content:"\f54a"}.fa-scribd:before{content:"\f28a"}.fa-scroll:before{content:"\f70e"}.fa-sd-card:before{content:"\f7c2"}.fa-search:before{content:"\f002"}.fa-search-dollar:before{content:"\f688"}.fa-search-location:before{content:"\f689"}.fa-search-minus:before{content:"\f010"}.fa-search-plus:before{content:"\f00e"}.fa-searchengin:before{content:"\f3eb"}.fa-seedling:before{content:"\f4d8"}.fa-sellcast:before{content:"\f2da"}.fa-sellsy:before{content:"\f213"}.fa-server:before{content:"\f233"}.fa-servicestack:before{content:"\f3ec"}.fa-shapes:before{content:"\f61f"}.fa-share:before{content:"\f064"}.fa-share-alt:before{content:"\f1e0"}.fa-share-alt-square:before{content:"\f1e1"}.fa-share-square:before{content:"\f14d"}.fa-shekel-sign:before{content:"\f20b"}.fa-shield-alt:before{content:"\f3ed"}.fa-shield-virus:before{content:"\f96c"}.fa-ship:before{content:"\f21a"}.fa-shipping-fast:before{content:"\f48b"}.fa-shirtsinbulk:before{content:"\f214"}.fa-shoe-prints:before{content:"\f54b"}.fa-shopify:before{content:"\f957"}.fa-shopping-bag:before{content:"\f290"}.fa-shopping-basket:before{content:"\f291"}.fa-shopping-cart:before{content:"\f07a"}.fa-shopware:before{content:"\f5b5"}.fa-shower:before{content:"\f2cc"}.fa-shuttle-van:before{content:"\f5b6"}.fa-sign:before{content:"\f4d9"}.fa-sign-in-alt:before{content:"\f2f6"}.fa-sign-language:before{content:"\f2a7"}.fa-sign-out-alt:before{content:"\f2f5"}.fa-signal:before{content:"\f012"}.fa-signature:before{content:"\f5b7"}.fa-sim-card:before{content:"\f7c4"}.fa-simplybuilt:before{content:"\f215"}.fa-sistrix:before{content:"\f3ee"}.fa-sitemap:before{content:"\f0e8"}.fa-sith:before{content:"\f512"}.fa-skating:before{content:"\f7c5"}.fa-sketch:before{content:"\f7c6"}.fa-skiing:before{content:"\f7c9"}.fa-skiing-nordic:before{content:"\f7ca"}.fa-skull:before{content:"\f54c"}.fa-skull-crossbones:before{content:"\f714"}.fa-skyatlas:before{content:"\f216"}.fa-skype:before{content:"\f17e"}.fa-slack:before{content:"\f198"}.fa-slack-hash:before{content:"\f3ef"}.fa-slash:before{content:"\f715"}.fa-sleigh:before{content:"\f7cc"}.fa-sliders-h:before{content:"\f1de"}.fa-slideshare:before{content:"\f1e7"}.fa-smile:before{content:"\f118"}.fa-smile-beam:before{content:"\f5b8"}.fa-smile-wink:before{content:"\f4da"}.fa-smog:before{content:"\f75f"}.fa-smoking:before{content:"\f48d"}.fa-smoking-ban:before{content:"\f54d"}.fa-sms:before{content:"\f7cd"}.fa-snapchat:before{content:"\f2ab"}.fa-snapchat-ghost:before{content:"\f2ac"}.fa-snapchat-square:before{content:"\f2ad"}.fa-snowboarding:before{content:"\f7ce"}.fa-snowflake:before{content:"\f2dc"}.fa-snowman:before{content:"\f7d0"}.fa-snowplow:before{content:"\f7d2"}.fa-soap:before{content:"\f96e"}.fa-socks:before{content:"\f696"}.fa-solar-panel:before{content:"\f5ba"}.fa-sort:before{content:"\f0dc"}.fa-sort-alpha-down:before{content:"\f15d"}.fa-sort-alpha-down-alt:before{content:"\f881"}.fa-sort-alpha-up:before{content:"\f15e"}.fa-sort-alpha-up-alt:before{content:"\f882"}.fa-sort-amount-down:before{content:"\f160"}.fa-sort-amount-down-alt:before{content:"\f884"}.fa-sort-amount-up:before{content:"\f161"}.fa-sort-amount-up-alt:before{content:"\f885"}.fa-sort-down:before{content:"\f0dd"}.fa-sort-numeric-down:before{content:"\f162"}.fa-sort-numeric-down-alt:before{content:"\f886"}.fa-sort-numeric-up:before{content:"\f163"}.fa-sort-numeric-up-alt:before{content:"\f887"}.fa-sort-up:before{content:"\f0de"}.fa-soundcloud:before{content:"\f1be"}.fa-sourcetree:before{content:"\f7d3"}.fa-spa:before{content:"\f5bb"}.fa-space-shuttle:before{content:"\f197"}.fa-speakap:before{content:"\f3f3"}.fa-speaker-deck:before{content:"\f83c"}.fa-spell-check:before{content:"\f891"}.fa-spider:before{content:"\f717"}.fa-spinner:before{content:"\f110"}.fa-splotch:before{content:"\f5bc"}.fa-spotify:before{content:"\f1bc"}.fa-spray-can:before{content:"\f5bd"}.fa-square:before{content:"\f0c8"}.fa-square-full:before{content:"\f45c"}.fa-square-root-alt:before{content:"\f698"}.fa-squarespace:before{content:"\f5be"}.fa-stack-exchange:before{content:"\f18d"}.fa-stack-overflow:before{content:"\f16c"}.fa-stackpath:before{content:"\f842"}.fa-stamp:before{content:"\f5bf"}.fa-star:before{content:"\f005"}.fa-star-and-crescent:before{content:"\f699"}.fa-star-half:before{content:"\f089"}.fa-star-half-alt:before{content:"\f5c0"}.fa-star-of-david:before{content:"\f69a"}.fa-star-of-life:before{content:"\f621"}.fa-staylinked:before{content:"\f3f5"}.fa-steam:before{content:"\f1b6"}.fa-steam-square:before{content:"\f1b7"}.fa-steam-symbol:before{content:"\f3f6"}.fa-step-backward:before{content:"\f048"}.fa-step-forward:before{content:"\f051"}.fa-stethoscope:before{content:"\f0f1"}.fa-sticker-mule:before{content:"\f3f7"}.fa-sticky-note:before{content:"\f249"}.fa-stop:before{content:"\f04d"}.fa-stop-circle:before{content:"\f28d"}.fa-stopwatch:before{content:"\f2f2"}.fa-stopwatch-20:before{content:"\f96f"}.fa-store:before{content:"\f54e"}.fa-store-alt:before{content:"\f54f"}.fa-store-alt-slash:before{content:"\f970"}.fa-store-slash:before{content:"\f971"}.fa-strava:before{content:"\f428"}.fa-stream:before{content:"\f550"}.fa-street-view:before{content:"\f21d"}.fa-strikethrough:before{content:"\f0cc"}.fa-stripe:before{content:"\f429"}.fa-stripe-s:before{content:"\f42a"}.fa-stroopwafel:before{content:"\f551"}.fa-studiovinari:before{content:"\f3f8"}.fa-stumbleupon:before{content:"\f1a4"}.fa-stumbleupon-circle:before{content:"\f1a3"}.fa-subscript:before{content:"\f12c"}.fa-subway:before{content:"\f239"}.fa-suitcase:before{content:"\f0f2"}.fa-suitcase-rolling:before{content:"\f5c1"}.fa-sun:before{content:"\f185"}.fa-superpowers:before{content:"\f2dd"}.fa-superscript:before{content:"\f12b"}.fa-supple:before{content:"\f3f9"}.fa-surprise:before{content:"\f5c2"}.fa-suse:before{content:"\f7d6"}.fa-swatchbook:before{content:"\f5c3"}.fa-swift:before{content:"\f8e1"}.fa-swimmer:before{content:"\f5c4"}.fa-swimming-pool:before{content:"\f5c5"}.fa-symfony:before{content:"\f83d"}.fa-synagogue:before{content:"\f69b"}.fa-sync:before{content:"\f021"}.fa-sync-alt:before{content:"\f2f1"}.fa-syringe:before{content:"\f48e"}.fa-table:before{content:"\f0ce"}.fa-table-tennis:before{content:"\f45d"}.fa-tablet:before{content:"\f10a"}.fa-tablet-alt:before{content:"\f3fa"}.fa-tablets:before{content:"\f490"}.fa-tachometer-alt:before{content:"\f3fd"}.fa-tag:before{content:"\f02b"}.fa-tags:before{content:"\f02c"}.fa-tape:before{content:"\f4db"}.fa-tasks:before{content:"\f0ae"}.fa-taxi:before{content:"\f1ba"}.fa-teamspeak:before{content:"\f4f9"}.fa-teeth:before{content:"\f62e"}.fa-teeth-open:before{content:"\f62f"}.fa-telegram:before{content:"\f2c6"}.fa-telegram-plane:before{content:"\f3fe"}.fa-temperature-high:before{content:"\f769"}.fa-temperature-low:before{content:"\f76b"}.fa-tencent-weibo:before{content:"\f1d5"}.fa-tenge:before{content:"\f7d7"}.fa-terminal:before{content:"\f120"}.fa-text-height:before{content:"\f034"}.fa-text-width:before{content:"\f035"}.fa-th:before{content:"\f00a"}.fa-th-large:before{content:"\f009"}.fa-th-list:before{content:"\f00b"}.fa-the-red-yeti:before{content:"\f69d"}.fa-theater-masks:before{content:"\f630"}.fa-themeco:before{content:"\f5c6"}.fa-themeisle:before{content:"\f2b2"}.fa-thermometer:before{content:"\f491"}.fa-thermometer-empty:before{content:"\f2cb"}.fa-thermometer-full:before{content:"\f2c7"}.fa-thermometer-half:before{content:"\f2c9"}.fa-thermometer-quarter:before{content:"\f2ca"}.fa-thermometer-three-quarters:before{content:"\f2c8"}.fa-think-peaks:before{content:"\f731"}.fa-thumbs-down:before{content:"\f165"}.fa-thumbs-up:before{content:"\f164"}.fa-thumbtack:before{content:"\f08d"}.fa-ticket-alt:before{content:"\f3ff"}.fa-times:before{content:"\f00d"}.fa-times-circle:before{content:"\f057"}.fa-tint:before{content:"\f043"}.fa-tint-slash:before{content:"\f5c7"}.fa-tired:before{content:"\f5c8"}.fa-toggle-off:before{content:"\f204"}.fa-toggle-on:before{content:"\f205"}.fa-toilet:before{content:"\f7d8"}.fa-toilet-paper:before{content:"\f71e"}.fa-toilet-paper-slash:before{content:"\f972"}.fa-toolbox:before{content:"\f552"}.fa-tools:before{content:"\f7d9"}.fa-tooth:before{content:"\f5c9"}.fa-torah:before{content:"\f6a0"}.fa-torii-gate:before{content:"\f6a1"}.fa-tractor:before{content:"\f722"}.fa-trade-federation:before{content:"\f513"}.fa-trademark:before{content:"\f25c"}.fa-traffic-light:before{content:"\f637"}.fa-trailer:before{content:"\f941"}.fa-train:before{content:"\f238"}.fa-tram:before{content:"\f7da"}.fa-transgender:before{content:"\f224"}.fa-transgender-alt:before{content:"\f225"}.fa-trash:before{content:"\f1f8"}.fa-trash-alt:before{content:"\f2ed"}.fa-trash-restore:before{content:"\f829"}.fa-trash-restore-alt:before{content:"\f82a"}.fa-tree:before{content:"\f1bb"}.fa-trello:before{content:"\f181"}.fa-tripadvisor:before{content:"\f262"}.fa-trophy:before{content:"\f091"}.fa-truck:before{content:"\f0d1"}.fa-truck-loading:before{content:"\f4de"}.fa-truck-monster:before{content:"\f63b"}.fa-truck-moving:before{content:"\f4df"}.fa-truck-pickup:before{content:"\f63c"}.fa-tshirt:before{content:"\f553"}.fa-tty:before{content:"\f1e4"}.fa-tumblr:before{content:"\f173"}.fa-tumblr-square:before{content:"\f174"}.fa-tv:before{content:"\f26c"}.fa-twitch:before{content:"\f1e8"}.fa-twitter:before{content:"\f099"}.fa-twitter-square:before{content:"\f081"}.fa-typo3:before{content:"\f42b"}.fa-uber:before{content:"\f402"}.fa-ubuntu:before{content:"\f7df"}.fa-uikit:before{content:"\f403"}.fa-umbraco:before{content:"\f8e8"}.fa-umbrella:before{content:"\f0e9"}.fa-umbrella-beach:before{content:"\f5ca"}.fa-underline:before{content:"\f0cd"}.fa-undo:before{content:"\f0e2"}.fa-undo-alt:before{content:"\f2ea"}.fa-uniregistry:before{content:"\f404"}.fa-unity:before{content:"\f949"}.fa-universal-access:before{content:"\f29a"}.fa-university:before{content:"\f19c"}.fa-unlink:before{content:"\f127"}.fa-unlock:before{content:"\f09c"}.fa-unlock-alt:before{content:"\f13e"}.fa-untappd:before{content:"\f405"}.fa-upload:before{content:"\f093"}.fa-ups:before{content:"\f7e0"}.fa-usb:before{content:"\f287"}.fa-user:before{content:"\f007"}.fa-user-alt:before{content:"\f406"}.fa-user-alt-slash:before{content:"\f4fa"}.fa-user-astronaut:before{content:"\f4fb"}.fa-user-check:before{content:"\f4fc"}.fa-user-circle:before{content:"\f2bd"}.fa-user-clock:before{content:"\f4fd"}.fa-user-cog:before{content:"\f4fe"}.fa-user-edit:before{content:"\f4ff"}.fa-user-friends:before{content:"\f500"}.fa-user-graduate:before{content:"\f501"}.fa-user-injured:before{content:"\f728"}.fa-user-lock:before{content:"\f502"}.fa-user-md:before{content:"\f0f0"}.fa-user-minus:before{content:"\f503"}.fa-user-ninja:before{content:"\f504"}.fa-user-nurse:before{content:"\f82f"}.fa-user-plus:before{content:"\f234"}.fa-user-secret:before{content:"\f21b"}.fa-user-shield:before{content:"\f505"}.fa-user-slash:before{content:"\f506"}.fa-user-tag:before{content:"\f507"}.fa-user-tie:before{content:"\f508"}.fa-user-times:before{content:"\f235"}.fa-users:before{content:"\f0c0"}.fa-users-cog:before{content:"\f509"}.fa-usps:before{content:"\f7e1"}.fa-ussunnah:before{content:"\f407"}.fa-utensil-spoon:before{content:"\f2e5"}.fa-utensils:before{content:"\f2e7"}.fa-vaadin:before{content:"\f408"}.fa-vector-square:before{content:"\f5cb"}.fa-venus:before{content:"\f221"}.fa-venus-double:before{content:"\f226"}.fa-venus-mars:before{content:"\f228"}.fa-viacoin:before{content:"\f237"}.fa-viadeo:before{content:"\f2a9"}.fa-viadeo-square:before{content:"\f2aa"}.fa-vial:before{content:"\f492"}.fa-vials:before{content:"\f493"}.fa-viber:before{content:"\f409"}.fa-video:before{content:"\f03d"}.fa-video-slash:before{content:"\f4e2"}.fa-vihara:before{content:"\f6a7"}.fa-vimeo:before{content:"\f40a"}.fa-vimeo-square:before{content:"\f194"}.fa-vimeo-v:before{content:"\f27d"}.fa-vine:before{content:"\f1ca"}.fa-virus:before{content:"\f974"}.fa-virus-slash:before{content:"\f975"}.fa-viruses:before{content:"\f976"}.fa-vk:before{content:"\f189"}.fa-vnv:before{content:"\f40b"}.fa-voicemail:before{content:"\f897"}.fa-volleyball-ball:before{content:"\f45f"}.fa-volume-down:before{content:"\f027"}.fa-volume-mute:before{content:"\f6a9"}.fa-volume-off:before{content:"\f026"}.fa-volume-up:before{content:"\f028"}.fa-vote-yea:before{content:"\f772"}.fa-vr-cardboard:before{content:"\f729"}.fa-vuejs:before{content:"\f41f"}.fa-walking:before{content:"\f554"}.fa-wallet:before{content:"\f555"}.fa-warehouse:before{content:"\f494"}.fa-water:before{content:"\f773"}.fa-wave-square:before{content:"\f83e"}.fa-waze:before{content:"\f83f"}.fa-weebly:before{content:"\f5cc"}.fa-weibo:before{content:"\f18a"}.fa-weight:before{content:"\f496"}.fa-weight-hanging:before{content:"\f5cd"}.fa-weixin:before{content:"\f1d7"}.fa-whatsapp:before{content:"\f232"}.fa-whatsapp-square:before{content:"\f40c"}.fa-wheelchair:before{content:"\f193"}.fa-whmcs:before{content:"\f40d"}.fa-wifi:before{content:"\f1eb"}.fa-wikipedia-w:before{content:"\f266"}.fa-wind:before{content:"\f72e"}.fa-window-close:before{content:"\f410"}.fa-window-maximize:before{content:"\f2d0"}.fa-window-minimize:before{content:"\f2d1"}.fa-window-restore:before{content:"\f2d2"}.fa-windows:before{content:"\f17a"}.fa-wine-bottle:before{content:"\f72f"}.fa-wine-glass:before{content:"\f4e3"}.fa-wine-glass-alt:before{content:"\f5ce"}.fa-wix:before{content:"\f5cf"}.fa-wizards-of-the-coast:before{content:"\f730"}.fa-wolf-pack-battalion:before{content:"\f514"}.fa-won-sign:before{content:"\f159"}.fa-wordpress:before{content:"\f19a"}.fa-wordpress-simple:before{content:"\f411"}.fa-wpbeginner:before{content:"\f297"}.fa-wpexplorer:before{content:"\f2de"}.fa-wpforms:before{content:"\f298"}.fa-wpressr:before{content:"\f3e4"}.fa-wrench:before{content:"\f0ad"}.fa-x-ray:before{content:"\f497"}.fa-xbox:before{content:"\f412"}.fa-xing:before{content:"\f168"}.fa-xing-square:before{content:"\f169"}.fa-y-combinator:before{content:"\f23b"}.fa-yahoo:before{content:"\f19e"}.fa-yammer:before{content:"\f840"}.fa-yandex:before{content:"\f413"}.fa-yandex-international:before{content:"\f414"}.fa-yarn:before{content:"\f7e3"}.fa-yelp:before{content:"\f1e9"}.fa-yen-sign:before{content:"\f157"}.fa-yin-yang:before{content:"\f6ad"}.fa-yoast:before{content:"\f2b1"}.fa-youtube:before{content:"\f167"}.fa-youtube-square:before{content:"\f431"}.fa-zhihu:before{content:"\f63f"}.sr-only{border:0;clip:rect(0,0,0,0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.sr-only-focusable:active,.sr-only-focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}@font-face{font-family:"Font Awesome 5 Brands";font-style:normal;font-weight:400;font-display:block;src:url(/css/fonts/awesome5/fa-brands-400.eot);src:url(/css/fonts/awesome5/fa-brands-400.eot?#iefix) format("embedded-opentype"),url(/css/fonts/awesome5/fa-brands-400.woff2) format("woff2"),url(/css/fonts/awesome5/fa-brands-400.woff) format("woff"),url(/css/fonts/awesome5/fa-brands-400.ttf) format("truetype"),url(/css/fonts/awesome5/fa-brands-400.svg#fontawesome) format("svg")}.fab{font-family:"Font Awesome 5 Brands"}@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:400;font-display:block;src:url(/css/fonts/awesome5/fa-regular-400.eot);src:url(/css/fonts/awesome5/fa-regular-400.eot?#iefix) format("embedded-opentype"),url(/css/fonts/awesome5/fa-regular-400.woff2) format("woff2"),url(/css/fonts/awesome5/fa-regular-400.woff) format("woff"),url(/css/fonts/awesome5/fa-regular-400.ttf) format("truetype"),url(/css/fonts/awesome5/fa-regular-400.svg#fontawesome) format("svg")}.fab,.far{font-weight:400}@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:900;font-display:block;src:url(/css/fonts/awesome5/fa-solid-900.eot);src:url(/css/fonts/awesome5/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(/css/fonts/awesome5/fa-solid-900.woff2) format("woff2"),url(/css/fonts/awesome5/fa-solid-900.woff) format("woff"),url(/css/fonts/awesome5/fa-solid-900.ttf) format("truetype"),url(/css/fonts/awesome5/fa-solid-900.svg#fontawesome) format("svg")}.fa,.far,.fas{font-family:"Font Awesome 5 Free"}.fa,.fas{font-weight:900} \ No newline at end of file diff --git a/web/css/fonts/font_lobster.css b/web/css/fonts/font_lobster.css new file mode 100644 index 00000000..29ef5db3 --- /dev/null +++ b/web/css/fonts/font_lobster.css @@ -0,0 +1,7 @@ +@font-face { + font-family: 'Lobster'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(/css/fonts/lobster/neILzCirqoswsqX9_oU.ttf) format('truetype'); +} diff --git a/web/css/fonts/font_sans_pro.css b/web/css/fonts/font_sans_pro.css new file mode 100644 index 00000000..6562e076 --- /dev/null +++ b/web/css/fonts/font_sans_pro.css @@ -0,0 +1,84 @@ +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 200; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokRdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 300; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkhdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(/css/fonts/sanspro/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPa7g.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 600; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lBdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 700; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 900; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklxdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 200; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_AkA.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 300; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zAkA.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(/css/fonts/sanspro/6xK3dSBYKcSV-LCoeQqfX1RYOo3aPw.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkA.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 700; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkA.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 900; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nAkA.ttf) format('truetype'); +} diff --git a/web/css/fonts/lobster/neILzCirqoswsqX9_oU.ttf b/web/css/fonts/lobster/neILzCirqoswsqX9_oU.ttf new file mode 100644 index 00000000..a7f729d3 Binary files /dev/null and b/web/css/fonts/lobster/neILzCirqoswsqX9_oU.ttf differ diff --git a/web/css/fonts/sanspro/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPa7g.ttf b/web/css/fonts/sanspro/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPa7g.ttf new file mode 100644 index 00000000..01223b86 Binary files /dev/null and b/web/css/fonts/sanspro/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPa7g.ttf differ diff --git a/web/css/fonts/sanspro/6xK3dSBYKcSV-LCoeQqfX1RYOo3aPw.ttf b/web/css/fonts/sanspro/6xK3dSBYKcSV-LCoeQqfX1RYOo3aPw.ttf new file mode 100644 index 00000000..5447a5ff Binary files /dev/null and b/web/css/fonts/sanspro/6xK3dSBYKcSV-LCoeQqfX1RYOo3aPw.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lBdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lBdr.ttf new file mode 100644 index 00000000..65a76bfd Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lBdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokRdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokRdr.ttf new file mode 100644 index 00000000..b814440f Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokRdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkhdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkhdr.ttf new file mode 100644 index 00000000..a9a32e42 Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkhdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdr.ttf new file mode 100644 index 00000000..2e10a398 Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklxdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklxdr.ttf new file mode 100644 index 00000000..4bd30ff9 Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklxdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkA.ttf new file mode 100644 index 00000000..9f8a3453 Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkA.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_AkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_AkA.ttf new file mode 100644 index 00000000..3ba2f35b Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_AkA.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkA.ttf new file mode 100644 index 00000000..388869cd Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkA.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zAkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zAkA.ttf new file mode 100644 index 00000000..e9008d32 Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zAkA.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nAkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nAkA.ttf new file mode 100644 index 00000000..9acf5854 Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nAkA.ttf differ diff --git a/web/css/styles.fix.css.map b/web/css/styles.fix.css.map new file mode 100644 index 00000000..c6718a78 --- /dev/null +++ b/web/css/styles.fix.css.map @@ -0,0 +1 @@ +{"version":3,"sourceRoot":"","sources":["styles.fix.scss"],"names":[],"mappings":";AAAA;EACI;EACA;EACA;;;AAMJ;EACI;;;AAGJ;EACI;EACA;EACA;EACA;;;AAGJ;EACI;EACA;;;AAGJ;EACI;EACA;EACA;EACA;;AAOJ;EACI;EACA;EACA;EACA;;AAOJ;EACI;EACA;;;AAGJ;EACI;;;AAGJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EAEA;;AAEA;EACI;EACA;;AAEA;EACI;;AAMR;EACI;;AAEA;EACI;AACA;EACA;EACA;EACA;EACA;EACA;AACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGJ;EACI;EACA;;AAII;EACI;EACA;EACA;;AAEA;EACI;;AAEJ;EACI;;AAMJ;EACI;EACA;EACA;EACA;EACA;;AAQZ;EACI;;AAEA;EACI;;AAIR;EACI;;AAGJ;EACI;;AAKZ;EACI;;;AAQR;EACI;EACA;;AAEA;EACI;;AAEA;EACI;EACA;EAGA;EACA;EACA;EACA;EACA;EACA;EACA;EAyCA;EAEA;AAAwB;EACxB;AAAgC;AAEhC;AAMA;AAKA;;AAVA;EACI;EACA;;AAIJ;EACI;;AAIJ;EACI;;AAIJ;AACI;;AACA;EACI;;AAKR;EAEI;EAKA;EACA;EACA;EACA;EACA;EAGA;EACA;;AAIJ;EACI;;AAEA;EACI;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAQZ;EACI;EACA;;AAII;EACI;;AAEA;EACI;;AAMZ;EACI;EACA;EAEA;EACA;EACA;EACA;EACA;EACA;EAEA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAGJ;EACI;EACA;EACA;EACA;EACA;;AAIR;EACI;;AAEA;EAEI;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EAIA;EAEA;EACA;EACA;EAEA;;AA8BA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EAIA;EAEA;EACA;EACA;EAEA;;AAIR;EACI;EACA;EACA;EACA;;AASR;EACI;;AAKA;EACI;;AAEJ;EAEI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAWxB;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;;AAGJ;EACI;;AAcJ;EACI;EACA;;AAEA;EACI;EACA;EACA;;AAGJ;EACI;;AAiBgB;EACI;EACA;;AAGJ;EACI;;AAqCZ;EACI;;AAmBxB;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EAEI;;AAOI;EACI;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;;AAEA;EACI;;AAUR;EACI;;AAQZ;EACI;EACA;EACA;EACA;EACA;;AAGJ;EACI;;AAGJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAOJ;EACI;;AAYZ;EACI;EACA;EACA;;AAEA;EACI;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;;AAQR;EACI;;AAEA;EACI;;AAGR;EACI;EAEA;;AAEA;EACI;;AAGR;EACI;EACA;;AAEA;EACI;;AAGR;EACI;;AAEA;EACI;;AAGR;EACI;EACA;EACA;;AAEA;EACI;;AAGJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EAEA;EACA;EAEA;EACA;;AAKZ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EAII;EACA;EACA;;AAKZ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGJ;EACI;;AAIR;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAIR;EACI;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAKZ;EACI;EACA;EACA;;AAEJ;EACI;EACA;;AAEA;EACI;;AAUJ;EACI;EACA;EACA;EACA;;AA0BR;EACI;EACA;EACA;EACA;EACA;EACA;EACA;AACA;EACA;EACA;EACA;EACA;EACA;EAQA;EAEA;AAAwB;AAExB;AAKA;AAKA;AAMA;;AAfA;EACI;;AAIJ;EACI;;AAIJ;EACI;EACA;;AAIJ;EACI;EACA;;AAGJ;EACI;;AAIJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;;AAKR;EACI;EACA;EACA;EACA;;AAEA;EACI;EACA;;AAEA;EACI;EACA;EACA;;AAGJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAIA;EACI;;AAKJ;EACI;;AAKJ;EACI;;AAKJ;EACI;;;AA8CxB;EACI;;;AAGJ;EACI;;;AAEJ;EACI;;;AAGJ;EACI;;;AAIJ;EACI;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAQwB;EACI;EACA;EACA;;AAEA;EACI;EACA;AACA;EACA;EACA;EACA;EACA;EACA;AACA;EACA;EACA;EACA;;AAEA;EACI;;AAIZ;EACI;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;;AAGJ;EACI;EACA;EACA;EACA;EACA;;AAKR;EACI;EACA;EACA;EACA;;AAUhC;EACI;;;AAMJ;EACI","file":"styles.fix.css"} \ No newline at end of file diff --git a/web/css/styles.min.css b/web/css/styles.min.css index 302f9c01..d84a6a85 100644 --- a/web/css/styles.min.css +++ b/web/css/styles.min.css @@ -1,168 +1,18 @@ -/* Syntax Quick Reference - -------------------------- - column($ratios: 1, $offset: 0, $cycle: 0, $uncycle: 0, $gutter: $jeet-gutter) - span($ratio: 1, $offset: 0) - shift($ratios: 0, $col_or_span: column, $gutter: $jeet-gutter) - unshift() - edit() - center($max_width: 1410px, $pad: 0) - stack($pad: 0, $align: false) - unstack() - align($direction: both) - cf() -*/ -/** - * Grid settings. - * All values are defaults and can therefore be easily overidden. - */ -/** - * List functions courtesy of the wonderful folks at Team Sass. - * Check out their awesome grid: Singularity. - */ -/** - * Get percentage from a given ratio. - * @param {number} [$ratio=1] - The column ratio of the element. - * @returns {number} - The percentage value. - */ -/** - * Work out the column widths based on the ratio and gutter sizes. - * @param {number} [$ratios=1] - The column ratio of the element. - * @param {number} [$gutter=$jeet-gutter] - The gutter for the column. - * @returns {list} $width $gutter - A list containing the with and gutter for the element. - */ -/** - * Get the set layout direction for the project. - * @returns {string} $direction - The layout direction. - */ -/** - * Replace a specified list value with a new value (uses built in set-nth() if available) - * @param {list} $list - The list of values you want to alter. - * @param {number} $index - The index of the list item you want to replace. - * @param {*} $value - The value you want to replace $index with. - * @returns {list} $list - The list with the value replaced or removed. - * @warn if an invalid index is supplied. - */ -/** - * Reverse a list (progressively enhanced for Sass 3.3) - * @param {list} $list - The list of values you want to reverse. - * @returns {list} $result - The reversed list. - */ -/** - * Get the opposite direction to a given value. - * @param {string} $dir - The direction you want the opposite of. - * @returns {string} - The opposite direction to $dir. - * @warn if an incorrect string is provided. - */ -/** - * Style an element as a column with a gutter. - * @param {number} [$ratios=1] - A width relative to its container as a fraction. - * @param {number} [$offset=0] - A offset specified as a fraction (see $ratios). - * @param {number} [$cycle=0] - Easily create an nth column grid where $cycle equals the number of columns. - * @param {number} [$uncycle=0] - Undo a previous cycle value to allow for a new one. - * @param {number} [$gutter=$jeet-gutter] - Specify the gutter width as a percentage of the containers width. - */ -/** - * An alias for the column mixin. - * @param [$args...] - All arguments get passed through to column(). - */ -/** - * Get the width of a column and nothing else. - * @param {number} [$ratios=1] - A width relative to its container as a fraction. - * @param {number} [$gutter=$jeet-gutter] - Specify the gutter width as a percentage of the containers width. - */ -/** - * Get the gutter size of a column and nothing else. - * @param {number} [ratios=1] - A width relative to its container as a fraction. - * @param {number} [gutter=jeet.gutter] - Specify the gutter width as a percentage of the containers width. - */ -/** - * An alias for the column-width function. - * @param [$args...] - All arguments get passed through to column(). - */ -/** - * An alias for the column-gutter function. - * @param [$args...] - All arguments get passed through to column(). - */ -/** - * Style an element as a column without any gutters for a seamless row. - * @param {number} [$ratios=1] - A width relative to its container as a fraction. - * @param {number} [$offset=0] - A offset specified as a fraction (see $ratios). - * @param {number} [cycle=0] - Easily create an nth column grid where cycle equals the number of columns. - * @param {number} [uncycle=0] - Undo a previous cycle value to allow for a new one. - */ -/** - * Reorder columns without altering the HTML. - * @param {number} [$ratios=0] - Specify how far along you want the element to move. - * @param {string} [$col-or-span=column] - Specify whether the element has a gutter or not. - * @param {number} [$gutter=$jeet-gutter] - Specify the gutter width as a percentage of the containers width. - */ -/** - * Reset an element that has had shift() applied to it. - */ -/** - * View the grid and its layers for easy debugging. - * @param {string} [$color=black] - The background tint applied. - * @param {boolean} [$important=false] - Whether to apply the style as !important. - */ -/** - * Alias for edit(). - */ -/** - * Horizontally center an element. - * @param {number} [$max-width=1410px] - The max width the element can be. - * @param {number} [$pad=0] - Specify the element's left and right padding. - */ -/** - * Uncenter an element. - */ -/** - * Stack an element so that nothing is either side of it. - * @param {number} [$pad=0] - Specify the element's left and right padding. - * @param {boolean/string} [$align=false] - Specify the text align for the element. - */ -/** - * Unstack an element. - */ -/** - * Center an element on either or both axes. - * @requires A parent container with relative positioning. - * @param {string} [$direction=both] - Specify which axes to center the element on. - */ -/** - * Apply a clearfix to an element. - */ -/* ========================================================================== - Normalize.scss settings - ========================================================================== */ -/** - * Includes legacy browser support IE6/7 - * - * Set to false if you want to drop support for IE6 and IE7 - */ -/* Base - ========================================================================== */ -/** - * 1. Set default font family to sans-serif. - * 2. Prevent iOS text size adjust after orientation change, without disabling - * user zoom. - * 3. Corrects text resizing oddly in IE 6/7 when body `font-size` is set using - * `em` units. - */ html { - font-family: sans-serif; - /* 1 */ - -ms-text-size-adjust: 100%; - /* 2 */ - -webkit-text-size-adjust: 100%; - /* 2 */ + font-family: sans-serif; + /* 1 */ + -ms-text-size-adjust: 100%; + /* 2 */ + -webkit-text-size-adjust: 100%; + /* 2 */ } /** * Remove default margin. */ body { - margin: 0; - background-color: #fff; + margin: 0; + background-color: #fff; } /* HTML5 display definitions @@ -173,34 +23,19 @@ body { * and Firefox. * Correct `block` display not defined for `main` in IE 11. */ -article, -aside, -details, -figcaption, -figure, -footer, -header, -hgroup, -main, -menu, -nav, -section, -summary { - display: block; +article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { + display: block; } /** * 1. Correct `inline-block` display not defined in IE 6/7/8/9 and Firefox 3. * 2. Normalize vertical alignment of `progress` in Chrome, Firefox, and Opera. */ -audio, -canvas, -progress, -video { - display: inline-block; - /* 1 */ - vertical-align: baseline; - /* 2 */ +audio, canvas, progress, video { + display: inline-block; + /* 1 */ + vertical-align: baseline; + /* 2 */ } /** @@ -208,61 +43,55 @@ video { * Remove excess height in iOS 5 devices. */ audio:not([controls]) { - display: none; - height: 0; + display: none; + height: 0; } /** * Address `[hidden]` styling not present in IE 8/9/10. * Hide the `template` element in IE 8/9/11, Safari, and Firefox < 22. */ -[hidden], -template { - display: none; +[hidden], template, .hidden { + display: none; } -.hidden { - display: none; -} /* Links ========================================================================== */ /** * Remove the gray background color from active links in IE 10. */ a { - background-color: transparent; + background-color: transparent; +} +a:active, a:hover { + outline: 0; } /** * Improve readability when focused and also mouse hovered in all browsers. */ -a:active, a:hover { - outline: 0; -} - /* Text-level semantics ========================================================================== */ /** * Address styling not present in IE 8/9/10/11, Safari, and Chrome. */ abbr[title] { - border-bottom: 1px dotted; + border-bottom: 1px dotted; } /** * Address style set to `bolder` in Firefox 4+, Safari, and Chrome. */ -b, -strong { - font-weight: bold; - color: #5f5f5f; +b, strong { + font-weight: bold; + color: #5f5f5f; } /** * Address styling not present in Safari and Chrome. */ dfn { - font-style: italic; + font-style: italic; } /** @@ -270,42 +99,45 @@ dfn { * contexts in Firefox 4+, Safari, and Chrome. */ h1 { - font-size: 2em; - margin: 0.67em 0; + font-size: 2em; + margin: 0.67em 0; } /** * Addresses styling not present in IE 8/9. */ mark { - background: #ff0; - color: #000; + background: #ff0; + color: #000; } /** * Address inconsistent and variable font size in all browsers. */ small { - font-size: 80%; + font-size: 80%; } /** * Prevent `sub` and `sup` affecting `line-height` in all browsers. */ -sub, -sup { - font-size: 75%; - line-height: 0; - position: relative; - vertical-align: baseline; +sub { + font-size: 75%; + line-height: 0; + position: relative; + vertical-align: baseline; } sup { - top: -0.5em; + font-size: 75%; + line-height: 0; + position: relative; + vertical-align: baseline; + top: -0.5em; } sub { - bottom: -0.25em; + bottom: -0.25em; } /* Embedded content @@ -315,14 +147,14 @@ sub { * 2. Improves image quality when scaled in IE 7. */ img { - border: 0; + border: 0; } /** * Correct overflow not hidden in IE 9/10/11. */ svg:not(:root) { - overflow: hidden; + overflow: hidden; } /* Grouping content @@ -331,34 +163,31 @@ svg:not(:root) { * Address margin not present in IE 8/9 and Safari. */ figure { - margin: 1em 40px; + margin: 1em 40px; } /** * Address differences between Firefox and other browsers. */ hr { - box-sizing: content-box; - height: 0; + box-sizing: content-box; + height: 0; } /** * Contain overflow in all browsers. */ pre { - overflow: auto; + overflow: auto; } /** * Address odd `em`-unit font size rendering in all browsers. * Correct font family set oddly in IE 6, Safari 4/5, and Chrome. */ -code, -kbd, -pre, -samp { - font-family: monospace, monospace; - font-size: 1em; +code, kbd, pre, samp { + font-family: monospace, monospace; + font-size: 1em; } /* Forms @@ -374,24 +203,23 @@ samp { * 3. Address margins set differently in Firefox 4+, Safari, and Chrome. * 4. Improves appearance and consistency in all browsers. */ -button, -input, -optgroup, -select, -textarea { - color: inherit; - /* 1 */ - font: inherit; - /* 2 */ - margin: 0; - /* 3 */ +button, input, optgroup, select, textarea { + color: inherit; + /* 1 */ + font: inherit; + /* 2 */ + margin: 0; + /* 3 */ } /** * Address `overflow` set to `hidden` in IE 8/9/10/11. */ button { - overflow: visible; + overflow: visible; + text-transform: none; + /*color: transparent !important;*/ + text-shadow: 0 0 0 #555 !important; } /** @@ -400,11 +228,10 @@ button { * Correct `button` style inheritance in Firefox, IE 8/9/10/11, and Opera. * Correct `select` style inheritance in Firefox. */ -button, select { - text-transform: none; - /*color: transparent !important;*/ - text-shadow: 0 0 0 #555 !important; + text-transform: none; + /*color: transparent !important;*/ + text-shadow: 0 0 0 #555 !important; } /** @@ -416,93 +243,92 @@ select { * 4. Removes inner spacing in IE 7 without affecting normal text inputs. * Known issue: inner spacing remains in IE 6. */ -button, -html input[type="button"], -input[type="reset"], -input[type="submit"] { - -webkit-appearance: button; - /* 2 */ - cursor: pointer; - /* 3 */ +button, html input[type=button] { + -webkit-appearance: button; + /* 2 */ + cursor: pointer; + /* 3 */ +} + +input[type=reset], input[type=submit] { + -webkit-appearance: button; + /* 2 */ + cursor: pointer; + /* 3 */ } /** * Re-set default cursor for disabled elements. */ -button[disabled], -html input[disabled] { - cursor: default; +button[disabled], html input[disabled] { + cursor: default; } /** * Remove inner padding and border in Firefox 4+. */ -button::-moz-focus-inner, +button::-moz-focus-inner { + border: 0; + padding: 0; +} + +input { + line-height: normal; +} input::-moz-focus-inner { - border: 0; - padding: 0; + border: 0; + padding: 0; +} +input[type=checkbox], input[type=radio] { + box-sizing: border-box; + /* 1 */ + padding: 0; + /* 2 */ +} +input[type=number]::-webkit-inner-spin-button, input[type=number]::-webkit-outer-spin-button { + height: auto; +} +input[type=search] { + -webkit-appearance: textfield; + /* 1 */ + /* 2 */ + box-sizing: content-box; +} +input[type=search]::-webkit-search-cancel-button, input[type=search]::-webkit-search-decoration { + -webkit-appearance: none; } /** * Address Firefox 4+ setting `line-height` on `input` using `!important` in * the UA stylesheet. */ -input { - line-height: normal; -} - /** * 1. Address box sizing set to `content-box` in IE 8/9/10. * 2. Remove excess padding in IE 8/9/10. * Known issue: excess padding remains in IE 6. */ -input[type="checkbox"], -input[type="radio"] { - box-sizing: border-box; - /* 1 */ - padding: 0; - /* 2 */ -} - /** * Fix the cursor style for Chrome's increment/decrement buttons. For certain * `font-size` values of the `input`, it causes the cursor style of the * decrement button to change from `default` to `text`. */ -input[type="number"]::-webkit-inner-spin-button, -input[type="number"]::-webkit-outer-spin-button { - height: auto; -} - /** * 1. Address `appearance` set to `searchfield` in Safari and Chrome. * 2. Address `box-sizing` set to `border-box` in Safari and Chrome * (include `-moz` to future-proof). */ -input[type="search"] { - -webkit-appearance: textfield; - /* 1 */ - /* 2 */ - box-sizing: content-box; -} - /** * Remove inner padding and search cancel button in Safari and Chrome on OS X. * Safari (but not Chrome) clips the cancel button when the search input has * padding (and `textfield` appearance). */ -input[type="search"]::-webkit-search-cancel-button, -input[type="search"]::-webkit-search-decoration { - -webkit-appearance: none; -} - /** * Define consistent border, margin, and padding. */ fieldset { - border: 1px solid #c0c0c0; - margin: 0 2px; - padding: 0.35em 0.625em 0.75em; + border: 1px solid #c0c0c0; + margin: 0 2px; + padding: 0.35em 0.625em 0.75em; } /** @@ -512,17 +338,17 @@ fieldset { * 4. Corrects alignment displayed oddly in IE 6/7. */ legend { - border: 0; - /* 1 */ - padding: 0; - /* 2 */ + border: 0; + /* 1 */ + padding: 0; + /* 2 */ } /** * Remove default vertical scrollbar in IE 8/9/10/11. */ textarea { - overflow: auto; + overflow: auto; } /** @@ -530,7 +356,7 @@ textarea { * NOTE: the default cannot safely be changed in Chrome and Safari on OS X. */ optgroup { - font-weight: bold; + font-weight: bold; } /* Tables @@ -539,2249 +365,2248 @@ optgroup { * Remove most spacing between table cells. */ table { - border-collapse: collapse; - border-spacing: 0; + border-collapse: collapse; + border-spacing: 0; } -td, -th { - padding: 0; +td, th { + padding: 0; } * { - -webkit-tap-highlight-color: transparent; + -webkit-tap-highlight-color: transparent; } body { -/* -webkit-touch-callout: none; - -webkit-text-size-adjust: none; - -webkit-user-select: none; */ + /* -webkit-touch-callout: none; + -webkit-text-size-adjust: none; + -webkit-user-select: none; */ } -html, -input, -textarea, -select, -button { - -webkit-font-smoothing: antialiased; - -moz-osx-font-smoothing: grayscale; +html, input, textarea, select, button { + -webkit-font-smoothing: antialiased; + -moz-osx-font-smoothing: grayscale; } html { - height: 100%; + height: 100%; } body { - font-family: arial; - overflow-x: hidden; - font-size: 14px; - height: 100%; - color: #929292; + font-family: arial; + overflow-x: hidden; + font-size: 14px; + height: 100%; + color: #929292; } .body-login, .body-reset { - height: auto; - padding-top: 10%; - /*background: url(/images/edit_bg.png);*/ - background-color: #eee; + height: auto; + padding-top: 10%; + /*background: url(/images/edit_bg.png);*/ + background-color: #eee; } a { - text-decoration: none; - color: #929292; + text-decoration: none; + color: #929292; } .disabled { - text-decoration: line-through; + text-decoration: line-through; } -.clearfix:before, -.clearfix:after { - content: ''; - display: table; +.clearfix:before { + content: ""; + display: table; } - .clearfix:after { - clear: both; + content: ""; + display: table; + clear: both; } .text-right { - text-align: right; + text-align: right; } .text-center { - text-align: center; + text-align: center; } .check-label { - display: inline-block; - cursor: pointer; - position: relative; - line-height: 16px; - padding-left: 26px; + display: inline-block; + cursor: pointer; + position: relative; + line-height: 16px; + padding-left: 26px; } - .check-label:before { - content: ''; - width: 16px; - height: 16px; - position: absolute; - left: 0; - top: 0; - display: inline-block; - background-image: url("/images/sprite.png?1446554103"); - background-size: 450px auto; - background-repeat: no-repeat; - background-position: -232px -9px; - z-index: 99; + content: ""; + width: 16px; + height: 16px; + position: absolute; + left: 0; + top: 0; + display: inline-block; + background-image: url("/images/sprite.png?1446554104"); + background-size: 450px auto; + background-repeat: no-repeat; + background-position: -232px -9px; + z-index: 99; } -input[type="checkbox"] { - display: none; +input[type=checkbox] { + display: none; } -.clicked-on.check-label:before, -.selected .check-label:before { - content: ''; - display: inline-block; - width: 27px; - height: 27px; - background-position: -225px -42px; - left: -6px; - top: -6px; + +.clicked-on.check-label:before, .selected .check-label:before { + content: ""; + display: inline-block; + width: 27px; + height: 27px; + background-position: -225px -42px; + left: -6px; + top: -6px; } .l-center { - margin: 0 auto; - max-width: 998px; + margin: 0 auto; + max-width: 998px; } .l-logo { - background-image: url("/images/sprite.png?1446554103"); - background-position: -117px -7px; -/* background-position: -125px -478px; */ - background-repeat: no-repeat; - display: inline-block; - float: left; - height: 22px; - margin-top: 4px; - width: 73px; -/* width: 42px; */ - margin-left: -2px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -117px -7px; + /* background-position: -125px -478px; */ + background-repeat: no-repeat; + display: inline-block; + float: left; + height: 22px; + margin-top: 4px; + width: 73px; + /* width: 42px; */ + margin-left: -2px; } .l-header { - background-color: #5d5d5d; - overflow: hidden; - margin-bottom: 28px; - position: fixed; - width: 100%; - z-index: 100; - height: 34px + background-color: #5d5d5d; + overflow: hidden; + margin-bottom: 28px; + position: fixed; + width: 100%; + z-index: 100; + height: 34px; } .l-header a { - font-size: 12px; -} - -.l-menu__item--active { - //background-color: #fff; + font-size: 12px; } .l-menu__item.l-menu__item--active a { - color: #ff6701; - font-size: 10px; - font-weight: bold; - text-transform: uppercase; - background-color: #fff; + color: #9c8cff; + font-size: 10px; + font-weight: bold; + text-transform: uppercase; + background-color: #fff; } .l-menu { - float: left; - position: fixed; - margin-left: 70px; + float: left; + position: fixed; + margin-left: 70px; } + .l-menu__item { - float: left; + float: left; } .l-menu__item a { - color: #f7f7f7; - position: relative; - line-height: 34px; - padding: 11px 18px; + color: #f7f7f7; + position: relative; + line-height: 34px; + padding: 11px 18px; } .l-menu__item a:hover { - background-color: #f79b44; - color: #fff; + background-color: #f79b44; + color: #fff; } .l-menu__item a:active { - color: #fff; - background-color: #ff6701; + color: #fff; + background-color: #9c8cff; } .l-menu.active .l-menu__item.focus a { - text-decoration: underline; - color: #5edad0; + text-decoration: underline; + color: #5edad0; } .l-menu.active .l-menu__item.focus a:hover { - background-color: #f79b44; - color: #fff; + background-color: #f79b44; + color: #fff; } +.lang-ua .l-menu__item a, .lang-nl .l-menu__item a, .lang-fr .l-menu__item a, .lang-ru .l-menu__item a { + padding: 11px 18px; +} -.lang-ua .l-menu__item a, -.lang-nl .l-menu__item a, -.lang-fr .l-menu__item a, -.lang-ru .l-menu__item a { - padding: 11px 18px; -} -.lang-el .l-menu__item a, -.lang-tr .l-menu__item a { - padding: 11px 15px; +.lang-el .l-menu__item a, .lang-tr .l-menu__item a { + padding: 11px 15px; } + .lang-ar .l-menu__item a { - padding: 11px 11px; -} -.lang-ar .l-menu__item a { - line-height: 35px; + padding: 11px 11px; + line-height: 35px; } .lang-de .l-menu__item a { - padding: 11px 12px; + padding: 11px 12px; } .lang-tw .l-menu__item a { - padding: 13px 18px; + padding: 13px 18px; } .l-profile { - overflow: hidden; - float: right; + overflow: hidden; + float: right; } + .l-profile__username { - float: left; - color: #a4abad; - font-weight: 700; - padding: 10px 0 0 10px; - margin-right: 12px; + float: left; + color: #a4abad; + font-weight: 700; + padding: 10px 0 0 10px; + margin-right: 12px; } .l-profile__username:hover { - color: #ffd62e; + color: #ffd62e; } .l-profile__username:active { - color: #f79b44; + color: #f79b44; } - .l-profile__logout { - float: left; - color: #fff; -/* margin-left: 40px; */ - padding: 10px 0 0 10px; + float: left; + color: #fff; + /* margin-left: 40px; */ + padding: 10px 0 0 10px; } .l-profile__logout:hover { - color: #C0E60E; + color: #C0E60E; } .l-profile__logout:active { - color: #ffd62e; + color: #ffd62e; } -.lang-cn .l-profile__logout { - padding: 8px 5px; -} -.lang-tw .l-profile__logout { - padding: 8px 5px; + +.lang-cn .l-profile__logout, .lang-tw .l-profile__logout { + padding: 8px 5px; } .l-profile__notifications { - background: url("/images/sprite.png?1446554103") no-repeat scroll -129px -135px; - border-radius: 30px; - color: #fff; - cursor: pointer; - float: left; - font-weight: bold; - height: 15px; - margin-right: 4px; - margin-top: 5px; - padding: 10px 5px 0; - width: 15px; + background: url("/images/sprite.png?1446554104") no-repeat scroll -129px -135px; + border-radius: 30px; + color: #fff; + cursor: pointer; + float: left; + font-weight: bold; + height: 15px; + margin-right: 4px; + margin-top: 5px; + padding: 10px 5px 0; + width: 15px; } .l-profile__notifications.active { - background-color: #454545; + background-color: #454545; } .l-profile__notifications:hover { - background-color: #333; + background-color: #333; } .l-profile__notifications:active { - background-color: #c4da5e; + background-color: #c4da5e; } .l-profile__notifications.updates { - background-position: -202px -135px; + background-position: -202px -135px; } .notification-container { - background-color: #454545; - box-shadow: 0 2px 7px 0 rgba(0, 0, 0, 0.3); - list-style-type: none; - margin: 0; - overflow: hidden; - padding-left: 0; - position: fixed; - top: 34px; - width: 351px; - z-index: 200; - font-size: 12px; - padding: 0; - color: #7f7f7f; + background-color: #454545; + box-shadow: 0 2px 7px 0 rgba(0, 0, 0, 0.3); + list-style-type: none; + margin: 0; + overflow: hidden; + padding-left: 0; + position: fixed; + top: 34px; + width: 351px; + z-index: 200; + font-size: 12px; + padding: 0; + color: #7f7f7f; } .notification-container .unseen { - color: #ABABAB; + color: #ABABAB; } - - .notification-container li { - border-bottom: 1px solid #555; - padding: 10px 15px 24px; + border-bottom: 1px solid #555; + padding: 10px 15px 24px; } .notification-container .mark-seen { - background-color: #abc04b; - border: 2px solid #454545; - border-radius: 10px; - cursor: pointer; - display: none; - float: right; - height: 7px; - margin-right: -5px; - margin-top: 0; - width: 7px; + background-color: #abc04b; + border: 2px solid #454545; + border-radius: 10px; + cursor: pointer; + display: none; + float: right; + height: 7px; + margin-right: -5px; + margin-top: 0; + width: 7px; } .notification-container .mark-seen:hover { - background-color: #333; - border-color: #abc04b; + background-color: #333; + border-color: #abc04b; } .notification-container .mark-seen:active { - background-color: #777; - border-color: #777; + background-color: #777; + border-color: #777; } -.notification-container .unseen .mark-seen{ - display: inline-block; +.notification-container .unseen .mark-seen { + display: inline-block; } .notification-container .title { - color: #9e9e9e; - font-weight: bold; - line-height: 30px; - padding: 0; - text-transform: none; - float: none; - display: block; + color: #9e9e9e; + font-weight: bold; + line-height: 30px; + padding: 0; + text-transform: none; + float: none; + display: block; } .notification-container .title a { - color: #9e9e9e; + color: #9e9e9e; } - -.notification-container .unseen .title a, .notification-container .unseen .title { - color: #C4DA5E; + color: #C4DA5E; +} +.notification-container .unseen .title a { + color: #C4DA5E; } .notification-container .unseen .title a:hover { - color: #ffcc00; + color: #ffcc00; } .notification-container .unseen .title a:active { - color: #dacf2e; + color: #dacf2e; } - .notification-container a { - color: #5ABDB5;/* #eee;*/ + color: #5ABDB5; + /* #eee;*/ } .notification-container a:hover { - color: #2CA99B; + color: #2CA99B; } .notification-container a:active { - color: #00C0C0; + color: #00C0C0; } - .notification-container .icon { - display: inline-block; - width: 0; + display: inline-block; + width: 0; } .notification-container .icon.filemanager { - display: inline-block; - width: 22px; - background: url("/images/flat_icons.png") repeat scroll -31px -100px; + display: inline-block; + width: 22px; + background: url("/images/flat_icons.png") repeat scroll -31px -100px; } .notification-container .icon.starred { - display: inline-block; - width: 21px; - background: url("/images/sprite.png?1446554103") repeat scroll -184px 556px; + display: inline-block; + width: 21px; + background: url("/images/sprite.png?1446554104") repeat scroll -184px 556px; } - - .l-stat { - margin: 0 auto; - margin: 34px auto; - position: fixed; - background-color: #fff; - z-index: 100; - padding-top: 30px; - width: 100%; - overflow: hidden; + margin: 0 auto; + margin: 34px auto; + position: fixed; + background-color: #fff; + z-index: 100; + padding-top: 30px; + width: 100%; + overflow: hidden; } + .l-stat__col { - display: block; - vertical-align: top; - float: left; + display: block; + vertical-align: top; + float: left; } .l-stat__col a { - display: inline-block; - padding-bottom: 36px; - min-height: 111px; - width: 138px; - border-bottom: 3px solid #fff; - overflow: hidden; - background-color: #fff; - padding-top: 3px; - margin-top: -3px; - padding-left: 5px; + display: inline-block; + padding-bottom: 36px; + min-height: 111px; + width: 138px; + border-bottom: 3px solid #fff; + overflow: hidden; + background-color: #fff; + padding-top: 3px; + margin-top: -3px; + padding-left: 5px; } .l-stat__col a:hover { - border-bottom: 3px solid #ff8e61; + border-bottom: 3px solid #ff8e61; } .l-stat__col a:active { - border-bottom: 3px solid #f72b44; + border-bottom: 3px solid #796cc7; } + .l-stat__col--active a { - border-bottom: 3px solid #ff6e42; + border-bottom: 3px solid #ff6e42; } .l-stat.active .l-stat__col.focus a { - border-bottom: 3px solid #5edad0; + border-bottom: 3px solid #5edad0; } .l-stat.active .l-stat__col.focus a .l-stat__col-title { - color: #36B3A9; + color: #36B3A9; } - - .l-stat__col a:hover .l-stat__col-title { - color: #ff6701; + color: #9c8cff; } .l-stat__col a:active .l-stat__col-title { - color: #f72b44; + color: #796cc7; } - - .l-stat__col ul { - list-style-type: none; - font-size: 12px; - padding-left: 0; + list-style-type: none; + font-size: 12px; + padding-left: 0; } .l-stat__col li { - color: #a0a0a0; - margin-bottom: 8px; - text-transform: lowercase; + color: #a0a0a0; + margin-bottom: 8px; + text-transform: lowercase; } .l-stat__col span { - padding-left: 15px; -} -.l-stat__col-title { - text-transform: uppercase; - font-weight: 700; - color: #212134; - min-height: 21px; -} -.l-stat__col--active .l-stat__col-title { - color: #ff6701; - font-size: 24px; - margin-top: -7px; - letter-spacing: -1px; - margin-right: -8px; + padding-left: 15px; +} + +.l-stat__col-title { + text-transform: uppercase; + font-weight: 700; + color: #212134; + min-height: 21px; +} + +.l-stat__col--active .l-stat__col-title { + color: #9c8cff; + font-size: 24px; + margin-top: -7px; + letter-spacing: -1px; + margin-right: -8px; } -.l-separator.selected, .l-separator { - height: 1px; - background-color: #ddd; + height: 1px; + background-color: #ddd; +} +.l-separator.selected { + height: 1px; + background-color: #ddd; } div.l-content > div.l-separator:nth-of-type(2) { - margin-top: 214px; - width: 100%; - position: fixed; - z-index: 120; + margin-top: 214px; + width: 100%; + position: fixed; + z-index: 120; } - div.l-content > div.l-separator:nth-of-type(4) { - margin-top: 259px; - width: 100%; - position: fixed; - z-index: 100; + margin-top: 259px; + width: 100%; + position: fixed; + z-index: 100; } .l-sort { - position: fixed; - width: 998px; - background-color: #fff; - z-index: 110; - margin-top: 215px; + position: fixed; + width: 998px; + background-color: #fff; + z-index: 110; + margin-top: 215px; } + .l-sort__create-btn { - background-image: url("/images/sprite.png?1446554103"); - background-position: -331px -107px; - background-repeat: no-repeat; - bottom: -23px; - display: inline-block; - height: 45px; - left: 30px; - position: absolute; - width: 45px; - z-index: 3; + background-image: url("/images/sprite.png?1446554104"); + background-position: -331px -107px; + background-repeat: no-repeat; + bottom: -23px; + display: inline-block; + height: 45px; + left: 30px; + position: absolute; + width: 45px; + z-index: 3; } .l-sort__create-btn:hover { - background-position: -378px -107px; + background-position: -378px -107px; } .l-sort__create-btn:active { - background-position: -425px -107px; + background-position: -425px -107px; } + .l-sort__create-btn--active { - background-position: -425px -107px; + background-position: -425px -107px; } .l-sort__create-btn.restore { - background-position: -331px -250px; - bottom: -22px; + background-position: -331px -250px; + bottom: -22px; } -.l-sort__create-btn.restore:hover { - background-position: -331px -250px; +.l-sort__create-btn.restore:hover, .l-sort__create-btn.restore:active { + background-position: -331px -250px; } -.l-sort__create-btn.restore:active { - background-position: -331px -250px; -} - .l-sort__create-btn.edit { - background-position: -331px -154px; - bottom: -22px; + background-position: -331px -154px; + bottom: -22px; } .l-sort__create-btn.edit:hover { - background-position: -378px -154px; + background-position: -378px -154px; } .l-sort__create-btn.edit:active { - background-position: -425px -154px; + background-position: -425px -154px; } .context-menu.sort-order { - display: inline-block; - position: absolute; - z-index: 3; - left: 397px; - margin: 0; - overflow: hidden; - top: 42px; - width: 201px; - background-color: #5c5c5c; - list-style-type: none; - padding-left: 0; - box-shadow: 0 2px 7px 0 rgba(0, 0, 0, 0.3); + display: inline-block; + position: absolute; + z-index: 3; + left: 397px; + margin: 0; + overflow: hidden; + top: 42px; + width: 201px; + background-color: #5c5c5c; + list-style-type: none; + padding-left: 0; + box-shadow: 0 2px 7px 0 rgba(0, 0, 0, 0.3); } .context-menu.sort-order li { - padding: 0; + padding: 0; } .context-menu li { - border-bottom: 1px solid #777; - color: #fff; - cursor: pointer; - font-size: 12px; - padding: 12px; + border-bottom: 1px solid #777; + color: #fff; + cursor: pointer; + font-size: 12px; + padding: 12px; } .context-menu.sort-order span.name { - background: url("/images/sprite.png?1446554103") no-repeat scroll -292px -361px rgba(0, 0, 0, 0); - display: inline-block; - padding: 12px 28px 12px 12px; - width: 117px; - text-transform: uppercase; - font-weight: bold; + background: url("/images/sprite.png?1446554104") no-repeat scroll -292px -361px rgba(0, 0, 0, 0); + display: inline-block; + padding: 12px 28px 12px 12px; + width: 117px; + text-transform: uppercase; + font-weight: bold; } .context-menu.sort-order span.up { - background: url("/images/sprite.png?1446554103") no-repeat scroll -434px -417px rgba(0, 0, 0, 0); - display: inline-block; - padding: 12px 14px; - width: 16px; + background: url("/images/sprite.png?1446554104") no-repeat scroll -434px -417px rgba(0, 0, 0, 0); + display: inline-block; + padding: 12px 14px; + width: 16px; } .context-menu.sort-order span.active { - background-color: #FFD437; - color: #555; + background-color: #FFD437; + color: #555; } .context-menu.sort-order span:hover { - background-color: #777; - color: #fff; + background-color: #777; + color: #fff; } .context-menu.sort-order span:active { - background-color: #ffcc00; + background-color: #ffcc00; } - - - .l-sort-toolbar { - float: right; - padding: 7px 0 7px 0; - width: 100%; + float: right; + padding: 7px 0 7px 0; + width: 100%; } -.l-sort-toolbar table{ - float: right; +.l-sort-toolbar table { + float: right; } - .l-sort-toolbar td.toggle-all { - padding-top: 7px; - padding-right: 20px; + padding-top: 7px; + padding-right: 20px; } - .l-sort-toolbar .sort-by { - cursor: pointer; - padding-top: 7px; - padding-left: 40px; + cursor: pointer; + padding-top: 7px; + padding-left: 40px; } .l-sort-toolbar .sort-by:hover { - color: #555; + color: #555; } .l-sort-toolbar .sort-by:hover b { - color: #555; + color: #555; } .l-sort-toolbar .sort-by:active { - color: #55c9c0; + color: #23b7e5; } .l-sort-toolbar .sort-by:active b { - color: #55c9c0; + color: #23b7e5; } - .l-sort-toolbar .sort-by b { - text-transform: uppercase; - padding-left: 3px; - font-size: 12px; + text-transform: uppercase; + padding-left: 3px; + font-size: 12px; } - .l-sort-toolbar .toggle-all:hover { - color: #555; + color: #555; } .l-sort-toolbar .toggle-all:active { - color: #55c9c0; + color: #23b7e5; } - .l-sort-toolbar .l-select { - float: left; + float: left; } .l-sort-toolbar td { - vertical-align: middle; + vertical-align: middle; } - -.l-sort-toolbar.subtitle { - padding-left: 96px; +.l-sort-toolbar.subtitle { + padding-left: 96px; } - - .l-sort-toolbar td:first-of-type { - padding-left: 40px; + padding-left: 40px; } - - .l-sort-toolbar td.step-right:first-of-type { - padding-right: 20px; + padding-right: 20px; } - .l-sort-toolbar td:nth-of-type(2) { -/* /// padding-right: 60px;*/ - padding-right: 20px; + /* /// padding-right: 60px;*/ + padding-right: 20px; } .l-sort-toolbar td:last-of-type { -/* /// padding-left: 40px; */ + /* /// padding-left: 40px; */ } + .l-sort-toolbar__filter-apply { - float: left; - width: 30px; - height: 30px; - background-image: url("/images/sprite.png?1446554103"); - background-position: -333px -1px; - border: none; + float: left; + width: 30px; + height: 30px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -333px -1px; + border: none; } .l-sort-toolbar__filter-apply:hover { - background-position: -368px -1px; - border-color: #afafac; + background-position: -368px -1px; + border-color: #afafac; } .l-sort-toolbar__filter-apply:active { - background-position: -404px -1px; - border-color: #afafac; + background-position: -404px -1px; + border-color: #afafac; } + .l-sort-toolbar__filter-apply--active { - background-position: -404px -1px; - border-color: #50bdb5; + background-position: -404px -1px; + border-color: #50bdb5; } .l-sort-toolbar__search { - float: left; - width: 25px; - height: 25px; - background-image: url("/images/sprite.png?1446554103"); - background-position: -333px -37px; - border: none; + float: left; + width: 25px; + height: 25px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -333px -37px; + border: none; } .l-sort-toolbar__search:hover { - background-position: -368px -37px; - border-color: #afafac; + background-position: -368px -37px; + border-color: #afafac; } .l-sort-toolbar__search:active { - background-position: -404px -37px; - border-color: #50bdb5; + background-position: -404px -37px; + border-color: #50bdb5; } + .l-sort-toolbar__search--active { - background-position: -404px -37px; - border-color: #50bdb5; + background-position: -404px -37px; + border-color: #50bdb5; } + .l-sort-toolbar .vst { - padding: 0 12px; - color: #777; - text-transform: uppercase; - font-size: 11px; - font-weight: bold; - line-height: 30px; + padding: 0 12px; + color: #777; + text-transform: uppercase; + font-size: 11px; + font-weight: bold; + line-height: 30px; } .l-sort-toolbar .vst:hover { - color: #ff6701; + color: #9c8cff; } .l-sort-toolbar .vst:active { - color: #55C9C0; + color: #23b7e5; } .l-sort-toolbar .vst.selected { - color: #ff6701; -// color: #92af0b; + color: #9c8cff; } - - .l-select { - width: 178px; - height: 28px; - border: 1px solid #ddd; - border-radius: 0; - overflow-x: hidden; - position: relative; - display: inline-block; - border-style: solid none solid solid; + width: 178px; + height: 28px; + border: 1px solid #ddd; + border-radius: 0; + overflow-x: hidden; + position: relative; + display: inline-block; + border-style: solid none solid solid; } + .lang-ru .l-select { - width: 199px; + width: 199px; } .l-select:after { - pointer-events: none; - background-image: url("/images/sprite.png?1446554103"); - background-position: -245px -175px; - width: 7px; - height: 4px; - margin-top: -2px; - content: ''; - position: absolute; - right: 10px; - top: 50%; + pointer-events: none; + background-image: url("/images/sprite.png?1446554104"); + background-position: -245px -175px; + width: 7px; + height: 4px; + margin-top: -2px; + content: ""; + position: absolute; + right: 10px; + top: 50%; } .l-select select { - border: 0; - background-color: transparent; - line-height: 28px; - height: 28px; - min-width: 208px; - padding-left: 4px; - appearance:none; - -moz-appearance:none; - -webkit-appearance:none; - padding-left: 10px; + border: 0; + background-color: transparent; + line-height: 28px; + height: 28px; + min-width: 208px; + padding-left: 4px; + appearance: none; + -moz-appearance: none; + -webkit-appearance: none; + padding-left: 10px; } .l-select select:focus { - border: 0; - outline: 0; + border: 0; + outline: 0; } + .lang-ru .l-select select { - min-width: 215px; + min-width: 215px; } + .l-select select option { - padding: 7px; + padding: 7px; } .l-unit { - color: #888; - padding: 0 0 0 15px; - overflow: hidden; - font-size: 13px; -} -.units .l-unit { - border-bottom: 1px solid #ddd; - border-left: 2px solid #fff; -} -.units .l-unit.l-unit--starred { - border-left: 2px solid #ff6701; -} -.units.active .l-unit.focus { - border-left: 2px solid #5edad0; -} -.units.active .l-unit.focus .l-unit__name { - color: #36b3a9; -} -.units.active .l-unit.focus .l-unit-toolbar__col--right { - display: block; + color: #888; + padding: 0 0 0 15px; + overflow: hidden; + font-size: 13px; } +.units .l-unit { + border-bottom: 1px solid #ddd; + border-left: 2px solid #fff; +} +.units .l-unit.l-unit--starred { + border-left: 2px solid #9c8cff; +} +.units.active .l-unit.focus { + border-left: 2px solid #5edad0; + background: #f4faff; +} +.units.active .l-unit.focus .l-unit__name { + color: #36b3a9; +} +.units.active .l-unit.focus .l-unit-toolbar__col--right { + display: block; +} .units > div:last-child { - border-bottom: none; + border-bottom: none; } .l-unit-ft { - color: #929292; - padding: 0 0 0 15px; + color: #929292; + padding: 0 0 0 15px; } .l-unit:hover .l-unit-toolbar__col--right { - display: block; + display: block; } + .l-unit--blue { - border-left: 2px solid #55c9c0; + border-left: 2px solid #23b7e5; } .l-unit--suspended { - background-color: #eaeaea; - color: #c0c0c0; + background-color: #eaeaea; + color: #c0c0c0; } - .units .l-unit.l-unit--outdated { - background-color: #ffcaca; - color: #555; - border-left: 5px solid #ff6f6f; - border-bottom: 1px solid #fff; + background-color: #ffcaca; + color: #555; + border-left: 5px solid #ff6f6f; + border-bottom: 1px solid #fff; } -.l-unit--suspended .l-unit__name, -.l-unit--suspended b, -.l-unit--outdated .l-unit__name, -.l-unit--outdated b { - color: #c0c0c0; +.l-unit--suspended .l-unit__name, .l-unit--suspended b { + color: #c0c0c0; } +.l-unit--outdated .l-unit__name, .l-unit--outdated b { + color: #c0c0c0; +} .l-unit--outdated .l-unit__name { - color: #333; + color: #333; } .l-unit--outdated b { - color: #555; + color: #555; } .l-unit--suspended .l-percent { - border-color: #fff; + border-color: #fff; } .l-unit--suspended .l-percent__fill { - background-color: #fff; + background-color: #fff; +} +.l-unit--suspended .l-unit__name { + color: #ADADAD; } -.l-unit--suspended .l-unit__name, .l-unit--suspended .l-unit__name span { - color: #ADADAD; + color: #ADADAD; } - -.l-unit--suspended.selected .l-unit__name, -.l-unit--suspended.selected .l-unit__name span { - color: #777; -} - .l-unit--suspended.selected { - background-color: #f2eab8 !important; - color: #b2ac87 !important; + background-color: #f2eab8 !important; + color: #b2ac87 !important; +} +.l-unit--suspended.selected .l-unit__name { + color: #777; +} +.l-unit--suspended.selected .l-unit__name span { + color: #777; } .l-unit--outdated.selected { - background: #765D5D !important; - color: #333 !important; + background: #765D5D !important; + color: #333 !important; } +.l-unit--suspended.selected .l-unit__name, .l-unit--suspended.selected b { + color: #333 !important; +} +.l-unit--outdated.selected .l-unit__name, .l-unit--outdated.selected b { + color: #333 !important; +} -.l-unit--suspended.selected .l-unit__name, -.l-unit--suspended.selected b, -.l-unit--outdated.selected .l-unit__name, -.l-unit--outdated.selected b, -.l-unit--suspended.selected .l-percent, -.l-unit--suspended.selected .l-percent__fill, -.l-unit--suspended.selected .l-unit__name, +.l-unit--suspended.selected .l-percent, .l-unit--suspended.selected .l-percent__fill { + color: #333 !important; +} +.l-unit--suspended.selected .l-unit__name { + color: #333 !important; +} .l-unit--suspended.selected .l-unit__name span { - color: #333 !important; + color: #333 !important; } .l-unit.selected .l-percent { - border-bottom: 1px dotted #777; + border-bottom: 1px dotted #777; } - .l-unit--selected { - background-color: #d1eddc; + background-color: #d1eddc; } -.l-unit-toolbar{ - height: 39px; + +.l-unit-toolbar { + height: 39px; } .l-unit label { - margin-bottom: 20px; + margin-bottom: 20px; } + .l-unit__columns { - display: table; - width: 100%; + display: table; + width: 100%; } + .l-unit__col { - display: table-cell; - padding-top: 1px; - vertical-align: top; + display: table-cell; + padding-top: 1px; + vertical-align: top; } + .l-unit__col--left { - width: 124px; - padding-right: 10px; + width: 124px; + padding-right: 10px; } + .units.compact .l-unit__col--left { - vertical-align: top; + vertical-align: top; } .l-unit__col--left.step-left { - padding-left: 30px; + padding-left: 30px; } .l-unit__col--right.total { - padding-left: 16px; + padding-left: 16px; } - .l-unit__col--right.back { - padding-left: 78px + padding-left: 78px; } .l-sort-toolbar .step-left { - padding-left: 40px; + padding-left: 40px; } + .step-right { - padding-right: 40px; + padding-right: 40px; } .l-unit__date { - font-size: 12px; - letter-spacing: 1px; - margin-top: 10px; - padding-bottom: 30px; + font-size: 12px; + letter-spacing: 1px; + margin-top: 10px; + padding-bottom: 30px; } .l-unit__suspended { - display: none; - font-size: 11px; - font-weight: bold; - letter-spacing: 3px; - margin-top: 36px; - text-transform: uppercase; - margin-bottom: 14px; + display: none; + font-size: 11px; + font-weight: bold; + letter-spacing: 3px; + margin-top: 36px; + text-transform: uppercase; + margin-bottom: 14px; } .units.compact .l-unit__suspended { - margin-top: 1px; + margin-top: 1px; } -.l-unit--outdated .l-unit__suspended, -.l-unit--suspended .l-unit__suspended { - display: block; +.l-unit--outdated .l-unit__suspended, .l-unit--suspended .l-unit__suspended { + display: block; +} + +.l-unit-ft .subtitle { + color: #9c8cff; + font-size: 12px; + font-weight: bold; + margin: 20px 0 18px 129px; + text-transform: uppercase; } -.l-unit-ft .subtitle, .l-unit .subtitle { - color: #ff6701; - font-size: 12px; - font-weight: bold; - margin: 20px 0 18px 129px; - text-transform: uppercase; + color: #9c8cff; + font-size: 12px; + font-weight: bold; + margin: 20px 0 18px 129px; + text-transform: uppercase; } - .l-unit.l-unit--outdated .l-unit__date { - color: #d24c4c; - font-size: 10px; - letter-spacing: 3px; - text-transform: uppercase; - font-weight: bold; + color: #d24c4c; + font-size: 10px; + letter-spacing: 3px; + text-transform: uppercase; + font-weight: bold; } .l-unit__name { - color: #111; - font-size: 32px; - margin-bottom: 10px; + color: #111; + font-size: 32px; + margin-bottom: 10px; } -.l-unit__stats.separate, + +.l-unit__stats.separate { + padding-bottom: 15px; +} + .l-unit__name.separate { - padding-bottom: 15px; + padding-bottom: 15px; } - .l-unit__name.small { - font-size: 19px; + font-size: 19px; } - .l-unit__name.small-2 { - font-size: 24px; + font-size: 24px; } - - .l-unit__name span { - color: #999; - margin-left: 30px; - font-size: 14px; - font-style: italic; + color: #999; + margin-left: 30px; + font-size: 14px; + font-style: italic; } .l-unit__name span:first-of-type { - margin-left: 39px; + margin-left: 39px; } .l-unit__name b { - font-weight: normal; - font-style: italic; + font-weight: normal; + font-style: italic; } .l-unit__ip { - margin-bottom: 26px; - font-size: 12px; - letter-spacing: 1px; + margin-bottom: 26px; + font-size: 12px; + letter-spacing: 1px; } .l-unit__ip span { - padding-left: 3px; - padding-right: 3px; + padding-left: 3px; + padding-right: 3px; } + .display-ip { - font-size: 12px; - letter-spacing: 1px; + font-size: 12px; + letter-spacing: 1px; } .display-ip span { - padding-left: 3px; - padding-right: 3px; + padding-left: 3px; + padding-right: 3px; } .l-unit__stats { - margin-bottom: 50px; + margin-bottom: 50px; } .l-unit__stats table { - width: 100%; - table-layout: fixed; + width: 100%; + table-layout: fixed; } .l-unit__stats td { - height: 22px; - padding-bottom: 3px; - vertical-align: top; + height: 22px; + padding-bottom: 3px; + vertical-align: top; } + .l-unit__stat-col--left { - float: left; - width: 124px; + float: left; + width: 124px; } .l-unit__stat-col--left.compact { - width: 70px; + width: 70px; } .l-unit__stat-col--left.compact-2 { - width: 95px; + width: 95px; } .l-unit__stat-col--left.wide { - width: 190px; + width: 190px; } .l-unit__stat-col--left.wide-2 { - width: 230px; + width: 230px; } .l-unit__stat-col--left.wide-3 { - width: 250px; + width: 250px; } .l-unit__stat-col--left.wide-4 { - width: 550px; + width: 550px; } - - .l-unit__stat-col--left.small-2 { - line-height: 11px; + line-height: 11px; } - .l-unit__stat-col--left.tiny { - font-size: 11px; + font-size: 11px; } - .l-unit__stat-col--left.tiny b { - font-size: 18px; + font-size: 18px; } - .l-unit__stat-col--right { - float: left; - max-width: 152px; + float: left; + max-width: 152px; } .l-unit-toolbar__col--left { - float: left; - margin-left: -15px; - margin-top: 0; - padding-bottom: 0px;/* 8px */ - padding-left: 15px; - padding-top: 15px; - width: 30px; - cursor: pointer; + float: left; + margin-left: -15px; + margin-top: 0; + padding-bottom: 0px; + /* 8px */ + padding-left: 15px; + padding-top: 15px; + width: 30px; + cursor: pointer; } .l-unit-toolbar__col--right { - float: right; - display: none; + float: right; + display: none; } body.mobile .l-unit-toolbar__col--right { - display: block; + display: block; } .l-unit-toolbar .shortcut { - display: none; + display: none; } .units.active .l-unit.focus .l-unit-toolbar .shortcut { - display: block; - background-color: #69a298; - border-radius: 13px; - color: #fff; - cursor: pointer; - display: block; - font-size: 12px; - font-weight: 700; - line-height: 25px; - padding-left: 7px; - padding-right: 9px; - position: absolute; - right: 3px; - top: 3px; + display: block; + background-color: #69a298; + border-radius: 13px; + color: #fff; + cursor: pointer; + display: block; + font-size: 12px; + font-weight: 700; + line-height: 25px; + padding-left: 7px; + padding-right: 9px; + position: absolute; + right: 3px; + top: 3px; } .units.active .l-unit.focus .l-unit-toolbar .shortcut.delete { - font-size: 10px; - padding-left: 2px; - padding-right: 5px; - text-transform: capitalize; + font-size: 10px; + padding-left: 2px; + padding-right: 5px; + text-transform: capitalize; } .units.active .l-unit.focus .l-unit-toolbar .shortcut.enter { - font-size: 17px; - padding-left: 1px; - padding-right: 7px; + font-size: 17px; + padding-left: 1px; + padding-right: 7px; } .units.active .l-unit.focus .l-unit-toolbar i { - background: none; + background: none; } .l-unit__stat-col.volume { - font-size: 12px; - line-height: 17px; - float: right; + font-size: 12px; + line-height: 17px; + float: right; } .actions-panel__col { - float: left; - min-width: 95px; - min-height: 31px; - text-transform: uppercase; - background-color: #dfdedd; - border-right: 1px solid #d8d7d7; - position: relative; + float: left; + min-width: 95px; + min-height: 31px; + text-transform: uppercase; + background-color: #dde6e9; + border-right: 1px solid #dde6e9; + position: relative; } + .selected .actions-panel__col { - -webkit-filter: contrast(80%); - filter: contrast(80%); + -webkit-filter: contrast(80%); + filter: contrast(80%); } + .actions-panel__col i { - background-image: url("/images/sprite.png?1446554103"); - background-repeat: no-repeat; - display: inline-block; - float: right; - content: ''; - width: 31px; - height: 31px; - position: absolute; - top: 0; - right: 0; + background-image: url("/images/sprite.png?1446554104"); + background-repeat: no-repeat; + display: inline-block; + float: right; + content: ""; + width: 31px; + height: 31px; + position: absolute; + top: 0; + right: 0; } .actions-panel__col a { - line-height: 31px; - color: #777; - font-weight: 700; - font-size: 12px; - padding-left: 13px; - display: block; - cursor: pointer; - position: relative; - padding-right: 36px; -} -.lang-ru .actions-panel__col a { - font-size: 11px; - padding-top: 1px; -} -.lang-tw .actions-panel__col a { - font-size: 15px; - font-weight: normal; - line-height: 29px; -} -.lang-ar .actions-panel__col a { - font-size: 15px; - font-weight: normal; - line-height: 31px; + line-height: 31px; + color: #777; + font-weight: 700; + font-size: 12px; + padding-left: 13px; + display: block; + cursor: pointer; + position: relative; + padding-right: 36px; } +.lang-ru .actions-panel__col a { + font-size: 11px; + padding-top: 1px; +} + +.lang-tw .actions-panel__col a { + font-size: 15px; + font-weight: normal; + line-height: 29px; +} + +.lang-ar .actions-panel__col a { + font-size: 15px; + font-weight: normal; + line-height: 31px; +} .actions-panel__favorite a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__favorite i { - background-position: -39px -85px; + background-position: -39px -85px; } .actions-panel__edit i { - background-position: -1px -169px; + background-position: -1px -169px; } .actions-panel__edit:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__edit:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__edit:hover a i { - background-position: -41px -169px; + background-position: -41px -169px; } .actions-panel__edit:active a i { - background-position: -81px -169px; + background-position: -81px -169px; } + .actions-panel__edit--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__edit--active i { - background-position: -78px -169px; + background-position: -78px -169px; } .actions-panel__restart i { - background-position: -1px -520px; + background-position: -1px -520px; } .actions-panel__restart:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__restart:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__restart:hover a i { - background-position: -41px -520px; + background-position: -41px -520px; } .actions-panel__restart:active a i { - background-position: -81px -520px; + background-position: -81px -520px; } + .actions-panel__restart--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__restart--active i { - background-position: -78px -520px; + background-position: -78px -520px; } .actions-panel__add i { - background-position: -1px -285px; + background-position: -1px -285px; } .actions-panel__add:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__add:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__add:hover a i { - background-position: -41px -285px; + background-position: -41px -285px; } .actions-panel__add:active a i { - background-position: -81px -285px; + background-position: -81px -285px; } .actions-panel__add--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__add--active i { - background-position: -78px -285px; + background-position: -78px -285px; } .actions-panel__update i { - background-position: -1px -481px; + background-position: -1px -481px; } .actions-panel__update:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__update:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__update:hover a i { - background-position: -41px -481px; + background-position: -41px -481px; } .actions-panel__update:active a i { - background-position: -81px -481px; + background-position: -81px -481px; } + .actions-panel__update--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__update--active i { - background-position: -78px -481px; + background-position: -78px -481px; } .actions-panel__logs i { - background-position: -2px -130px; + background-position: -2px -130px; } .actions-panel__logs:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__logs:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__logs:hover a i { - background-position: -42px -130px; + background-position: -42px -130px; } .actions-panel__logs:active a i { - background-position: -82px -130px; + background-position: -82px -130px; } + .actions-panel__logs--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__logs--active i { - background-position: -79px -130px; + background-position: -79px -130px; } .actions-panel__db i { - background-position: -2px -363px; + background-position: -2px -363px; } .actions-panel__db:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__db:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__db:hover a i { - background-position: -42px -363px; + background-position: -42px -363px; } .actions-panel__db:active a i { - background-position: -82px -363px; + background-position: -82px -363px; } + .actions-panel__db--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__db--active i { - background-position: -79px -362px; + background-position: -79px -362px; } .actions-panel__suspend i { - background-position: -1px -51px; + background-position: -1px -51px; } .actions-panel__suspend:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__suspend:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__suspend:hover a i { - background-position: -41px -51px; + background-position: -41px -51px; } .actions-panel__suspend:active a i { - background-position: -81px -51px; + background-position: -81px -51px; } + .actions-panel__suspend--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__suspend--active i { - background-position: -78px -51px; + background-position: -78px -51px; } .actions-panel__unsuspend i { - background-position: -1px -12px; + background-position: -1px -12px; } .actions-panel__unsuspend:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__unsuspend:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__unsuspend:hover a i { - background-position: -41px -12px; + background-position: -41px -12px; } .actions-panel__unsuspend:active a i { - background-position: -81px -12px; + background-position: -81px -12px; } + .actions-panel__unsuspend--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__unsuspend--active i { - background-position: -78px -12px; + background-position: -78px -12px; } - .actions-panel__loginas i { - background-position: -1px -245px; + background-position: -1px -245px; } .actions-panel__loginas:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__loginas:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__loginas:hover a i { - background-position: -41px -245px; + background-position: -41px -245px; } .actions-panel__loginas:active a i { - background-position: -81px -245px; + background-position: -81px -245px; } + .actions-panel__loginas--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__loginas--active i { - background-position: -78px -245px; + background-position: -78px -245px; } .actions-panel__download i { - background-position: -1px -402px; + background-position: -1px -402px; } .actions-panel__download:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__download:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__download:hover a i { - background-position: -41px -402px; + background-position: -41px -402px; } .actions-panel__download:active a i { - background-position: -81px -402px; + background-position: -81px -402px; } + .actions-panel__download--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__download--active i { - background-position: -78px -402px; + background-position: -78px -402px; } .actions-panel__configure i { - background-position: -1px -442px; + background-position: -1px -442px; } .actions-panel__configure:hover a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__configure:active a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__configure:hover a i { - background-position: -81px -442px; + background-position: -81px -442px; } .actions-panel__configure:active a i { - background-position: -41px -442px; + background-position: -41px -442px; } + .actions-panel__configure--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__configure--active i { - background-position: -78px -442px; + background-position: -78px -442px; } .actions-panel__.l-icon-starmail i { - background-position: -1px -324px; + background-position: -1px -324px; } + .actions-panel__mail:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__mail:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__mail:hover a i { - background-position: -41px -324px; + background-position: -41px -324px; } .actions-panel__mail:active a i { - background-position: -81px -324px; + background-position: -81px -324px; } + .actions-panel__mail--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__mail--active i { - background-position: -78px -324px; + background-position: -78px -324px; } .actions-panel__delete i { - background-position: -1px -207px; + background-position: -1px -207px; } .actions-panel__delete:hover a { - background-color: #ff3438; - color: #fff; + background-color: #ff3438; + color: #fff; } .actions-panel__delete:active a { - background-color: #ff5f5f; - color: #fff; + background-color: #ff5f5f; + color: #fff; } .actions-panel__delete:hover a i { - background-position: -41px -207px; + background-position: -41px -207px; } .actions-panel__delete:active a i { - background-position: -81px -207px; + background-position: -81px -207px; } + .actions-panel__delete--active a { - background-color: #ff5f5f; - color: #fff; + background-color: #ff5f5f; + color: #fff; } .actions-panel__delete--active i { - background-position: -78px -207px; + background-position: -78px -207px; } .actions-panel__stop i { - background-position: -1px -561px; + background-position: -1px -561px; } .actions-panel__stop:hover a { - background-color: #ff3438; - color: #fff; + background-color: #ff3438; + color: #fff; } .actions-panel__stop:active a { - background-color: #ff5f5f; - color: #fff; + background-color: #ff5f5f; + color: #fff; } .actions-panel__stop:hover a i { - background-position: -41px -561px; + background-position: -41px -561px; } .actions-panel__stop:active a i { - background-position: -81px -561px; + background-position: -81px -561px; } + .actions-panel__stop--active a { - background-color: #ff5f5f; - color: #fff; + background-color: #ff5f5f; + color: #fff; } .actions-panel__stop--active i { - background-position: -78px -561px; + background-position: -78px -561px; } .actions-panel__start i { - background-position: -1px -482px; + background-position: -1px -482px; } .actions-panel__start:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__start:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__start:hover a i { - background-position: -41px -482px; + background-position: -41px -482px; } .actions-panel__start:active a i { - background-position: -81px -482px; + background-position: -81px -482px; } + .actions-panel__start--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__start--active i { - background-position: -78px -482px; + background-position: -78px -482px; } - .l-icon-up-arrow, .l-icon-down-arrow, .l-icon-star, .l-icon-to-top, .l-icon-shortcuts, .l-icon-star-orange, .l-icon-star-blue { - display: inline-block; - vertical-align: middle; - background-image: url("/images/sprite.png?1446554103"); + display: inline-block; + vertical-align: middle; + background-image: url("/images/sprite.png?1446554104"); } .l-icon-down-arrow { - width: 7px; - height: 15px; - background-position: -280px -128px; + width: 7px; + height: 15px; + background-position: -280px -128px; } .l-icon-up-arrow { - width: 7px; - height: 15px; - background-position: -299px -129px; + width: 7px; + height: 15px; + background-position: -299px -129px; } - .l-icon-star { - width: 36px; - height: 36px; - background-position: -216px 560px; - cursor: pointer; - visibility: hidden; + width: 36px; + height: 36px; + background-position: -216px 560px; + cursor: pointer; + visibility: hidden; } + .l-unit--starred .l-icon-star { - background-position: -174px 560px; - visibility: visible; + background-position: -174px 560px; + visibility: visible; } + .selected .l-icon-star { - filter: contrast(70%); - -webkit-filter: contrast(70%); + filter: contrast(70%); + -webkit-filter: contrast(70%); } .units.compact .l-icon-star { - margin-top: -14px; + margin-top: -14px; } .l-icon-star:hover { - background-position: 0px 560px; + background-position: 0px 560px; } - .l-icon-star:active { - -background-position: -174px 560px; - background-position: -80px 562px; + -background-position: -174px 560px; + background-position: -80px 562px; } .l-unit:hover .l-icon-star { - visibility: visible; + visibility: visible; } - .l-icon-to-top { - width: 35px; - height: 35px; - background-position: -330px -68px; + width: 35px; + height: 35px; + background-position: -330px -68px; } .l-icon-to-top:hover { - background-position: -366px -68px; + background-position: -366px -68px; } .l-icon-to-top:active { - background-position: -402px -68px; + background-position: -402px -68px; } .l-icon-shortcuts { - width: 35px; - height: 35px; - background-position: -240px -281px; - border-radius: 18px; + width: 35px; + height: 35px; + background-position: -240px -281px; + border-radius: 18px; } .l-icon-shortcuts:hover { - background-position: -160px -281px; + background-position: -160px -281px; } .l-icon-shortcuts:active { - background-position: -198px -281px; + background-position: -198px -281px; } -body.mobile .l-icon-to-top, -body.mobile .l-icon-shortcuts { - display: none; +body.mobile .l-icon-to-top, body.mobile .l-icon-shortcuts { + display: none; } - .l-icon-star-orange { - width: 13px; - height: 13px; - background-position: -178px -97px; + width: 13px; + height: 13px; + background-position: -178px -97px; } .l-icon-star-blue { - width: 13px; - height: 13px; - background-position: -134px -97px; + width: 13px; + height: 13px; + background-position: -134px -97px; } .media-top { - vertical-align: top; + vertical-align: top; } .l-unit__stat-cols { - padding-right: 10px; + padding-right: 10px; } .l-unit__stat-cols.last { - padding-right: 0; + padding-right: 0; } .l-unit__stat-cols.graph { - width: 200px; + width: 200px; } .l-unit__stat-cols.tiny { - font-size:11px; - line-height: 19px; + font-size: 11px; + line-height: 19px; } .l-percent { - border-bottom: 1px dotted #ccc; - margin-top: 1px; - width: 200px; + border-bottom: 1px dotted #ccc; + margin-top: 1px; + width: 200px; } + .l-percent__fill { - background-color: #aacc0d; - height: 3px; - position: relative; - bottom: -1px; + background-color: #aacc0d; + height: 3px; + position: relative; + bottom: -1px; } .to-top { - display: inline-block; - position: fixed; - top: 92%; - right: 1%; + display: inline-block; + position: fixed; + top: 92%; + right: 1%; } .to-shortcuts { - display: inline-block; - position: fixed; - top: 92%; - right: 4%; + display: inline-block; + position: fixed; + top: 92%; + right: 4%; } - /* #vstobjects { margin-top: -1px; } */ - #vstobjects .l-center { - padding-top: 20px; - padding-bottom: 30px; - font-size: 12px; + padding-top: 20px; + padding-bottom: 30px; + font-size: 12px; } .timer-container { - margin-top: 4px; + margin-top: 4px; } - .timer-container .refresh-timer { - border: 2px solid #9f9f9f; - border-radius: 14px; - height: 14px; - width: 14px; - float: left; - margin: 2px 10px 0 0; + border: 2px solid #9f9f9f; + border-radius: 14px; + height: 14px; + width: 14px; + float: left; + margin: 2px 10px 0 0; } .timer-container .refresh-timer.paused { - border: 2px solid #9f9f9f; + border: 2px solid #9f9f9f; } -.timer-container .refresh-timer.paused .loader-half.right, -.timer-container .refresh-timer.paused .loader-half.dark { - background-color: #9d9f9f; +.timer-container .refresh-timer.paused .loader-half.right, .timer-container .refresh-timer.paused .loader-half.dark { + background-color: #9d9f9f; } .timer-container .loader-half { - border-radius: 0 14px 14px 0; - height: 14px; - width: 7px; - float: left; + border-radius: 0 14px 14px 0; + height: 14px; + width: 7px; + float: left; } .timer-container .loader-half.left { - border-radius: 14px 0 0 14px; - background-color: #fff; + border-radius: 14px 0 0 14px; + background-color: #fff; } .timer-container .loader-half.right { - margin-left: 7px; - background-color: #9f9f9f; + margin-left: 7px; + background-color: #9f9f9f; } .timer-container .loader-half.dark { - background-color: #9f9f9f; + background-color: #9f9f9f; } .timer-container .movement { - float: left; - width: 14px; - height: 14px; - position: absolute; + float: left; + width: 14px; + height: 14px; + position: absolute; } .timer-container .movement.left { - z-index: 10; + z-index: 10; } .timer-container .movement.right { - transform: rotate(180deg); - -webkit-transform: rotate(180deg); + transform: rotate(180deg); + -webkit-transform: rotate(180deg); } .timer-container .timer-button { - cursor: pointer; - text-decotation: underline; - margin: 7px 0 0 38px; - width: 15px; - float: left; - height: 10px; + cursor: pointer; + text-decotation: underline; + margin: 7px 0 0 38px; + width: 15px; + float: left; + height: 10px; } .timer-container .timer-button.pause { - background: url(/images/pause.png) no-repeat ; + background: url(/images/pause.png) no-repeat; } .timer-container .timer-button.play { - background: url(/images/start.png) no-repeat; + background: url(/images/start.png) no-repeat; } .uppercase { - text-transform: uppercase; -} - -.title b, -.title { - color: #ff6701; - font-size: 12px; - font-weight: bold; - padding: 0 30px 0px 73px; - line-height: 30px; - text-transform: uppercase; + text-transform: uppercase; } .title { - display: inline-block; - float: left; + color: #9c8cff; + font-size: 12px; + font-weight: bold; + padding: 0 30px 0px 73px; + line-height: 30px; + text-transform: uppercase; + display: inline-block; + float: left; +} +.title b { + color: #9c8cff; + font-size: 12px; + font-weight: bold; + padding: 0 30px 0px 73px; + line-height: 30px; + text-transform: uppercase; } - - - /* form styles */ - - - .vst-error { - color: #BE5ABF; - font-weight: bold; - display: inline-block; - height: 17px; - overflow: hidden; - padding-top: 6px; - width: 593px; + color: #BE5ABF; + font-weight: bold; + display: inline-block; + height: 17px; + overflow: hidden; + padding-top: 6px; + width: 593px; } .vst-ok { - color: #9fbf0c; - font-weight: bold; - display: inline-block; - height: 17px; - overflow: hidden; - padding-top: 6px; - max-width: 600px; + color: #27c24c; + font-weight: bold; + display: inline-block; + height: 17px; + overflow: hidden; + padding-top: 6px; + max-width: 600px; } - .vst-ok a { - color: #2c9491; + color: #27c24c; } .vst-ok a:hover { - color: #ff6701; + color: #9c8cff; } .vst-ok a:active { - color: #f72b44; + color: #796cc7; } - - - .data { - margin: 0 0 90px 0; + margin: 0 0 90px 0; } + .data-col1 { - width: 148px; + width: 148px; } - .data-col1 td { - padding: 10px 0 0 5px; + padding: 10px 0 0 5px; } - .data-col1 tr:first-child td { - padding: 59px 0 0 5px; + padding: 59px 0 0 5px; } -.login-box td, -.data td { - color: #555; - font-size: 15px; - padding-bottom: 3px; - font-weight: bold; +.login-box td, .data td { + color: #555; + font-size: 15px; + padding-bottom: 3px; + font-weight: bold; } + .input-label { - padding-top: 20px; + padding-top: 20px; } -.data input[type="checkbox"] { - display: inline; - cursor: pointer; + +.data input[type=checkbox] { + display: inline; + cursor: pointer; } + .step-top { - padding-top: 42px; + padding-top: 42px; } + .step-top-small { - padding-top: 22px; + padding-top: 22px; } + .jump-top { - margin-top: -60px; + margin-top: -60px; } + .jump-small-top { - margin-top: -12px; + margin-top: -12px; } + .float-right { display: inline-block; float: right; } .data a { - text-decoration: none; -} -label { - cursor: pointer; + text-decoration: none; } +label { + cursor: pointer; +} label:hover { - color: #333; + color: #333; } .vst-input { - background-color: #fff; - border: 1px solid #cfcfcf; - border-radius: 0px; - color: #555; - font-family: Arial; - font-size: 19px; - height: 28px; - margin: 2px 6px 0 0; - padding: 7px 3px 9px 14px; - width: 360px; - font-weight: normal; + background-color: #fff; + border: 1px solid #dee5e7; + border-radius: 3px; + color: #555; + font-family: Arial; + font-size: 19px; + height: 28px; + margin: 2px 6px 0 0; + padding: 7px 3px 9px 14px; + width: 360px; + font-weight: normal; } .vst-input:hover { - border: 1px solid #909090; + border: 1px solid #909090; } .vst-input:focus { - border: 1px solid #55C9C0; - background-color: #D7F9FF; - color: #333; + border: 1px solid #23b7e5; + background-color: #fff; + color: #333; +} +.vst-input:disabled { + background-color: #e0e0e0; } -.vst-input:disabled, .vst-list:disabled { - background-color: #e0e0e0; + background-color: #e0e0e0; } + .vst-input:focus:disabled { - border-color: #f1f1f1; - background-color: #f1f1f1; + border-color: #f1f1f1; + background-color: #f1f1f1; } .vst-input.long { - width: 832px; + width: 100%; } .vst-input.short { - width: 200px; + width: 200px; } .vst-list { - background-color: #fff; - border: 1px solid #ccc; - border-radius: 0; - color: #555; - font-family: Arial,Helvetica,sans-serif; - font-size: 19px; - font-weight: normal; - height: 43px; - cursor: pointer; - margin: 2px 6px 0 0; - min-width: 138px; - padding: 8px 1px 6px 10px; - background-image: url("/images/sprite.png?1446554103"); - background-position: -185px -604px; - width: 270px; - appearance:none; - -moz-appearance:none; - -webkit-appearance:none; - text-shadow: 0 0 0 #555; + background-color: #fff; + border: 1px solid #dee5e7; + border-radius: 3px; + color: #555; + font-family: Arial, Helvetica, sans-serif; + font-size: 19px; + font-weight: normal; + height: 43px; + cursor: pointer; + margin: 2px 6px 0 0; + min-width: 138px; + padding: 8px 1px 6px 10px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -185px -604px; + width: 270px; + appearance: none; + -moz-appearance: none; + -webkit-appearance: none; + text-shadow: 0 0 0 #555; } - .vst-list.long-2 { - width: 486px; - background-position: 502px -604px; + width: 486px; + background-position: 502px -604px; } .vst-list option { - padding: 6px 1px 6px 15px; + padding: 6px 1px 6px 15px; } .vst-list:hover { - border: 1px solid #909090; + border: 1px solid #909090; } .vst-list:focus { - border: 1px solid #55C9C0; - color: #333; + border: 1px solid #23b7e5; + color: #333; } - .vst-list.flat { - border: 1px solid #fff; - color: #2c9491; - text-transform: uppercase; - font-weight: bold; - font-size: 11px; - margin-left: -14px; - background-position: -210px -604px; - text-shadow: none !important; + border: 1px solid #fff; + color: #27c24c; + text-transform: uppercase; + font-weight: bold; + font-size: 11px; + margin-left: -14px; + background-position: -210px -604px; + text-shadow: none !important; } .vst-list.flat:hover { - color: #ff6701; + color: #9c8cff; } .vst-list.flat option { - color: #555; + color: #555; } -a.vst-text, -a.vst-text b{ - color: #2c9491; +a.vst-text { + color: #27c24c; } -a.vst-text:hover, -a.vst-text:hover b{ - color: #ff6701; +a.vst-text b { + color: #27c24c; } -a.vst-text:active, -a.vst-text:active b{ - color: #ff6701; +a.vst-text:hover, a.vst-text:active { + color: #9c8cff; +} +a.vst-text:hover b, a.vst-text:active b { + color: #9c8cff; } .vst-textinput { - background-color: #fff; - border: 1px solid #cfcfcf; - border-radius: 0px; - color: #555; - font-size: 19px; - padding: 5px; - width: 560px; - height: 90px; - font-family:Arial, Helvetica, sans-serif; - padding: 9px 1px 6px 14px; - font-weight: normal; + background-color: #fff; + border: 1px solid #dee5e7; + border-radius: 3px; + color: #555; + font-size: 19px; + padding: 5px; + width: 560px; + height: 90px; + font-family: Arial, Helvetica, sans-serif; + padding: 9px 1px 6px 14px; + font-weight: normal; } .vst-textinput:hover { - border: 1px solid #909090; + border: 1px solid #909090; } .vst-textinput:focus { - border: 1px solid #55C9C0; - background-color: #D7F9FF; - color: #333; + border: 1px solid #23b7e5; + background-color: #fff; + color: #333; } .vst-textinput:disabled { - background-color: #f1f1f1; + background-color: #f1f1f1; } -.vst-textinput.console{ - font-size: 13px; - width: 630px; - height: 300px; - font-family:"Lucida Console", Monaco, monospace; - white-space: pre; +.vst-textinput.console { + font-size: 13px; + width: 630px; + height: 300px; + font-family: "Lucida Console", Monaco, monospace; + white-space: pre; } .vst-textinput.short { - width: 360px; + width: 360px; } -#advanced-options .console{ - width: 833px; - height: 600px; + +#advanced-options .console { + width: 833px; + height: 600px; } + .generate { - color: #2C9491; - text-decoration: underline; - cursor: pointer; - margin-left: -3px; - padding: 0 3px; + color: #27c24c; + text-decoration: underline; + cursor: pointer; + margin-left: -3px; + padding: 0 3px; } .generate:hover { - background-color: #ff6701; - border-color: #ff6701; - color: #fff; + background-color: #9c8cff; + border-color: #9c8cff; + color: #fff; } .generate:active { - background-color: #F7D616; - border-color: #F7D616; + background-color: #F7D616; + border-color: #F7D616; } + .vst-advanced { - border-bottom: 1px solid #2c9491; - color: #2c9491; - font-size: 11px; - letter-spacing: 1px; - padding: 2px 2px 0; - text-decoration: none; - text-transform: uppercase; + border-bottom: 1px solid #27c24c; + color: #27c24c; + font-size: 11px; + letter-spacing: 1px; + padding: 2px 2px 0; + text-decoration: none; + text-transform: uppercase; } + .login-box .vst-advanced:hover { - color: #ff6701; - background-color: transparent; - border-color: transparent; + color: #9c8cff; + background-color: transparent; + border-color: transparent; } .vst-advanced:hover { - color: #fff; - background-color: #ff6701; - border-color: #ff6701; + color: #fff; + background-color: #9c8cff; + border-color: #9c8cff; } -.login-box .vst-advanced:active, -.vst-advanced:active { - color: #fff; - background-color: #F7D616; - border-color: #F7D616; +.login-box .vst-advanced:active, .vst-advanced:active { + color: #fff; + background-color: #F7D616; + border-color: #F7D616; } .login-box .vst-advanced { - border-bottom: none; - color: #2c9491; - font-size: 10px; - letter-spacing: 1px; - padding: 2px 2px 0; - text-decoration: none; - text-transform: uppercase; + border-bottom: none; + color: #27c24c; + font-size: 10px; + letter-spacing: 1px; + padding: 2px 2px 0; + text-decoration: none; + text-transform: uppercase; } + .vst-checkbox { - font-size: 19px; - margin: 2px 6px 0 3px; - padding: 5px; + font-size: 19px; + margin: 2px 6px 0 3px; + padding: 5px; } + .lets-encrypt-note { - color: #89a40a !important; - font-style: italic; - font-weight: normal !important; - height: 30px; - padding-top: 10px; - vertical-align: top; + color: #89a40a !important; + font-style: italic; + font-weight: normal !important; + height: 30px; + padding-top: 10px; + vertical-align: top; } .additional-control { - margin-left: 17px; - color: #2C9491; - border-bottom: 1px solid #2C9491; - font-size: 11px; - letter-spacing: 1px; - cursor: pointer; - text-transform: uppercase; - font-weight: bold; - padding: 2px 2px 0; + margin-left: 17px; + color: #27c24c; + border-bottom: 1px solid #27c24c; + font-size: 11px; + letter-spacing: 1px; + cursor: pointer; + text-transform: uppercase; + font-weight: bold; + padding: 2px 2px 0; } .additional-control:hover { - background-color: #ff6701; - border-color: #ff6701; - color: #fff; + background-color: #9c8cff; + border-color: #9c8cff; + color: #fff; } .additional-control:active { - color: #fff; - background-color: #aaa; + color: #fff; + background-color: #aaa; } - .additional-control.ftp-remove-user { - padding: 2px 0 0 0; + padding: 2px 0 0 0; } - -.additional-control.delete:hover, -.additional-control.ftp-remove-user:hover { - background-color: #FF3438; - border-color: #FF3438; +.additional-control.delete:hover, .additional-control.ftp-remove-user:hover { + background-color: #FF3438; + border-color: #FF3438; } -.additional-control.delete:active, -.additional-control.ftp-remove-user:active { - background-color: #FF5F5F; - border-color: #FF5F5F; +.additional-control.delete:active, .additional-control.ftp-remove-user:active { + background-color: #FF5F5F; + border-color: #FF5F5F; } .additional-control.add:hover { - background-color: #9FBF0C; - border-color: #9FBF0C; + background-color: #27c24c; + border-color: #27c24c; } -.additional-control.add:active{ - background-color: #c0e60f; - border-color: #c0e60f; +.additional-control.add:active { + background-color: #32f360; + border-color: #32f360; } - .additional-control.remove-ns { - display: none; + display: none; } .data .step-left { - padding-left: 50px; + padding-left: 50px; } + .hide-password { - color: #2361a1; - margin-left: -36px; - padding-left: 3px; - z-index: 1; + color: #2361a1; + margin-left: -36px; + padding-left: 3px; + z-index: 1; } + .toggle-psw-visibility-icon { - cursor: pointer; - opacity: 1; + cursor: pointer; + opacity: 1; } + .show-passwords-enabled-action { - opacity: 0.4; -} -.ftp-path-value, -.hint, -td.hint { - color: #777; - font-size: 15px; - font-style: italic; - font-weight: normal; -} -.ftp-path-prefix { padding-top: 7px; } - -.ui-button, -.button { - filter:chroma(color=#000); - cursor: pointer; - border-radius: 3px 3px 3px 3px; - font-size: 13px; - font-weight: bold; - padding: 1px 16px 3px 16px; - width: 108px; - height: 34px; - color: #fafafa; - border: 1px solid #9FBF0C; - background-color: #9FBF0C; -} -.ui-button:hover, -.button:hover { - color: #555; - border: 1px solid #C0E60F; - background-color: #C0E60F; -} -.ui-button:active, -.button:active { - border: 1px solid #D1D70D !important; - background-color: #D1D70D !important; + opacity: 0.4; } -.ui-button:focus, -.button:focus { - border: 1px solid #90AD0D; - background-color: #90AD0D; +.ftp-path-value, .hint, td.hint { + color: #777; + font-size: 15px; + font-style: italic; + font-weight: normal; } -.ui-button.cancel, -.button.cancel { - color: #777; - border: 1px solid #DFDEDD; - background-color: #DFDEDD; +.ftp-path-prefix { + padding-top: 7px; } -.ui-button.cancel:hover, -.button.cancel:hover { - color: #fff; - border: 1px solid #999; - background-color: #999; + +.ui-button, .button { + filter: chroma(color=#000); + cursor: pointer; + border-radius: 3px 3px 3px 3px; + font-size: 13px; + font-weight: bold; + padding: 1px 16px 3px 16px; + width: 108px; + height: 34px; + color: #fafafa; + border: 1px solid #27c24c; + background-color: #27c24c; } -.ui-button.cancel:active, -.button.cancel:active { - border: 1px solid #D1D70D; - background-color: #D1D70D; + +.ui-button:hover, .button:hover { + color: #555; + border: 1px solid #32f360; + background-color: #32f360; } + +.ui-button:active, .button:active { + border: 1px solid #54ca70 !important; + background-color: #54ca70 !important; +} + +.ui-button:focus, .button:focus { + border: 1px solid #25af49; + background-color: #25af49; +} + +.ui-button.cancel, .button.cancel { + color: #777; + border: 1px solid #dde6e9; + background-color: #dde6e9; +} + +.ui-button.cancel:hover, .button.cancel:hover { + color: #fff; + border: 1px solid #999; + background-color: #999; +} + +.ui-button.cancel:active, .button.cancel:active { + border: 1px solid #54ca70; + background-color: #54ca70; +} + a.button.cancel { - padding: 8px 38px; - text-transform: capitalize; + padding: 8px 38px; + text-transform: capitalize; } - .ui-dialog button.cancel { - color: #000; - border: 1px solid #555; - background-color: #555; + color: #000; + border: 1px solid #555; + background-color: #555; } + /* .ui-dialog button.cancel:hover { color: #fff; @@ -2789,105 +2614,101 @@ a.button.cancel { background-color: #999; } .ui-dialog button.cancel:active { - border: 1px solid #D1D70D; - background-color: #D1D70D; + border: 1px solid #54ca70; + background-color: #54ca70; } */ - - - .ui-button span { - color: #fff; + color: #fff; } .ui-button:hover span { - color: #555 !important; + color: #555 !important; } .ui-button:active span { - color: #555; + color: #555; } .ui-button.cancel span { - color: #777; + color: #777; } -.ui-button:hover span { - color: #fff; -} -.ui-button:active span { - color: #fff; +.ui-button:hover span, .ui-button:active span { + color: #fff; } .ui-dialog button.cancel span { - color: #ccc; + color: #ccc; } - .unlim-trigger { - cursor: pointer; - margin-left: -36px; - padding-left: 3px; - z-index: 1; + cursor: pointer; + margin-left: -36px; + padding-left: 3px; + z-index: 1; } + .optional { - font-size: 12px; - padding: 0 0 0 6px; - font-weight: normal; + font-size: 12px; + padding: 0 0 0 6px; + font-weight: normal; } + .data-active b { - color: #9FBF0C; - font-size: 11px; - letter-spacing: 1px; - text-transform: uppercase; + color: #27c24c; + font-size: 11px; + letter-spacing: 1px; + text-transform: uppercase; } + .data-suspended b { - color: #A3A3A3; - font-size: 11px; - letter-spacing: 3px; - font-weight: bold; - text-transform: uppercase; + color: #A3A3A3; + font-size: 11px; + letter-spacing: 3px; + font-weight: bold; + text-transform: uppercase; } + .data-date { - font-weight: normal; - color: #777; - font-size: 12px; - letter-spacing: 1px; - line-height: 23px; + font-weight: normal; + color: #777; + font-size: 12px; + letter-spacing: 1px; + line-height: 23px; } -.data-dotted { - vertical-align: top; -} -.mail-infoblock-td { - vertical-align: top; + +.data-dotted, .mail-infoblock-td { + vertical-align: top; } + .mail-infoblock { - margin-left: -110px; - font-size: 12px; - color: #777; - border: 1px solid #d9d9d9; - padding: 0px 5px 12px 20px; - margin-top: 64px; - width: 334px; - overflow: hidden; + margin-left: -110px; + font-size: 12px; + color: #777; + border: 1px solid #d9d9d9; + padding: 0px 5px 12px 20px; + margin-top: 64px; + width: 334px; + overflow: hidden; } .mail-infoblock:hover { - overflow: visible; + overflow: visible; } .mail-infoblock td { - color: #777; - font-size: 14px; - height: 18px; - font-weight: normal; + color: #777; + font-size: 14px; + height: 18px; + font-weight: normal; } -.mail-infoblock td:first-child{ - padding-right: 15px; +.mail-infoblock td:first-child { + padding-right: 15px; } .mail-infoblock div { - width: 190px; - white-space: nowrap; + width: 190px; + white-space: nowrap; } .mail-infoblock a { - color: #2c9491; + color: #27c24c; } .mail-infoblock a:hover { - color: #ff6701; + color: #9c8cff; } .additional-info { @@ -2904,489 +2725,1540 @@ a.button.cancel { padding-left: 20px; } +:focus { + outline: none; +} - -:focus {outline:none;} -::-moz-focus-inner {border:0;} +::-moz-focus-inner { + border: 0; +} .login { - background-color: #fff; - box-shadow: 0 2px 6px rgba(100, 100, 100, 0.3); - font-family: Arial,Helvetica,sans-serif; - margin: 0; - padding: 0; - text-align: left; - vertical-align: top; - width: 500px; + background-color: #fff; + box-shadow: 0 2px 6px rgba(100, 100, 100, 0.3); + font-family: Arial, Helvetica, sans-serif; + margin: 0; + padding: 0; + text-align: left; + vertical-align: top; + width: 500px; +} +.login a.error { + color: #BE5ABF; } -.login a.error { - color: #BE5ABF; -} .vestacp { - color: #505050; - font-size: 10px; - text-align: right; + color: #505050; + font-size: 10px; + text-align: right; } .vestacp:hover { - color: #2c9491; + color: #27c24c; } .vestacp:active { - color: #ff6701; + color: #9c8cff; } + .login-bottom { - height: 50px; - margin: 0; - padding: 0 26px 0 0; - text-align: right; - vertical-align: top; - width: 474px; + height: 50px; + margin: 0; + padding: 0 26px 0 0; + text-align: right; + vertical-align: top; + width: 474px; } .l-unit.selected { - background-color: #feef9a; - color: #555; - border-bottom: 1px solid #c0b990; + background-color: #feef9a; + color: #555; + border-bottom: 1px solid #c0b990; } - -.l-unit.selected b, -.l-unit.selected strong { - color: #555; +.l-unit.selected b, .l-unit.selected strong { + color: #555; } - /* MAIN MENU COLLAPSED */ .collapsed .l-stat { - padding-top: 20px; + padding-top: 20px; } - .collapsed .l-stat__col a { - height: 0; - min-height: 0; - overflow: hidden; + height: 0; + min-height: 0; + overflow: hidden; } - .collapsed .l-stat__col-title { - padding-top: 2px; + padding-top: 2px; } div.l-content.collapsed > div.l-separator:nth-of-type(2) { - margin-top: 93px; - position: fixed; + margin-top: 93px; + position: fixed; } - div.l-content.collapsed > div.l-separator:nth-of-type(4) { - margin-top: 138px; - position: fixed; + margin-top: 138px; + position: fixed; } - div.l-content.collapsed .l-sort { - margin-top: 94px; + margin-top: 94px; } .l-content > .units.l-center::before { - content: ''; - display: block; - height: 260px; + content: ""; + display: block; + height: 260px; } form#vstobjects { - padding-top: 280px; + padding-top: 280px; } - form#vstobjects.suspended { - background-color: #EAEAEA; - padding-bottom: 30px; + background-color: #EAEAEA; + padding-bottom: 30px; } #add-icon { - width: 45px; - height: 45px; - background-image: url("/images/sprite.png?1446554103"); - background-position: -378px -107px; - background-repeat: no-repeat; - display: inline-block; - z-index: 3; + width: 45px; + height: 45px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -378px -107px; + background-repeat: no-repeat; + display: inline-block; + z-index: 3; } + .l-sort__create-btn.restore #add-icon { - background-position: -378px -250px; + background-position: -378px -250px; } .l-sort__create-btn.edit #add-icon { - background-position: -378px -154px; + background-position: -378px -154px; } + #tooltip { - background-color: #aacc0d; - border-radius: 15px; - bottom: 6px; - color: #fff; - font-size: 12px; - font-weight: bold; - height: 26px; - left: 12px; - letter-spacing: 0; - line-height: 25px; - margin-left: 12px; - margin-top: 7px; - padding: 3px 14px 3px 27px; - position: absolute; - text-transform: uppercase; - white-space: nowrap; - word-break: keep-all; - z-index: -1; + background-color: #aacc0d; + border-radius: 15px; + bottom: 6px; + color: #fff; + font-size: 12px; + font-weight: bold; + height: 26px; + left: 12px; + letter-spacing: 0; + line-height: 25px; + margin-left: 12px; + margin-top: 7px; + padding: 3px 14px 3px 27px; + position: absolute; + text-transform: uppercase; + white-space: nowrap; + word-break: keep-all; + z-index: -1; } .l-sort__create-btn:active #add-icon { - background-position: -425px -107px; + background-position: -425px -107px; } .l-sort__create-btn.restore:active #add-icon { - background-position: -425px -250px !important; + background-position: -425px -250px !important; } - .l-sort__create-btn.edit:active #add-icon { - background-position: -425px -154px !important; + background-position: -425px -154px !important; } - .l-sort__create-btn.edit:hover #tooltip { - background-color: #55C9C0; + background-color: #23b7e5; } .l-sort__create-btn.edit:active #tooltip { - background-color: #3BF0E6 !important; + background-color: #3BF0E6 !important; } - - - - .l-sort__create-btn:active #tooltip { - background-color: #D9F210; + background-color: #D9F210; } .noselect { - -webkit-touch-callout: none; - -webkit-user-select: none; - -khtml-user-select: none; - -moz-user-select: none; - -ms-user-select: none; - user-select: none; + -webkit-touch-callout: none; + -webkit-user-select: none; + -khtml-user-select: none; + -moz-user-select: none; + -ms-user-select: none; + user-select: none; } .search-input { - background-color: #fff; - border: 1px solid #ddd; - height: 21px; - line-height: 28px; - padding-left: 7px; - float: left; - width: 74px; -/* visibility: hidden;*/ - -webkit-transition: width .2s ease-out; - -moz-transition: width .2s ease-out; - -o-transition: width .2s ease-out; - transition: width .2s ease-out; -} -.lang-ru .search-input.activated{ - width: 70px; -} -.search-input.activated{ - width: 130px; - visibility: visible; -} -.search-input:focus { -// background-color: #e8fcff; -// border-color: #75c9c2; -// color: #333; + background-color: #fff; + border: 1px solid #ddd; + height: 21px; + line-height: 28px; + padding-left: 7px; + float: left; + width: 74px; + /* visibility: hidden;*/ + -webkit-transition: width 0.2s ease-out; + -moz-transition: width 0.2s ease-out; + -o-transition: width 0.2s ease-out; + transition: width 0.2s ease-out; } +.lang-ru .search-input.activated { + width: 70px; +} + +.search-input.activated { + width: 130px; + visibility: visible; +} .float-left { - float: left; + float: left; } + .float-right { - float: right; + float: right; } + .display-inline-block { - display: inline-block; + display: inline-block; } + .width-100p { - width: 100%; + width: 100%; } .l-sort-toolbar table td { - float: left; + float: left; } + .l-sort-toolbar__search-box { - float: right !important; - padding-top: 3px; - padding-right: 0 !important; + float: right !important; + padding-top: 3px; + padding-right: 0 !important; } + .ui-dialog .ui-dialog-buttonpane button:nth-of-type(2) { - -background-color: #dfdedd; + -background-color: #dde6e9; } .shortcuts { - background: rgba(50, 50, 50, 0.9); - display: inline-block; - position: fixed; - left: 50%; - bottom: 0; - color: #eee; - width: 800px; - border: 1px solid #333; - font-size: 13px; - z-index: 120; - transform: translate(-50%, 0); + background: rgba(50, 50, 50, 0.9); + display: inline-block; + position: fixed; + left: 50%; + bottom: 0; + color: #eee; + width: 800px; + border: 1px solid #333; + font-size: 13px; + z-index: 120; + transform: translate(-50%, 0); } .shortcuts .header { - border-bottom: 1px solid #333; - height: 43px; + border-bottom: 1px solid #333; + height: 43px; } .shortcuts .title { - text-transform: uppercase; - color: #ffcc00; - padding: 7px 0 7px 14px; - display: inline-block; - float: left; - font-size: 11px; - letter-spacing: 3px; + text-transform: uppercase; + color: #ffcc00; + padding: 7px 0 7px 14px; + display: inline-block; + float: left; + font-size: 11px; + letter-spacing: 3px; } .shortcuts .close { - background: url("/images/sprite.png?1446554103") repeat scroll -408px -469px; - cursor: pointer; - display: inline-block; - float: right; - height: 32px; - padding-top: 11px; - width: 46px; + background: url("/images/sprite.png?1446554104") repeat scroll -408px -469px; + cursor: pointer; + display: inline-block; + float: right; + height: 32px; + padding-top: 11px; + width: 46px; } .shortcuts .close:hover { - background-color: #000; + background-color: #000; } .shortcuts .close:active { - background-color: #55c9c0; + background-color: #23b7e5; } .shortcuts ul { - list-style-type: none; - padding: 30px 20px; - display: inline-block; - float: left; - width: 360px; + list-style-type: none; + padding: 30px 20px; + display: inline-block; + float: left; + width: 360px; } .shortcuts ul li { - padding: 5px 20px; + padding: 5px 20px; } .shortcuts ul li.step-top { - padding-top: 30px; + padding-top: 30px; } .shortcuts ul li span { - color: #48F4EF; - display: inline-block; - font-weight: bold; - padding: 0 20px 0 0; - text-align: right; -/* width: 140px;*/ + color: #48F4EF; + display: inline-block; + font-weight: bold; + padding: 0 20px 0 0; + text-align: right; + /* width: 140px;*/ } .shortcuts ul li span.bigger { - font-size: 18px; + font-size: 18px; } .description { - font-weight: normal; - line-height: 25px; - padding-bottom: 45px; - margin-left: 50px; + font-weight: normal; + line-height: 25px; + padding-bottom: 45px; + margin-left: 50px; } -.description ul{ - margin-top: 15px; - list-style: none; - padding-left: 0; +.description ul { + margin-top: 15px; + list-style: none; + padding-left: 0; } - -.description li{ - margin: 10px 0; +.description li { + margin: 10px 0; } - .description a { - line-height: 30px; - text-decoration: underline; - color: #2c9491; + line-height: 30px; + text-decoration: underline; + color: #27c24c; } .description a.purchase { - color: #FFF; - background-color: #9fbf0c; - border: none; - border-radius: 3px; - font-size: 13px; - font-weight: bold; - padding: 7px 15px;; - text-transform: capitalize; - text-decoration: none; + color: #FFF; + background-color: #27c24c; + border: none; + border-radius: 3px; + font-size: 13px; + font-weight: bold; + padding: 7px 15px; + text-transform: capitalize; + text-decoration: none; } .description a.purchase:hover { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .description a.purchase:active { - background-color: #D9F210; - color: #555; + background-color: #D9F210; + color: #555; } - .description a.cancel { - background-color: #999; - border: none; - border-radius: 3px; - color: #fff; - font-size: 13px; - font-weight: bold; - padding: 7px 15px; - text-transform: capitalize; - text-decoration: none; + background-color: #999; + border: none; + border-radius: 3px; + color: #fff; + font-size: 13px; + font-weight: bold; + padding: 7px 15px; + text-transform: capitalize; + text-decoration: none; } .description a.cancel:hover { - background-color: #2c9491; + background-color: #27c24c; } .description a.cancel:active { - background-color: #5f9491; + background-color: #5f9491; } - .description.cancel-success { - color: #8fac0a; - font-weight: bold; + color: #8fac0a; + font-weight: bold; } - .description .licence { - padding: 20px 0; - color: #2c9491; + padding: 20px 0; + color: #27c24c; } - .description .licence input { - margin-left: 17px; - width: 137px; + margin-left: 17px; + width: 137px; } - .description span { - font-style: italic; - line-height: 45px; - padding-top: 20px; + font-style: italic; + line-height: 45px; + padding-top: 20px; } - .description .twoco { - font-style: italic; - line-height: 15px; - font-size: 12px; + font-style: italic; + line-height: 15px; + font-size: 12px; } .ui-dialog .ui-dialog-content { - padding: 10px 26px 30px !important; + padding: 10px 26px 30px !important; } .helper-container { - float: right; - height: 293px; - margin-bottom: -450px; - margin-top: 459px; - padding-top: 3px; - width: 563px; + float: right; + height: 293px; + margin-bottom: -450px; + margin-top: 459px; + padding-top: 3px; + width: 563px; } .context-helper { - text-transform: uppercase; -# text-decoration: underline; - color: #777; - font-size: 11px; - cursor: pointer; - font-weight: bold; - float: right; + text-transform: uppercase; + color: #777; + font-size: 11px; + cursor: pointer; + font-weight: bold; + float: right; } .context-helper:hover { - color: #55C9C0; + color: #23b7e5; } .context-helper:active { - color: #ff6701; + color: #9c8cff; } - .cron-helper-tabs { -/* margin-top: 30px;*/ - border: 1px solid #d9d9d9 !important; + /* margin-top: 30px;*/ + border: 1px solid #d9d9d9 !important; } - .cron-helper-tabs a { - color: #777; - font-size: 11px; - font-weight: bold; - line-height: 30px; - padding: 0 12px; - text-transform: uppercase; + color: #777; + font-size: 11px; + font-weight: bold; + line-height: 30px; + padding: 0 12px; + text-transform: uppercase; } - .cron-helper-tabs a:hover { - color: #ff6701; + color: #9c8cff; } .cron-helper-tabs a:active { - color: #55C9C0; + color: #23b7e5; } .cron-helper-tabs .ui-tabs-selected a { - color: #ff6701; + color: #9c8cff; } - .cron-helper-tabs select { - font-size: 15px !important; + font-size: 15px !important; } .cron-helper-tabs select.short { - background-position: -388px -604px; - min-width: 30px; - width: 70px; + background-position: -388px -604px; + min-width: 30px; + width: 70px; } - .cron-helper-tabs p { - color: #777; - font-size: 12px; + color: #777; + font-size: 12px; } -.cron-helper-tabs p span{ - padding-right: 15px; - padding-left: 25px; +.cron-helper-tabs p span { + padding-right: 15px; + padding-left: 25px; } -.cron-helper-tabs p span.first{ - display: inline-block; - padding-right: 15px; - width: 100px; - padding-left: 0; +.cron-helper-tabs p span.first { + display: inline-block; + padding-right: 15px; + width: 100px; + padding-left: 0; } - .cron-helper-tabs .button { - width: auto; - background-color: #55C9C0; - border: 1px solid #55C9C0; - text-transform: capitalize; + width: auto; + background-color: #23b7e5; + border: 1px solid #23b7e5; + text-transform: capitalize; } .cron-helper-tabs .button:hover { - background-color: #5BD8CF; - border: 1px solid #5BD8CF; + background-color: #00d8ff; + border: 1px solid #00d8ff; } .cron-helper-tabs .button:active { - background-color: #4FBCB4; - border: 1px solid #4FBCB4; + background-color: #49c8ef; + border: 1px solid #49c8ef; } .context-helper-close { - background: rgba(0, 0, 0, 0) url("/images/sprite.png?1446554103") repeat scroll -408px -469px; - cursor: pointer; - display: inline-block; - float: right; - height: 32px; - padding-top: 11px; - width: 46px; - filter: contrast(50%); + background: rgba(0, 0, 0, 0) url("/images/sprite.png?1446554104") repeat scroll -408px -469px; + cursor: pointer; + display: inline-block; + float: right; + height: 32px; + padding-top: 11px; + width: 46px; + filter: contrast(50%); } .context-helper-close:hover { - background-color: #aaa; - filter: none; + background-color: #aaa; + filter: none; } .context-helper-close:active { - background-color: #999; - filter: none; + background-color: #999; + filter: none; } @media screen and (max-width: 950px) { - .helper-container { - display: none; - } + .helper-container { + display: none; + } +} + + +/* ------ fixes ------ */ + +body { + background: #f0f3f5; + color: #58666f; + font-family: 'Source Sans Pro', sans-serif; +} +b, strong { + color: #58666f; +} +.l-percent { + border-bottom: none; + margin-top: 1px; + width: 200px; + background: #e4eaed; +} +.l-percent__fill { + background-color: #2ac34e; + bottom: 0; +} +.to-top { + z-index: 100; + top: unset; + bottom: 30px; + right: 285px; +} +.to-shortcuts { + z-index: 100; + top: unset; + bottom: 30px; + right: 330px; +} +.shortcuts { + right: calc(50% - 400px); + bottom: calc(50% - 213px); +} +.l-separator { + display: none; +} +.l-header { + position: fixed; + width: calc(100% - 40px); + z-index: 99; + background: #fff; + box-shadow: 0 2px 2px rgba(0, 0, 0, 0.05), 0 1px 0 rgba(0, 0, 0, 0.05); + color: #58666f; + height: 50px; + padding: 0 20px; + margin-bottom: unset; +} +.l-header a { + color: #58666f; + font-size: 14px; +} +.l-header a:hover { + color: #58666f; +} +.l-header .l-center { + max-width: none !important; +} +.l-header .l-center .l-logo { + background-position: -65px -182px; + /* background-position: -125px -478px; */ + background-repeat: no-repeat; + display: block; + height: 40px; + margin-top: 0; + width: 80px; + /* width: 42px; */ + margin-left: 0; + background-size: 235px 325px; + position: relative; + top: 5px; + left: 0; + float: left; + padding-right: 20px; +} +.l-header .l-center .l-menu { + position: unset; + margin-left: unset; +} +.l-header .l-center .l-menu .l-menu__item a { + line-height: 50px; + padding: 0 18px; + display: inline-block; +} +.l-header .l-center .l-menu .l-menu__item a:hover { + background-color: rgba(0, 0, 0, 0.05); +} +.l-header .l-center .l-menu .l-menu__item a:active { + background-color: rgba(0, 0, 0, 0.05); +} +.l-header .l-center .l-menu .l-menu__item.l-menu__item--active a { + color: unset; + font-size: unset; + font-weight: unset; + text-transform: unset; + background-color: rgba(0, 0, 0, 0.05); +} +.l-header .l-center .l-profile .l-profile__notifications { + margin-top: 13px; +} +.l-header .l-center .l-profile .l-profile__notifications:hover { + background-color: rgba(0, 0, 0, 0.05); +} +.l-header .l-center .l-profile .l-profile__username { + padding: 15px 0 0 10px; +} +.l-header .l-center .l-profile .l-profile__logout { + padding: 15px 0 0 10px; +} +.l-header > .l-center { + margin-left: 200px; +} +.l-content { + position: relative; + top: 50px; +} +.l-content + div { + right: 100px !important; + top: unset !important; + bottom: 40px !important; +} +.l-content + div div { + background-color: #e4eaed !important; + padding: 10px; + border-radius: 5px; +} +.l-content .l-center { + max-width: none !important; +} +.l-content .l-center .l-stat { + display: block; + position: fixed; + z-index: 100; + padding-top: 0 !important; + width: 200px; + height: 100%; + top: 0; + margin-top: 0; + background: #1c2b35; + overflow-y: scroll; + scrollbar-width: thin; + /* Firefox */ + -ms-overflow-style: scrollbar; + /* Internet Explorer 10+ */ + /* width */ +} +.l-content .l-center .l-stat::-webkit-scrollbar { + display: block; + width: 7px; + /* Track */ +} +.l-content .l-center .l-stat::-webkit-scrollbar-track { + background: rgba(255, 255, 255, 0); + /* Handle */ +} +.l-content .l-center .l-stat::-webkit-scrollbar-thumb { + background: rgba(255, 255, 255, 0.15); +} +.l-content .l-center .l-stat:hover { + /* Handle on hover */ +} +.l-content .l-center .l-stat:hover::-webkit-scrollbar-thumb { + background: rgba(255, 255, 255, 0.4); +} +.l-content .l-center .l-stat .l-stat__col--active ul { + display: block !important; +} +.l-content .l-center .l-stat .l-stat__col--active { + background: #131e27; +} +.l-content .l-center .l-stat .l-stat__col--active a { + border-bottom: 2px solid #131e27; +} +.l-content .l-center .l-stat .l-stat__col--active a .l-stat__col-title { + background: #16232d; + color: white !important; + font-size: 20px; + font-weight: 400; + margin-top: unset; + letter-spacing: unset; + margin-right: unset; +} +.l-content .l-center .l-stat .l-stat__col--active span { + display: none; +} +.l-content .l-center .l-stat .focus { + background: #5e5e5e; +} +.l-content .l-center .l-stat .focus a { + border-bottom: 2px solid #131e27; +} +.l-content .l-center .l-stat .focus a ul li { + color: #c2e5ff !important; +} +.l-content .l-center .l-stat .focus a .l-stat__col-title { + background: #5e5e5e; + color: #c4d0d8; + font-size: 20px; + font-weight: 400; + margin-top: unset; + letter-spacing: unset; + margin-right: unset; +} +.l-content .l-center .l-stat .l-stat__col { + display: block; + float: unset; +} +.l-content .l-center .l-stat .l-stat__col:hover .l-stat__col-title { + color: #fff; +} +.l-content .l-center .l-stat .l-stat__col:hover .l-stat__col-title:after { + color: #fff; +} +.l-content .l-center .l-stat .l-stat__col a { + height: unset !important; + min-height: unset !important; + display: block; + width: unset; + border-bottom: 2px solid #131e27; + background-color: transparent; + padding-left: unset; + padding-bottom: 10px; + padding-top: unset; + margin-top: unset; +} +.l-content .l-center .l-stat .l-stat__col a .l-stat__col-title { + min-height: unset !important; + color: #869fb2; + font-size: 20px; + font-weight: 400; + padding: 15px 15px 15px 20px; + margin-bottom: 0; + margin-top: 0 !important; +} +.l-content .l-center .l-stat .l-stat__col a .l-stat__col-title:after { + font-family: 'Font Awesome 5 Free'; + font-weight: bold; + content: "\f054"; + float: right; + font-size: 10px; + color: #5c798f; + margin-top: 8px; + margin-right: 26px; +} +.l-content .l-center .l-stat .l-stat__col a .l-stat__col-title:before { + font-family: 'Font Awesome 5 Free'; + font-weight: bold; + content: "\f233"; + padding-right: 10px; + font-size: 17px; +} + +.l-content .l-center .l-stat .l-stat__col--active a .l-stat__col-title:after { + margin-right: 26px; +} + +.l-content .l-center .l-stat .l-stat__col a ul { + margin: 0; + display: none; +} +.l-content .l-center .l-stat .l-stat__col a ul li { + color: #92adc2; + margin-bottom: unset; + padding: 10px 20px 10px 20px; + font-size: 14px; +} +.l-content .l-center .l-stat .l-stat__col a ul li span { + float: right; + padding: 3px 5px 4px 5px; + font-size: 13px; + color: #fff; + background-color: #27c54e; + font-weight: 700; + text-shadow: 0 1px 0 rgba(0, 0, 0, 0.2); + display: inline-block; + min-width: 10px; + line-height: 1; + text-align: center; + white-space: nowrap; + vertical-align: baseline; + border-radius: 0.25em; + left: 133px; +} +.l-content .l-center .l-stat .l-stat__col a ul li:first-child span { + float: right; + padding: 3px 5px 4px 5px; + font-size: 13px; + color: #fff; + background-color: #34b5dd; + font-weight: 700; + text-shadow: 0 1px 0 rgba(0, 0, 0, 0.2); + display: inline-block; + min-width: 10px; + line-height: 1; + text-align: center; + white-space: nowrap; + vertical-align: baseline; + border-radius: 10px; +} +.l-content .l-center .l-stat .l-stat__col a ul li:before { + font-family: 'Font Awesome 5 Free'; + font-weight: bold; + content: "\f03a"; + padding-right: 15px; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(1) a .l-stat__col-title:before { + content: "\f500"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(1) a ul li:nth-of-type(1):before { + content: "\f0a0"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(1) a ul li:nth-of-type(2):before { + content: "\f75b"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(1) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(2) a .l-stat__col-title:before { + content: "\f233"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(2) a ul li:nth-of-type(1):before { + content: "\f0ac"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(2) a ul li:nth-of-type(2):before { + content: "\f0c5"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(2) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(3) a .l-stat__col-title:before { + content: "\f6ff"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(3) a ul li:nth-of-type(1):before { + content: "\f0ac"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(3) a ul li:nth-of-type(2):before { + content: "\f303"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(3) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(4) a .l-stat__col-title:before { + content: "\f674"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(4) a ul li:nth-of-type(1):before { + content: "\f0ac"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(4) a ul li:nth-of-type(2):before { + content: "\f2bb"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(4) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(5) a .l-stat__col-title:before { + content: "\f1c0"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(5) a ul li:nth-of-type(1):before { + content: "\f1c0"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(5) a ul li:nth-of-type(2):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(5) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(6) a .l-stat__col-title:before { + content: "\f120"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(6) a ul li:nth-of-type(1):before { + content: "\f120"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(6) a ul li:nth-of-type(2):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(6) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(7) a .l-stat__col-title:before { + content: "\f019"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(7) a ul li:nth-of-type(1):before { + content: "\f019"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(7) a ul li:nth-of-type(2):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(7) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-sort { + padding: 0 20px; + position: relative; + z-index: 98; + width: auto; + margin-top: unset !important; + background-color: #f6f8f8; + border-bottom: 1px solid #dee5e8; + margin-bottom: 30px; +} +.l-content .l-center .l-sort .l-sort__create-btn { + bottom: -20px; +} +.l-content .l-center .l-sort .context-menu { + top: 77px; +} +.l-content .l-center .l-sort .l-sort-toolbar { + padding: 24px 0 22px 0; + color: #98a6ac; +} +.l-content .l-center .l-sort .l-sort-toolbar .l-select { + border-radius: 3px 0 0 3px; + background: #fff; + border: 1px solid #dee5e8; +} +.l-content .l-center .l-sort .l-sort-toolbar .l-sort-toolbar__filter-apply { + border-radius: 0 3px 3px 0; +} +.l-content .l-center .l-sort .l-sort-toolbar table tbody tr .l-sort-toolbar__search-box form .search-input { + border-radius: 3px 0 0 3px; + border: 1px solid #dee5e8; +} +.l-content .l-center .l-sort .l-sort-toolbar table tbody tr .l-sort-toolbar__search-box form .l-sort-toolbar__search { + border-radius: 0 3px 3px 0; +} +.l-content .l-center .l-sort .l-sort-toolbar table tbody tr .sort-by { + padding-left: 30px; +} +.l-content .l-center .l-unit { + padding: 0 0 0 15px; + overflow: hidden; + margin: 0px 20px 20px 20px; + background: #fff; + border-radius: 3px; + border-bottom: none !important; + border-left: none !important; + color: #98a6ac; + font-size: 14px; +} +.l-content .l-center .l-unit.selected { + background-color: #e4eaed; +} +.l-content .l-center .l-unit--suspended { + background-color: #eaeaea !important; +} +.l-content .l-center .l-unit.selected .l-percent { + border-bottom: none; + margin-top: 1px; + width: 200px; + background: #cbd3d7; +} +.l-content .l-center .l-unit .l-unit-toolbar .l-unit-toolbar__col.l-unit-toolbar__col--right { + position: relative; + top: 20px; + right: 20px; + display: block; +} +.l-content .l-center .l-unit .l-unit-toolbar .l-unit-toolbar__col.l-unit-toolbar__col--right .actions-panel__col { + margin-left: 10px; + border-radius: 3px; + overflow: hidden; + border-right: none; + background-color: #dde6e8; +} +.l-content .l-center .l-unit .l-unit-toolbar .l-unit-toolbar__col.l-unit-toolbar__col--right .actions-panel__col a { + font-weight: 500; +} +.l-content .l-center .l-unit .l-unit-toolbar .l-unit-toolbar__col .check-label:before { + z-index: 97; +} +.l-content .l-center .l-unit .l-unit__col .l-unit__name { + color: #34b5dd; + font-weight: 500; + font-size: 24px; + margin-bottom: unset; +} +.l-content .l-center .l-unit .l-unit__col .l-unit__ip { + font-size: 18px; +} +.l-content .l-center .l-unit .l-unit__col .l-unit__date { + letter-spacing: unset; + display: inline-block; + border-bottom: solid 10px #ffeb0087; + line-height: 3px; + padding: 0 0px; + margin-bottom: 30px; + font-weight: 400; + font-size: 16px; +} +.l-content .l-center .l-unit .l-unit__col .l-unit__stats td { + height: 27px; +} +.l-content .l-center .io-box { + overflow: hidden; + margin: 20px 20px 0px 20px; + color: #98a6ac; +} +.l-content .l-center .io-box .io-box-left { + float: left; + width: calc(100% - 800px); + /*min-width: 283px;*/ + text-align: center; +} +.l-content .l-center .io-box .io-box-left .io-box-left-items { + float: left; + width: calc(50% - 20px); + height: 137px; + margin-right: 20px; + margin-bottom: 20px; + background: #fff; + border-radius: 3px; + min-width: 125px; +} +.l-content .l-center .io-box .io-box-left .io-box-left-items a { + display: block; + font-size: 36px; + font-weight: 300; + margin-top: 32px; +} +.l-content .l-center .io-box .io-box-left .io-1-homepage-block { + color: #98a6ac; +} +.l-content .l-center .io-box .io-box-left .io-1-homepage-block a { + color: #34b5dd; +} +.l-content .l-center .io-box .io-box-left .io-2-homepage-block { + color: #b4efc2; + background-color: #27c54e; +} +.l-content .l-center .io-box .io-box-left .io-2-homepage-block a { + color: #ecfff1; +} +.l-content .l-center .io-box .io-box-left .io-3-homepage-block { + color: #b0e1f1; + background-color: #34b5dd; +} +.l-content .l-center .io-box .io-box-left .io-3-homepage-block a { + color: #dcf2f8; +} +.l-content .l-center .io-box .io-box-left .io-4-homepage-block { + color: #98a6ac; +} +.l-content .l-center .io-box .io-box-left .io-4-homepage-block a { + color: #58666f; +} +.l-content .l-center .io-box .io-box-left .io-1-homepage-block span { + padding: 5px; +} +.l-content .l-center .io-box .io-box-left .io-2-homepage-block span { + padding: 5px; +} +.l-content .l-center .io-box .io-box-left .io-3-homepage-block span { + padding: 5px; +} +.l-content .l-center .io-box .io-box-left .io-4-homepage-block span { + padding: 5px; +} +.l-content .l-center .io-box .io-box-left .io-5-homepage-block span { + padding: 5px; +} + +.l-content .l-center .io-box .io-box-left .io-5-homepage-block { + width: calc(100% - 20px); + color: #98a6ac; + background: #e4eaed; +} +.l-content .l-center .io-box .io-box-left .io-5-homepage-block a { + color: #27c54e; +} +.l-content .l-center .io-box .io-box-left .io-5-homepage-block:before { + font-family: 'Font Awesome 5 Free'; + font-weight: bold; + font-size: 32px; + background: #dde6e8; + height: 121px; + width: 115px; + line-height: 90px; + content: "\f581"; + color: #fff; + float: left; + border-radius: 5px 0 0 5px; + padding-top: 16px; +} +.l-content .l-center .io-box .io-box-right { + float: right; + width: 800px; + background: #fff; + height: 450px; + overflow: hidden; + border-radius: 3px; + text-align: center; +} +.l-content .l-center .io-box .io-box-right img { + margin-top: 8px; + width: 767px; + height: 433px; + position: relative; +} +.l-content .l-center .l-unit-ft { + padding: 0 0 37px 15px; + overflow: hidden; + margin: 0px 20px 19px 20px; + background: #e4eaed; + border-radius: 3px; + border-bottom: none !important; + border-left: none !important; + position: relative; + color: #a6b0b4; + font-weight: bold; + text-transform: uppercase; + font-size: 11px; +} +.l-content .l-center .l-unit-ft:before { + font-family: "Font Awesome 5 Free"; + font-weight: bold; + font-size: 32px; + background: #dde6e8; + height: 100%; + width: 90px; + line-height: 108px; + content: "\f05a"; + color: #fff; + float: left; + border-radius: 5px 0 0 5px; + position: absolute; + left: 0; + text-align: center; +} +.l-content .l-center .l-unit-ft .data { + margin: 0 0 50px 0; +} +.l-content .l-center #vstobjects { + padding: 0 0 0 15px; + overflow: hidden; + margin: 0px 20px 20px 20px; + background: #fff; + border-radius: 3px; + border-bottom: none !important; + border-left: none !important; + color: #98a6ac; + font-size: 14px; +} +.l-content .l-center #vstobjects .data-date { + color: #98A6AC; + letter-spacing: unset; + display: inline-block; + border-bottom: solid 10px #ffeb0087; + line-height: 3px; + padding: 0 0px; + margin-bottom: 30px; + font-weight: 400; + font-size: 16px; +} +.l-content .l-center .vst-text.step-top.helper-container { + margin-bottom: unset; + margin-top: 0; + float: unset; + height: auto; + width: auto; +} +.l-content .l-center .vst-text.step-top.helper-container #tabs.cron-helper-tabs { + padding: 0 0 0 15px; + overflow: hidden; + margin: 0 20px 20px 20px; + background: #fff; + border-radius: 3px; + border-bottom: none !important; + border-left: none !important; + color: #98a6ac; + font-size: 14px; + border: none !important; +} +.l-content > .units.l-center::before { + content: ''; + display: block; + height: 0; +} +.l-content > .l-center { + margin-left: 200px; + margin-right: 240px; +} +.l-content > .l-center:first-child { + margin-left: 0; +} +.l-content #vstobjects > .l-center { + margin-left: 200px; + margin-right: 240px; + padding-top: 0; + padding-bottom: 1px; +} + +.l-content .right_sidebar { + width: 240px; + position: fixed; + display: block; + z-index: 98; + top: 50px; + right: 0px; + box-sizing: border-box; + height: 100%; + background: #fff; + border-left: 1px solid #dee5e8; +} +.l-content .io-log { + color: #58666f; + border-left: 1px solid #dee5e8; + width: 240px; + position: relative; + display: block; + /*overflow-scrolling: auto;*/ + z-index: 99; + top: 0px; + right: 0px; + background: #fff; + word-break: break-word; + overflow: hidden; + border-right: 8px solid #e3e3e3; + box-sizing: border-box; +} +.l-content .io-log::-webkit-scrollbar { + width: 7px; + /* Track */ +} +.l-content .io-log::-webkit-scrollbar-track { + background: rgba(255, 255, 255, 0); + /* Handle */ +} +.l-content .io-log::-webkit-scrollbar-thumb { + background: rgba(0, 0, 0, 0.15); + border-radius: 7px; + /* Handle on hover */ +} +.l-content .io-log::-webkit-scrollbar-thumb:hover { + background: rgba(0, 0, 0, 0.4); + border-radius: 7px; +} +.l-content .io-log > * { + margin: 0 20px; +} +.l-content .io-log h2 { + margin: 0 0 20px 0; + padding-left: 20px; + font-size: 24px; + font-weight: 300; + line-height: 60px; + color: #98a6ac; + border-bottom: 1px solid #dee5e8; + cursor: pointer; +} +.l-content .io-log h2:before { + font-family: "Font Awesome 5 Free"; + font-weight: bold; + content: "\f15c"; + padding-right: 10px; + font-size: 17px; +} +.l-content .io-log > div { + /* border-left: solid 1px #dee5e8; */ + padding-left: 15px; + position: relative; + margin-left: 25px; +} +.l-content .io-log > div > div { + position: relative; + margin-bottom: 25px; +} +.l-content .io-log > div > div > div:nth-of-type(2) { + color: #98a6ac; + font-size: 13px; + margin-bottom: 5px; +} +.l-content .io-log > div > div > div:nth-of-type(3) { + color: #98a6ac; + font-size: 13px; + margin-bottom: 5px; +} +.l-content .io-log > div > div:before { + content: ''; + position: absolute; + height: 100%; + width: 7px; + border-radius: 10px; + border: solid 1px #dee5e8; + background: #e0fff9; + left: -20px; +} +.l-content .io-log > div > div:first-child(1n):before { + background: #e0fff9; +} +.l-content .io-log > div > div:nth-child(2n):before { + background: #fbffe0; +} +.l-content .io-log > div > div:nth-child(3n):before { + background: #fbffe0; +} +.l-content .io-log > div > div:nth-child(4n):before { + background: #fbffe0; +} +.l-content .io-log > div > div:nth-child(5n):before { + background: #fbffe0; +} + +.l-content .io-log2 { + color: #58666f; + border-left: 1px solid #dee5e8; + border-top: 1px solid #cecece; + width: 240px; + position: relative; + height: 100%; + display: block; + /*overflow-scrolling: auto;*/ + z-index: 99; + top: 0px; + right: 0px; + background: #fff; + word-break: break-word; + overflow-y: scroll; + scrollbar-width: thin; + box-sizing: border-box; +} +.l-content .io-log2::-webkit-scrollbar { + width: 7px; + /* Track */ +} +.l-content .io-log2::-webkit-scrollbar-track { + background: rgba(255, 255, 255, 0); + /* Handle */ +} +.l-content .io-log2::-webkit-scrollbar-thumb { + background: rgba(0, 0, 0, 0.15); + border-radius: 7px; + /* Handle on hover */ +} +.l-content .io-log2::-webkit-scrollbar-thumb:hover { + background: rgba(0, 0, 0, 0.4); + border-radius: 7px; +} +.l-content .io-log2 > * { + margin: 0 20px; +} +.l-content .io-log2 h2 { + margin: 0 0 20px 0; + padding-left: 20px; + font-size: 24px; + font-weight: 300; + line-height: 60px; + color: #98a6ac; + border-bottom: 1px solid #dee5e8; + cursor: pointer; +} +.l-content .io-log2 h2:before { + font-family: "Font Awesome 5 Free"; + font-weight: bold; + content: "\f15c"; + padding-right: 10px; + font-size: 17px; +} +.l-content .io-log2 > div { + border-left: solid 1px #dee5e8; + padding-left: 15px; + position: relative; + margin-left: 25px; +} +.l-content .io-log2 > div > div { + position: relative; + margin-bottom: 25px; +} +.l-content .io-log2 > div > div > div:nth-of-type(2) { + color: #98a6ac; + font-size: 12px; + margin-bottom: 5px; +} +.l-content .io-log2 > div > div:before { + content: ''; + position: absolute; + height: 100%; + width: 7px; + border-radius: 10px; + border: solid 1px #dee5e8; + background: #fff; + left: -20px; +} +.l-content .io-log2 > div > div:nth-child(2n):before { + border: solid 1px #27c54e; +} +.l-content .io-log2 > div > div:nth-child(3n):before { + border: solid 1px #27bbc5; +} +.l-content .io-log2 > div > div:nth-child(4n):before { + border: solid 1px #275bc5; +} +.l-content .io-log2 > div > div:nth-child(5n):before { + border: solid 1px #ffcc00; +} + + +#tooltip { + background-color: #3AB5DD; +} +#tooltip:hover { + background-color: #1ca2cc; +} + +.l-sort__create-btn.edit:hover #tooltip { + background-color: #49c8ef; +} +.l-sort__create-btn.edit:active #tooltip { + background-color: #00d8ff !important; +} +.l-sort__create-btn:active #tooltip { + background-color: #00d8ff; +} +.body-login, .body-reset { + background-color: #f0f3f5; +} +.body-login .login, .body-reset .login { + font-family: Arial, Helvetica, sans-serif; + border: 1px solid #e7ecee; + border-radius: 10px; + overflow: hidden; + position: relative; + padding: 35px 35px 10px 35px; + display: block; + width: 420px; + box-shadow: 0 2px 2px rgba(0, 0, 0, 0.05), 0 1px 0 rgba(0, 0, 0, 0.05); +} +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1), .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) { + position: absolute; + text-align: center; + width: calc(100% - 46px); +} +/* +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) a, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) a { + background-image: url(/images/sprite.png?1446554103); + background-position: -65px -182px; + background-repeat: no-repeat; + display: inline-block; + height: 40px; + margin-top: 0; + width: 80px; + margin-left: 0; + background-size: 235px 325px; + position: relative; +} +*/ +/* +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) a img, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) a img { + display: none; +} +*/ +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2), .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) { + position: relative; + padding: 65px 0 0 0 !important; +} +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .vst-input, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .vst-input { + padding: 5px 10px; + margin: 0; + width: 320px !important; + margin-top: 7px; + border-radius: 3px; + border: solid 1px #d3d9e2; +} +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button, .body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button:hover, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button:hover, .body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button:active, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button:active { + width: 100% !important; + border: 1px solid #27c54e; + background-color: #27c54e; + color: #f4f3f9; + margin-bottom: 20px; +} +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(2) .login-bottom, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(2) .login-bottom { + width: auto; + text-align: center; + padding-bottom: unset; + padding: 0; +} +.body-login .login-box .vst-advanced, .body-reset .login-box .vst-advanced { + color: #34b5dd; +} +.body-web-log .l-header > .l-center { + margin-left: 0; +} +.l-stat__col span { + padding: 4px 0; + font-size: 15px; + position: fixed; + display: inline-block; + left: 159px; +} +.l-sort__create-btn2 { + background-image: url("/images/sprite.png?1446554103"); + background-position: -331px -107px; + background-repeat: no-repeat; + display: inline-block; + height: 45px; + width: 45px; +} +/* +.ui-resizable-handle { + background-color: #333 !important; +} +*/ +/* +div.ui-dialog div { + background-color: #333 !important; +} +*/ +div.ui-dialog > div { + background-color: #333 !important; +} +div.ui-dialog > div div { + background-color: #333 !important; +} +/* +div.ui-dialog > div > div { + background-color: #333 !important; +} +div.ui-dialog + div { + background-color: #333 !important; +} +div.ui-dialog + div div{ + background-color: #333 !important; +} +*/ +/* +.ui-dialog-titlebar { + background-color: #333 !important; +} +.ui-dialog-buttonpane { + background-color: #333 !important; +} +*/ + +.backup-items { + background-color: #f8f8f8; + margin: 10px 33px; + border-radius: 10px; +} + +.upper_button { + background-color: #3AB5DD; + color: #fff !important; + padding: 5px 10px !important; + border-radius: 13px; +} + +.get-ip-info-btn { + cursor: pointer; + margin-left: 10px; +} +.get-ip-info-btn:hover { + color: #000000; +} +.get-ip-info-btn + .get-ip-info-result { + margin: 10px 0; +} +.get-ip-info-btn + .get-ip-info-result dl dt { + font-weight: bold; +} +.get-ip-info-btn + .get-ip-info-result dl dd { + margin: 0 0 10px 0; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-triangle { + color: red; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-check-circle { + color: green; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-circle { + color: orange; } diff --git a/web/delete/backup/exclusion/index.php b/web/delete/backup/exclusion/index.php index 29ad3bd5..7cad5856 100644 --- a/web/delete/backup/exclusion/index.php +++ b/web/delete/backup/exclusion/index.php @@ -1,4 +1,7 @@ " . escapeshellarg($passthru_is_disabled_workaround_file), $output, $return_var); + readfile($passthru_is_disabled_workaround_file); + fclose($passthru_is_disabled_workaround_handle); // fclose(tmpfile()) automatically deletes the file, unlink is not required :) +} +if ($return_var != 0) { + $errstr = "Internal server error: command returned non-zero: {$return_var}: {$cmd}"; + echo $errstr; + throw new Exception($errstr); // make sure it ends up in an errorlog somewhere } -?> diff --git a/web/edit/file/index.php b/web/edit/file/index.php index d6ae8dce..931b861f 100644 --- a/web/edit/file/index.php +++ b/web/edit/file/index.php @@ -37,6 +37,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) { $content = ''; $path = $_REQUEST['path']; if (!empty($_POST['save'])) { + // Check token + if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { + header('location: /login/'); + exit(); + } + $fn = tempnam ('/tmp', 'vst-save-file-'); if ($fn) { $contents = $_POST['contents']; @@ -73,7 +79,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) { - + @@ -93,6 +99,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) { var makeBackup = function() { var params = { action: 'backup', + token: '', path: '' }; diff --git a/web/edit/server/index.php b/web/edit/server/index.php index 49c577d8..eed4baab 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -339,7 +339,8 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); + $v_backup_port = escapeshellarg($_POST['v_backup_port']); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath." ".$v_backup_port, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -347,12 +348,12 @@ if (!empty($_POST['save'])) { if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username']; if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password']; if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath']; + if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port']; $v_backup_new = 'yes'; $v_backup_adv = 'yes'; $v_backup_remote_adv = 'yes'; } } - // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { diff --git a/web/file_manager/fm_api.php b/web/file_manager/fm_api.php index cf4eef82..eb407ba7 100644 --- a/web/file_manager/fm_api.php +++ b/web/file_manager/fm_api.php @@ -2,13 +2,19 @@ // Init //error_reporting(NULL); +// Preventing CSRF +// prevent_post_csrf(true); + header('Content-Type: application/json'); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/file_manager/fm_core.php"); +// Check token +if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token or missing token"); +} -// todo: set in session? if (empty($panel)) { $command = VESTA_CMD."v-list-user '".$user."' 'json'"; exec ($command, $output, $return_var); diff --git a/web/images/myvesta-large-white-130.png b/web/images/myvesta-large-white-130.png new file mode 100644 index 00000000..2007b0bc Binary files /dev/null and b/web/images/myvesta-large-white-130.png differ diff --git a/web/images/sprite.png b/web/images/sprite.png index 456ab6f8..c0ac73f3 100644 Binary files a/web/images/sprite.png and b/web/images/sprite.png differ diff --git a/web/images/vesta_logo.png b/web/images/vesta_logo.png index f7c03aab..7a2bd53a 100644 Binary files a/web/images/vesta_logo.png and b/web/images/vesta_logo.png differ diff --git a/web/inc/i18n.php b/web/inc/i18n.php index 8b8abf3a..9d6c1b7e 100644 --- a/web/inc/i18n.php +++ b/web/inc/i18n.php @@ -24,7 +24,7 @@ function _translate() { // Load language file (if not loaded yet) if (!isset($LANG[$l])) { - require_once($_SERVER['DOCUMENT_ROOT']."/inc/i18n/$l.php"); + require_once($_SERVER['DOCUMENT_ROOT']."/inc/i18n/".basename($l).".php"); } //if (!isset($LANG[$l][$key])) file_put_contents('/somewhere/something.log', "$key\n", FILE_APPEND); diff --git a/web/inc/i18n/ar.php b/web/inc/i18n/ar.php index e50cfec7..927f9576 100644 --- a/web/inc/i18n/ar.php +++ b/web/inc/i18n/ar.php @@ -196,6 +196,7 @@ $LANG['ar'] = array( 'SSL Home Directory' => 'المجلد الرئيسي لـ SSL', 'Lets Encrypt Support' => 'دعم Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'سوف يتم اصدار الترخيص الخاص بك خلال 5 دقائق', 'Proxy Support' => 'دغم بروكسي', 'Proxy Extensions' => 'توسعات بروكسي', diff --git a/web/inc/i18n/az.php b/web/inc/i18n/az.php index 715043a0..929d5d29 100644 --- a/web/inc/i18n/az.php +++ b/web/inc/i18n/az.php @@ -187,6 +187,7 @@ $LANG['az'] = array( 'SSL Home Directory' => 'SSL Ana qovluğu', 'Lets Encrypt Support' => 'Lets Encrypt dəstəyi', 'Lets Encrypt' => 'Şifrələ', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Sənədiniz avtomatik olaraq 5 dəqiqə ərzində veriləcək', 'Proxy Support' => 'Proxy dəstəyi', 'Proxy Extensions' => 'Proxy əlavələri', diff --git a/web/inc/i18n/bg.php b/web/inc/i18n/bg.php index 642e6cfa..746963d3 100644 --- a/web/inc/i18n/bg.php +++ b/web/inc/i18n/bg.php @@ -40,6 +40,8 @@ $LANG['bg'] = array( 'NETWORK' => 'МРЕЖА', 'Web Log Manager' => 'МЕНИДЖЪР НА УЕБ ЛОГОВЕ', + 'no notifications' => 'no notifications', + 'Add User' => 'Добави потребител', 'Add Domain' => 'Добави домейн', 'Add Web Domain' => 'Добави уеб домейн', @@ -107,6 +109,7 @@ $LANG['bg'] = array( 'disable autoupdate' => 'забрани автоматичното обновяване', 'turn on notifications' => 'включи известията', 'turn off notifications' => 'изключи известията', + 'configure' => 'configure', 'Adding User' => 'Добавяне на потребител', 'Editing User' => 'Редактиране на потребител', @@ -191,6 +194,8 @@ $LANG['bg'] = array( 'SSL Home Directory' => 'SSL начало', 'Lets Encrypt Support' => 'Lets Encrypt поддръжка', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', + 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Прокси поддръжка', 'Proxy Extensions' => 'Прокси разширения', 'Web Statistics' => 'Уеб статистики', @@ -688,7 +693,7 @@ $LANG['bg'] = array( 'Select Bunch of Files' => 'Избери няколко файла', 'Add File to the Current Selection' => 'Добави файла към текущата селекция', 'Select All Files' => 'Избери всички файлове', - 'shortcuts are inspired by magnificent GNU Midnight Commander файлов мениджър' => + 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => 'преките пътища са вдъхновени от великолепният GNU Midnight Commander файлов мениджър', 'Licence Key' => 'Лицензен ключ', 'Enter License Key' => 'Въведете лицензен ключ', @@ -702,9 +707,6 @@ $LANG['bg'] = array( 'This is a commercial module, you would need to purchace license key to enable it.' => 'Това е комерсиален модул, за чиито ползване е нужно да поръчате лицензионен ключ.', 'Minutes' => 'Минути', 'Hourly' => 'Всеки час', - 'Daily' => 'Всеки ден ', - 'Weekly' => 'Всяка седмица', - 'Monthly' => 'Всеки месец', 'Run Command' => 'Изпълни команда', 'every month' => 'всеки месец', 'every odd month' => 'всеки нечетен месец', diff --git a/web/inc/i18n/bs.php b/web/inc/i18n/bs.php index 4e2f32e1..8f515153 100644 --- a/web/inc/i18n/bs.php +++ b/web/inc/i18n/bs.php @@ -195,6 +195,7 @@ $LANG['bs'] = array( 'SSL Home Directory' => 'SSL direktorij', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Proxy podrška', 'Proxy Extensions' => 'Proxy ekstenzije', diff --git a/web/inc/i18n/cn.php b/web/inc/i18n/cn.php index 389e8c1e..9276cd83 100644 --- a/web/inc/i18n/cn.php +++ b/web/inc/i18n/cn.php @@ -201,6 +201,7 @@ $LANG['cn'] = array( 'SSL Home Directory' => 'SSL主目录', 'Lets Encrypt Support' => '采用 Let's Encrypt', 'Lets Encrypt' => 'Let's Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => '证书将在5分钟内自动完成签发', 'Proxy Support' => '反向代理', 'Proxy Extensions' => '需代理的文件扩展名', diff --git a/web/inc/i18n/cz.php b/web/inc/i18n/cz.php index 9a0cac79..9237444e 100644 --- a/web/inc/i18n/cz.php +++ b/web/inc/i18n/cz.php @@ -196,6 +196,7 @@ $LANG['cz'] = array( 'SSL Home Directory' => 'SSL home adresář', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Proxy podpora', 'Proxy Extensions' => 'Proxy rozšíření', diff --git a/web/inc/i18n/da.php b/web/inc/i18n/da.php index 6e0fab72..92f1ee78 100644 --- a/web/inc/i18n/da.php +++ b/web/inc/i18n/da.php @@ -197,6 +197,7 @@ $LANG['da'] = array( 'SSL Home Directory' => 'SSL Home', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Proxy Support', 'Proxy Extensions' => 'Proxy Tilføjelser', diff --git a/web/inc/i18n/de.php b/web/inc/i18n/de.php index 17d1101f..2e6cf9f3 100644 --- a/web/inc/i18n/de.php +++ b/web/inc/i18n/de.php @@ -195,6 +195,7 @@ $LANG['de'] = array( 'SSL Home Directory' => 'SSL Homeverzeichnis', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Proxy Unterstützung', 'Proxy Extensions' => 'Proxy Erweiterungen', diff --git a/web/inc/i18n/el.php b/web/inc/i18n/el.php index bef89086..66b6532a 100644 --- a/web/inc/i18n/el.php +++ b/web/inc/i18n/el.php @@ -197,6 +197,7 @@ $LANG['el'] = array( 'SSL Home Directory' => 'Αρχικός Κατάλογος SSL', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Υποστήριξη Proxy', 'Proxy Extensions' => 'Πρόσθετα Proxy', diff --git a/web/inc/i18n/en.php b/web/inc/i18n/en.php index d7ae290d..09ae210f 100644 --- a/web/inc/i18n/en.php +++ b/web/inc/i18n/en.php @@ -195,6 +195,7 @@ $LANG['en'] = array( 'SSL Home Directory' => 'SSL Home', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Proxy Support', 'Proxy Extensions' => 'Proxy Extensions', @@ -376,6 +377,7 @@ $LANG['en'] = array( 'ErrorLog' => 'ErrorLog', 'Download AccessLog' => 'Download AccessLog', 'Download ErrorLog' => 'Download ErrorLog', + 'Continent' => 'Continent', 'Country' => 'Country', '2 letter code' => '2 letter code', 'State / Province' => 'State / Province', diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index 6e5ce352..3a8ae573 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -203,6 +203,7 @@ $LANG['es'] = array( 'SSL Home Directory' => 'Directorio local del SSL', 'Lets Encrypt Support' => 'Soportar Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Tu certificado será emitido automáticamente en 5 minutos', 'Proxy Support' => 'Soportar Proxy', 'Proxy Extensions' => 'Extensiones Proxy', diff --git a/web/inc/i18n/fa.php b/web/inc/i18n/fa.php index 8355691a..1778b5b8 100644 --- a/web/inc/i18n/fa.php +++ b/web/inc/i18n/fa.php @@ -190,6 +190,7 @@ $LANG['fa'] = array( 'SSL Home Directory' => 'پوشه خانه SSL', 'Lets Encrypt Support' => 'پشتیبانی از Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'گواهینامه شما به صورت خودکار در طی 5 دقیقه صادر خواهد شد', 'Proxy Support' => 'پشتیبانی پراکسی', 'Proxy Extensions' => 'فرمت های پراکسی', diff --git a/web/inc/i18n/fi.php b/web/inc/i18n/fi.php index 951f8da3..8b7d33e2 100644 --- a/web/inc/i18n/fi.php +++ b/web/inc/i18n/fi.php @@ -197,6 +197,7 @@ $LANG['fi'] = array( 'SSL Home Directory' => 'SSL-kotihakemisto', 'Lets Encrypt Support' => 'Lets Encrypt Tuki', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Sertifikaattisi käsitellään viiden minuutin sisään', 'Proxy Support' => 'Proxy-tuki', 'Proxy Extensions' => 'Proxy-laajennukset', diff --git a/web/inc/i18n/fr.php b/web/inc/i18n/fr.php index 4e2e3144..5a68a58a 100644 --- a/web/inc/i18n/fr.php +++ b/web/inc/i18n/fr.php @@ -195,6 +195,7 @@ $LANG['fr'] = array( 'SSL Home Directory' => 'Racine SSL', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Support Proxy', 'Proxy Extensions' => 'Extensions Proxy', diff --git a/web/inc/i18n/hu.php b/web/inc/i18n/hu.php index 1c37f93f..c0ac0a41 100644 --- a/web/inc/i18n/hu.php +++ b/web/inc/i18n/hu.php @@ -199,6 +199,7 @@ $LANG['hu'] = array( 'SSL Home Directory' => 'SSL kezdőlap', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Proxy támogatás', 'Proxy Extensions' => 'Proxy kiterjesztések', diff --git a/web/inc/i18n/id.php b/web/inc/i18n/id.php index dd870f0d..7b43c044 100644 --- a/web/inc/i18n/id.php +++ b/web/inc/i18n/id.php @@ -196,6 +196,7 @@ $LANG['id'] = array( 'SSL Home Directory' => 'Direktori Home SSL', 'Lets Encrypt Support' => 'Dukungan Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Sertifikat anda akan otomatis diterbitkan dalam 5 menit', 'Proxy Support' => 'Dukungan Proxy', 'Proxy Extensions' => 'Ekstensi Proxy', diff --git a/web/inc/i18n/it.php b/web/inc/i18n/it.php index 1e104c51..91296d8b 100644 --- a/web/inc/i18n/it.php +++ b/web/inc/i18n/it.php @@ -196,6 +196,7 @@ $LANG['it'] = array( 'SSL Home Directory' => 'SSL Home', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Supporto Proxy', 'Proxy Extensions' => 'Estensioni Proxy', diff --git a/web/inc/i18n/ja.php b/web/inc/i18n/ja.php index a592fd7b..c0e9e541 100644 --- a/web/inc/i18n/ja.php +++ b/web/inc/i18n/ja.php @@ -195,6 +195,7 @@ $LANG['ja'] = array( 'SSL Home Directory' => 'SSLホームディレクトリ', 'Lets Encrypt Support' => "Let's Encryptのサポート", 'Lets Encrypt' => "Let's Encrypt", + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => '証明書は5分以内に自動的に発行されます', 'Proxy Support' => 'プロキシのサポート', 'Proxy Extensions' => 'プロキシ対象拡張子', diff --git a/web/inc/i18n/ka.php b/web/inc/i18n/ka.php index 1512e06c..f82e2305 100644 --- a/web/inc/i18n/ka.php +++ b/web/inc/i18n/ka.php @@ -195,6 +195,7 @@ $LANG['ka'] = array( 'SSL Home Directory' => 'SSL მთავარი დირექტორია', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'პროქსის მხარდაჭერა', 'Proxy Extensions' => 'პროქსის გაფართოებები', diff --git a/web/inc/i18n/ko.php b/web/inc/i18n/ko.php index 1b09de25..e81ab4b0 100644 --- a/web/inc/i18n/ko.php +++ b/web/inc/i18n/ko.php @@ -195,6 +195,7 @@ $LANG['ko'] = array( 'SSL Home Directory' => 'SSL 홈 디렉토리', 'Lets Encrypt Support' => 'Lets Encrypt 지원', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => '인증서는 5분 안에 자동으로 발급될 것입니다', 'Proxy Support' => '프록시 지원', 'Proxy Extensions' => '프록시 확장', diff --git a/web/inc/i18n/nl.php b/web/inc/i18n/nl.php index b5d68ec4..3b4fde10 100644 --- a/web/inc/i18n/nl.php +++ b/web/inc/i18n/nl.php @@ -198,6 +198,7 @@ $LANG['nl'] = array( 'SSL Home Directory' => 'SSL Map', 'Lets Encrypt Support' => 'Lets Encrypt Ondersteuning', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Het certificaat wordt automatisch aangemaakt in 5 minuten', 'Proxy Support' => 'Proxy Ondersteuning', 'Proxy Extensions' => 'Proxy Extensies', diff --git a/web/inc/i18n/no.php b/web/inc/i18n/no.php index fe026f39..30cc9306 100644 --- a/web/inc/i18n/no.php +++ b/web/inc/i18n/no.php @@ -196,6 +196,7 @@ $LANG['no'] = array( 'SSL Home Directory' => 'SSL Hjem', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Proxy Støtte', 'Proxy Extensions' => 'Proxy Utvidelser', diff --git a/web/inc/i18n/pl.php b/web/inc/i18n/pl.php index e649a22c..a6376c1f 100644 --- a/web/inc/i18n/pl.php +++ b/web/inc/i18n/pl.php @@ -196,6 +196,7 @@ $LANG['pl'] = array( 'SSL Home Directory' => 'Folder główny SSL', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Wsparcie dla Proxy', 'Proxy Extensions' => 'Rozszerzenia Proxy', diff --git a/web/inc/i18n/pt-BR.php b/web/inc/i18n/pt-BR.php index 303ae53f..b6716ef0 100644 --- a/web/inc/i18n/pt-BR.php +++ b/web/inc/i18n/pt-BR.php @@ -195,6 +195,7 @@ $LANG['pt-BR'] = array( 'SSL Home Directory' => 'Diretório Home SSL', 'Lets Encrypt Support' => 'Suporte Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Seu certificado será gerado automaticamente em 5 minutos', 'Proxy Support' => 'Suporte ao Proxy', 'Proxy Extensions' => 'Extensões do Proxy', diff --git a/web/inc/i18n/pt.php b/web/inc/i18n/pt.php index 02d3bf51..57366dbc 100644 --- a/web/inc/i18n/pt.php +++ b/web/inc/i18n/pt.php @@ -195,6 +195,7 @@ $LANG['pt'] = array( 'SSL Home Directory' => 'Diretório Home SSL', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Suporte ao Proxy', 'Proxy Extensions' => 'Extenções do Proxy', diff --git a/web/inc/i18n/ro.php b/web/inc/i18n/ro.php index 5b70f5d5..4b4104bd 100644 --- a/web/inc/i18n/ro.php +++ b/web/inc/i18n/ro.php @@ -197,6 +197,7 @@ $LANG['ro'] = array( 'SSL Home Directory' => 'Director SSL', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Suport Proxy', 'Proxy Extensions' => 'Extensii Proxy', diff --git a/web/inc/i18n/ru.php b/web/inc/i18n/ru.php index 58829fad..ed8f116d 100644 --- a/web/inc/i18n/ru.php +++ b/web/inc/i18n/ru.php @@ -197,6 +197,7 @@ $LANG['ru'] = array( 'SSL Home Directory' => 'Директория SSL', 'Lets Encrypt Support' => 'Поддержка Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Сертификат будет автоматически создан в течение 5-ти минут', 'Proxy Support' => 'Поддержка Proxy', 'Proxy Extensions' => 'Обработка Proxy', @@ -580,7 +581,6 @@ $LANG['ru'] = array( 'Vesta Control Panel Plugins' => 'Плагины Vesta Control Panel', 'preview' => 'предпросмотр', 'Reseller Role' => 'Реселлер', - 'Reseller Role' => 'Реселлер', 'Web Config Editor' => 'Веб Редактор Конфигов', 'Template Manager' => 'Менеджер Шаблонов', 'Backup Migration Manager' => 'Менеджер Миграции Бэкапов', diff --git a/web/inc/i18n/se.php b/web/inc/i18n/se.php index 96c5af9c..fc70440e 100644 --- a/web/inc/i18n/se.php +++ b/web/inc/i18n/se.php @@ -195,6 +195,7 @@ $LANG['se'] = array( 'SSL Home Directory' => 'Hemmakatalog för SSL', 'Lets Encrypt Support' => 'Lets Encrypt Support', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', 'Proxy Support' => 'Nginx-stöd', 'Proxy Extensions' => 'Nginx-tillägg', diff --git a/web/inc/i18n/sr.php b/web/inc/i18n/sr.php index 2b91b293..8c437ab9 100644 --- a/web/inc/i18n/sr.php +++ b/web/inc/i18n/sr.php @@ -26,7 +26,7 @@ $LANG['sr'] = array( 'BACKUP' => 'BACKUP', 'LOGIN' => 'LOGIN', - 'RESET PASSWORD' => 'PROMENA ŠIFRE', + 'RESET PASSWORD' => 'PROMENA PASSWORDA', 'SEARCH' => 'PRETRAGA', 'PACKAGE' => 'PAKET', 'RRD' => 'RRD', @@ -119,7 +119,7 @@ $LANG['sr'] = array( 'Editing DNS Domain' => 'Izmena DNS-a za domen', 'Adding DNS Record' => 'Dodavanje DNS zapisa (DNS record)', 'Editing DNS Record' => 'Izmena DNS zapisa (DNS record)', - 'Adding Mail Domain' => 'Dodavanje Mail-a za domee', + 'Adding Mail Domain' => 'Dodavanje Mail-a za domene', 'Editing Mail Domain' => 'Izmena Mail-a za domen', 'Adding Mail Account' => 'Dodavanje Mail naloga', 'Editing Mail Account' => 'Izmena Mail naloga', @@ -195,6 +195,7 @@ $LANG['sr'] = array( 'SSL Home Directory' => 'SSL direktorijum', 'Lets Encrypt Support' => 'Lets Encrypt podrška', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Vaš sertifikat će biti automatski generisan za 5 minuta', 'Proxy Support' => 'Proxy podrška', 'Proxy Extensions' => 'Proxy ekstenzije', @@ -278,8 +279,8 @@ $LANG['sr'] = array( 'Release' => 'Distribucija', 'Architecture' => 'Arhitektura', 'Object' => 'Predmet', - 'Username' => 'Korisničko ime', - 'Password' => 'Šifra', + 'Username' => 'Username', + 'Password' => 'Password', 'Email' => 'Email', 'Package' => 'Paket', 'Language' => 'Jezik', @@ -303,7 +304,7 @@ $LANG['sr'] = array( 'Statistics Authorization' => 'Autorizacija za statistiku', 'Statistics Auth' => 'Autorizacija statistiku', 'Account' => 'Nalog', - 'Prefix will be automaticaly added to username' => 'Prefiks %s će automatski biti pridodat korisničkom imenu', + 'Prefix will be automaticaly added to username' => 'Prefiks %s će automatski biti pridodat username-u', 'Send FTP credentials to email' => 'Pošalji FTP login podatke na mail adresu', 'Expiration Date' => 'Datum isteka', 'YYYY-MM-DD' => 'YYYY-MM-DD', @@ -316,7 +317,7 @@ $LANG['sr'] = array( 'Message' => 'Poruka', 'use local-part' => 'unesi samo početni deo (bez @domen.com dela)', 'one or more email addresses' => 'jedna ili više email adresa', - 'Prefix will be automaticaly added to database name and database user' => 'Prefiks %s se automatski dodaje na ime baze i na korisničko ime baze', + 'Prefix will be automaticaly added to database name and database user' => 'Prefiks %s se automatski dodaje na ime baze i na username baze', 'Database' => 'Baza podataka', 'Type' => 'Tip', 'Minute' => 'Minut', @@ -346,8 +347,8 @@ $LANG['sr'] = array( 'aliases' => 'aliasa', 'records' => 'zapisa', 'jobs' => 'jobs', - 'username' => 'korisničko ime', - 'password' => 'šifra', + 'username' => 'username', + 'password' => 'password', 'type' => 'tip', 'charset' => 'charset', 'domain' => 'domen', @@ -366,10 +367,10 @@ $LANG['sr'] = array( 'account' => 'nalog', 'ssl certificate' => 'ssl certifikat', 'ssl key' => 'ssl ključ', - 'stats user password' => 'šifra za korisničku statistiku', - 'stats username' => 'stats korisničko ime', - 'stats password' => 'stats šifra', - 'ftp user password' => 'ftp šifra', + 'stats user password' => 'password za korisničku statistiku', + 'stats username' => 'stats username', + 'stats password' => 'stats password', + 'ftp user password' => 'ftp password', 'ftp user' => 'ftp username', 'Last 70 lines of %s.%s.log' => 'Zadnjih 70. redova od %s.%s.log', 'AccessLog' => 'AccessLog', @@ -490,11 +491,11 @@ $LANG['sr'] = array( 'LOGGED_IN_AS' => 'Ulogovani ste kao %s', 'Error' => 'Greška', 'Invalid username or password' => 'Pogrešni login podaci', - 'Invalid username or code' => 'Pogrešno korisničko ime ili kod', + 'Invalid username or code' => 'Pogrešan username ili kod', 'Passwords not match' => 'Passwordi se ne poklapaju', 'Please enter valid email address.' => 'Potrebno je uneti validnu email adresu.', 'Field "%s" can not be blank.' => 'Polja "%s" ne smeju biti prazna.', - 'Password is too short.' => 'Šifra je previše kratka (najmanje 6 znakova)', + 'Password is too short.' => 'Password je previše kratak (najmanje 6 znakova)', 'Error code:' => 'Greška koda: %s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" nije uspelo', 'IP address is in use' => 'IP adresa se već koristi', @@ -510,28 +511,28 @@ $LANG['sr'] = array( 'CRON_EXCLUSIONS' => 'Da bi izuzeo sve cron-job-ove unesi zvezdicu *', 'USER_EXCLUSIONS' => 'Unesi direktorijume, po jedan u svakoj liniji. Da bi izuzeo sve direktorijume unesi zvezdicu *', - 'Welcome to Vesta Control Panel' => 'Dobrodošli u Vesta kontrolni panel', - 'MAIL_FROM' => 'Vesta kontrolni panel ', + 'Welcome to Vesta Control Panel' => 'Dobrodošli u myVesta kontrolni panel', + 'MAIL_FROM' => 'myVesta kontrolni panel ', 'GREETINGS_GORDON_FREEMAN' => "Poštovani %s %s,\n", 'GREETINGS' => "Poštovani,\n", - 'ACCOUNT_READY' => "Vaš hosting nalog je kreiran i spreman za korišćenje.\n\nhttps://%s/login/\nKorisničko ime: %s\nŠifra: %s\n\n--\nVesta kontrolni panel\n", + 'ACCOUNT_READY' => "Vaš hosting nalog je kreiran i spreman za korišćenje.\n\nhttps://%s/login/\nUsername: %s\nPassword: %s\n\n--\nmyVesta kontrolni panel\n", 'FTP login credentials' => 'FTP podaci', - 'FTP_ACCOUNT_READY' => "FTP nalog je kreiran. Koristite sledeće podatke kako biste se ulogovali:\n\nHostname: %s\nKorisničko ime: %s_%s\nŠifra: %s\n\n--\nVesta kontrolni panel\n", + 'FTP_ACCOUNT_READY' => "FTP nalog je kreiran. Koristite sledeće podatke kako biste se ulogovali:\n\nHostname: %s\nUsername: %s_%s\nPassword: %s\n\n--\nmyVesta kontrolni panel\n", 'Database Credentials' => 'Podaci baze podataka', - 'DATABASE_READY' => "Baza podataka je kreirana. Koristite sledeće podatke kako biste se ulogovali:\n\nDatabase: %s\nKorisničko ime: %s\nŠifra: %s\n%s\n\n--\nVesta kontrolni panel\n", + 'DATABASE_READY' => "Baza podataka je kreirana. Koristite sledeće podatke kako biste se ulogovali:\n\nDatabase: %s\nUsername: %s\nPassword: %s\n%s\n\n--\nmyVesta kontrolni panel\n", - 'forgot password' => 'zaboravljena šifra', + 'forgot password' => 'zaboravljen password', 'Confirm' => 'Potvrditi', - 'New Password' => 'Nova šifra', - 'Confirm Password' => 'Potvrdi šifru', + 'New Password' => 'Nov password', + 'Confirm Password' => 'Potvrdi password', 'Reset' => 'Reset', 'Reset Code' => 'Resetuj kod', 'RESET_NOTICE' => '', - 'RESET_CODE_SENT' => 'Kod resetovane šifre je poslat na vašu email adresu
', - 'MAIL_RESET_SUBJECT' => 'Šifra je resetovana %s', - 'PASSWORD_RESET_REQUEST' => "Za resetovanje šifre sledite link:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nIli, možete ići na https://%s/reset/?action=code&user=%s i uneti kod:\n%s\n\nAko niste tražili resetovanje šifre, ignorišite ovu poruku i prihvatite naše izvinjenje.\n\n--\nVesta kontrolni panel\n", + 'RESET_CODE_SENT' => 'Kod resetovanog passworda je poslat na vašu email adresu
', + 'MAIL_RESET_SUBJECT' => 'Password je resetovan %s', + 'PASSWORD_RESET_REQUEST' => "Za resetovanje passworda sledite link:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nIli, možete ići na https://%s/reset/?action=code&user=%s i uneti kod:\n%s\n\nAko niste tražili resetovanje passworda, ignorišite ovu poruku i prihvatite naše izvinjenje.\n\n--\nmyVesta kontrolni panel\n", 'Jan' => 'Jan', 'Feb' => 'Feb', @@ -755,4 +756,7 @@ $LANG['sr'] = array( 'maximum characters length, including prefix' => 'maksimalna dužina sme biti %s karaktera, uključujući i prefix', 'Email Credentials' => 'Email lozinka i podešavanja', + + 'restore selected' => 'vrati selektovano', + 'First select what to restore' => 'Prvo selektujte šta tačno želite da vratite' ); diff --git a/web/inc/i18n/th.php b/web/inc/i18n/th.php index 2878192f..63350f02 100644 --- a/web/inc/i18n/th.php +++ b/web/inc/i18n/th.php @@ -198,6 +198,7 @@ $LANG['th'] = array( 'SSL Home Directory' => 'ไดเร็กทอรี่หลักของ SSL', 'Lets Encrypt Support' => 'สนับสนุน Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'ใบรับรองของคุณจะได้รับการออกโดยอัตโนมัติภายใน 5 นาที', 'Proxy Support' => 'สนับสนุน Proxy', 'Proxy Extensions' => 'ส่วนขยาย Proxy', @@ -704,7 +705,7 @@ $LANG['th'] = array( 'Enter License Key' => 'กรอก License Key', 'Buy Licence' => 'ซื้อ License', 'Buy Lifetime License' => 'ซื้อ License แบบถาวร', - 'Disable and Cancel License' => 'ปิดการใช้งาน และยกเลิก License', + 'Disable and Cancel Licence' => 'ปิดการใช้งาน และยกเลิก License', 'Licence Activated' => 'เปิดใช้งาน License แล้ว', 'Licence Deactivated' => 'ปิดการใช้งาน License แล้ว', 'Restrict users so that they cannot use SSH and access only their home directory.' => 'จำกัดผู้ใช้เพื่อไม่ให้ใช้ SSH และเข้าถึงไดเร็กทอรี่ของตนเองเท่านั้น', diff --git a/web/inc/i18n/tr.php b/web/inc/i18n/tr.php index a7fadc43..4b1ff8a4 100644 --- a/web/inc/i18n/tr.php +++ b/web/inc/i18n/tr.php @@ -3,6 +3,7 @@ * Vesta turkish language file * 2014.11.01 Özgür Bozkurt (info@ozgurbozkurt.com/ozgur@forum.vestacp.com) * 2016.06.27 Selim Can CABA (info@selimcancaba.com) + * 2023.02.04 Umut Korkmaz (umutkorkmaaz@gmail.com) */ $LANG['tr'] = array( @@ -26,22 +27,22 @@ $LANG['tr'] = array( 'CRON' => 'CRON', 'BACKUP' => 'YEDEK', - 'LOGIN' => 'LOGIN', - 'RESET PASSWORD' => 'RESET PASSWORD', - 'SEARCH' => 'SEARCH', - 'PACKAGE' => 'PACKAGE', + 'LOGIN' => 'GİRİŞ', + 'RESET PASSWORD' => 'PAROLAYI SIFIRLA', + 'SEARCH' => 'ARA', + 'PACKAGE' => 'PAKET', 'RRD' => 'RRD', - 'STATS' => 'STATS', + 'STATS' => 'ISTATISTIKLER', 'LOG' => 'LOG', - 'UPDATES' => 'UPDATES', - 'FIREWALL' => 'FIREWALL', - 'SERVER' => 'SERVER', - 'MEMORY' => 'MEMORY', + 'UPDATES' => 'GÜNCELLEMELER', + 'FIREWALL' => 'GÜVENLİK DUVARI', + 'SERVER' => 'SUNUCU', + 'MEMORY' => 'BELLEK', 'DISK' => 'DISK', - 'NETWORK' => 'NETWORK', + 'NETWORK' => 'AĞ', 'Web Log Manager' => 'Web Log Manager', - 'no notifications' => 'no notifications', + 'no notifications' => 'bildirim yok', 'Add User' => 'Kullanıcı Ekle', 'Add Domain' => 'Alan Adı Ekle', @@ -84,7 +85,7 @@ $LANG['tr'] = array( 'unsuspend' => 'devam ettir', 'delete' => 'sil', 'show per user' => 'kullanıcı başına göster', - 'login as' => 'giriş yapıldı:', + 'login as' => 'giriş yap:', 'logout' => 'oturumu kapat', 'edit' => 'düzenle', 'open webstats' => 'webstats aç', @@ -110,7 +111,7 @@ $LANG['tr'] = array( 'disable autoupdate' => 'otomatik güncellemeyi pasif hale getir', 'turn on notifications' => 'duyuruları aç', 'turn off notifications' => 'duyuruları kapat', - 'configure' => 'configure', + 'configure' => 'yapılandır', 'Adding User' => 'Kullanıcı Ekleme', 'Editing User' => 'Kullanıcı Düzenleme', @@ -186,22 +187,23 @@ $LANG['tr'] = array( 'Mail Accounts' => 'Posta Hesapları', 'Cron Jobs' => 'Zamanlanmış Görevler', 'SSH Access' => 'SSH Erişimi', - 'IP Address' => 'IP Address', + 'IP Address' => 'IP Adresi', 'IP Addresses' => 'IP Adresleri', 'Backups' => 'Yedekler', 'Backup System' => 'Yedekleme Sistemi', 'backup exclusions' => 'yedekleme istisnaları', 'template' => 'template', - 'SSL Support' => 'SSL Support', - 'SSL Home Directory' => 'SSL Home', - 'Lets Encrypt Support' => 'Lets Encrypt Support', + 'SSL Support' => 'SSL Desteği', + 'SSL Home Directory' => 'SSL Dizini', + 'Lets Encrypt Support' => 'Lets Encrypt Desteği', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', + 'Your certificate will be automatically issued in 5 minutes' => 'Sertifikanız 5 dakika içinde otomatik olarak verilecektir.', 'Proxy Support' => 'Proxy Desteği', 'Proxy Extensions' => 'Proxy Uzantıları', 'Web Statistics' => 'Web İstatistikleri', 'Additional FTP Account' => 'İlave FTP Hesabı', - 'Path' => 'Path', + 'Path' => 'Ana dizin', 'SOA' => 'SOA', 'TTL' => 'TTL', 'Expire' => 'Sonlanış', @@ -216,19 +218,19 @@ $LANG['tr'] = array( 'Autoreply' => 'Otomatik Cevap', 'Forward to' => 'Şuraya yönlendir', 'Do not store forwarded mail' => 'Yönlendirilmiş postaları depolama', - 'IMAP hostname' => 'IMAP hostname', + 'IMAP hostname' => 'IMAP sunucusu', 'IMAP port' => 'IMAP port', - 'IMAP security' => 'IMAP security', - 'IMAP auth method' => 'IMAP auth method', - 'SMTP hostname' => 'SMTP hostname', + 'IMAP security' => 'IMAP güvenliği', + 'IMAP auth method' => 'IMAP giriş metodu', + 'SMTP hostname' => 'SMTP sunucusu', 'SMTP port' => 'SMTP port', - 'SMTP security' => 'SMTP security', - 'SMTP auth method' => 'SMTP auth method', + 'SMTP security' => 'SMTP güvenliği', + 'SMTP auth method' => 'SMTP giriş metodu', 'STARTTLS' => 'STARTTLS', - 'Normal password' => 'Normal password', + 'Normal password' => 'Normal parola', 'database' => 'veritabanı', 'User' => 'Kullanıcı', - 'Host' => 'Host', + 'Host' => 'Sunucu', 'Charset' => 'Karakter Seti', 'Min' => 'Dak', 'Hour' => 'Saat', @@ -247,14 +249,14 @@ $LANG['tr'] = array( 'Users' => 'Kullanıcılar', 'Load Average' => 'Sistem Yükü', 'Memory Usage' => 'Hafıza Kullanımı', - 'APACHE2 Usage' => 'APACHE2 Usage', + 'APACHE2 Usage' => 'APACHE2 Kullanımı', 'HTTPD Usage' => 'HTTPD Kullanımı', 'NGINX Usage' => 'NGINX Kullanımı', 'MySQL Usage on localhost' => 'Localhost Üzerindeki MySQL Kullanımı', 'PostgreSQL Usage on localhost' => 'Localhost Üzerindeki PostgreSQL Kullanımı', 'Bandwidth Usage eth0' => 'eth0 Trafik Kullanımı', 'Bandwidth Usage eth1' => 'eth1 Trafik Kullanımı', - 'Exim Usage' => 'Exim Usage', + 'Exim Usage' => 'Exim Kullanımı', 'FTP Usage' => 'FTP Kullanımı', 'SSH Usage' => 'SSH Kullanımı', 'reverse proxy' => 'reverse proxy', @@ -293,7 +295,7 @@ $LANG['tr'] = array( 'DNS Support' => 'DNS Desteği', 'Mail Support' => 'Mail Desteği', 'Advanced options' => 'Gelişmiş seçenekler', - 'Basic options' => 'Basic options', + 'Basic options' => 'Basit seçenekler', 'Aliases' => 'Takma adlar (Alias)', 'SSL Certificate' => 'SSL Sertifikası', 'SSL Key' => 'SSL Anahtarı (Key)', @@ -397,7 +399,7 @@ $LANG['tr'] = array( 'SSH' => 'SSH', 'FTP' => 'FTP', 'VESTA' => 'VESTA', - 'Add one more Name Server' => 'Add one more Name Server', + 'Add one more Name Server' => 'Bir Name Server daha ekle', 'web domain' => 'web domain', 'dns domain' => 'dns domain', @@ -449,17 +451,17 @@ $LANG['tr'] = array( 'MAIL_ACCOUNT_CREATED_OK' => '%s@%s mail hesabı başarıyla oluşturuldu', 'DATABASE_CREATED_OK' => '%s veritabanı başarıyla oluşturuldu.', 'CRON_CREATED_OK' => 'Zamanlanmış görev başarıyla oluşturuldu.', - 'IP_CREATED_OK' => '%s ip adresi başarıyla oluşturuldu.', + 'IP_CREATED_OK' => '%s IP adresi başarıyla oluşturuldu.', 'PACKAGE_CREATED_OK' => '%s paketi başarıyla oluşturuldu.', 'SSL_GENERATED_OK' => 'Sertifika başarıyla oluşturuldu.', 'RULE_CREATED_OK' => 'Kural başarıyla oluşturuldu.', - 'BANLIST_CREATED_OK' => 'IP address has been banned successfully', + 'BANLIST_CREATED_OK' => 'IP adresi başarıyla engellendi', 'Autoupdate has been successfully enabled' => 'Otomatik güncelleme başarıyla aktifleştirildi', 'Autoupdate has been successfully disabled' => 'Otomatik güncelleme başarıyla pasifleştirildi', 'Cronjob email reporting has been successfully enabled' => 'Zamanlanmış görev e-posta raporlama başarıyla aktif hale getirildi', 'Cronjob email reporting has been successfully disabled' => 'Zamanlanmış görev e-posta raporlama başarıyla pasif hale getirildi', 'Changes has been saved.' => 'Değişiklikler kaydedildi.', - 'Confirmation' => 'Onaylama', + 'Confirmation' => 'Onayla', 'DELETE_USER_CONFIRMATION' => '%s kullanıcısını silmek istediğinize emin misiniz?', 'SUSPEND_USER_CONFIRMATION' => '%s kullanıcısını askıya almak istediğinize emin misiniz?', 'UNSUSPEND_USER_CONFIRMATION' => '%s kullanıcısını devam ettirmek istediğinize emin misiniz?', @@ -488,7 +490,7 @@ $LANG['tr'] = array( 'LEAVE_PAGE_CONFIRMATION' => 'Leave Page?', 'RESTART_CONFIRMATION' => '%s yeniden başlatılacak. Onaylıyor musunuz?', 'Welcome' => 'Hoşgeldiniz', - 'LOGGED_IN_AS' => '%s kullanıcısı olarak oturum aç', + 'LOGGED_IN_AS' => '%s kullanıcısı olarak oturum açıldı', 'Error' => 'Hata', 'Invalid username or password' => 'Geçersiz kullanıcı adı veya şifre', 'Invalid username or code' => 'Geçersiz kullanıcı adı veya kod', @@ -548,30 +550,30 @@ $LANG['tr'] = array( 'Dec' => 'Ara', 'Configuring Server' => 'Sunucu Yapılandırma', - 'Hostname' => 'Hostadı', + 'Hostname' => 'Sunucu Adı', 'Time Zone' => 'Zaman Dilimi', 'Default Language' => 'Varsayılan Dil', - 'Proxy Server' => 'Proxy Server', - 'Web Server' => 'Web Server', - 'Backend Server' => 'Backend Server', + 'Proxy Server' => 'Proxy Sunucusu', + 'Web Server' => 'Web Sunucusu', + 'Backend Server' => 'Backend Sunucusu', 'Backend Pool Mode' => 'Backend Pool Mode', - 'DNS Server' => 'DNS Server', + 'DNS Server' => 'DNS Sunucusu', 'DNS Cluster' => 'DNS Cluster', - 'MAIL Server' => 'MAIL Server', + 'MAIL Server' => 'MAIL Sunucusu', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', - 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', + 'Use Web Domain SSL Certificate' => 'Web Alan Adının SSL Sertifikasını Kullan', 'Webmail URL' => 'Webmail URL', - 'MySQL Support' => 'MySQL Support', + 'MySQL Support' => 'MySQL Desteği', 'phpMyAdmin URL' => 'phpMyAdmin URL', - 'PostgreSQL Support' => 'PostgreSQL Support', + 'PostgreSQL Support' => 'PostgreSQL Desteği', 'phpPgAdmin URL' => 'phpPgAdmin URL', - 'Maximum Number Of Databases' => 'Maximum Number Of Databases', - 'Current Number Of Databases' => 'Current Number Of Databases', - 'Local backup' => 'Local backup', - 'Compression level' => 'Compression level', - 'Directory' => 'Directory', - 'Remote backup' => 'Remote backup', + 'Maximum Number Of Databases' => 'Maksimum Veritabanı Sayısı', + 'Current Number Of Databases' => 'Mevcut Veritabanı Sayısı', + 'Local backup' => 'Yerel Yedek', + 'Compression level' => 'Sıkıştırma seviyesi', + 'Directory' => 'Dizin', + 'Remote backup' => 'Uzak Yedek', 'ftp' => 'FTP', 'sftp' => 'SFTP', 'SFTP Chroot' => 'SFTP Chroot', @@ -590,7 +592,7 @@ $LANG['tr'] = array( 'Starred' => 'Yıldızlı', 'Name' => 'İsim', - 'save to favorites' => 'save to favorites', + 'save to favorites' => 'favorilere kaydet', 'File Manager' => 'Dosya Yöneticisi', 'size' => 'boyut', @@ -602,13 +604,13 @@ $LANG['tr'] = array( 'NEW DIR' => 'YENİ KLASÖR', 'DELETE' => 'SİL', 'RENAME' => 'YENİDEN ADLANDIR', - 'MOVE' => 'MOVE', - 'RIGHTS' => 'RIGHTS', + 'MOVE' => 'TAŞI', + 'RIGHTS' => 'IZINLER', 'COPY' => 'KOPYALA', 'ARCHIVE' => 'ARŞİVLE', 'EXTRACT' => 'ÇIKART', 'DOWNLOAD' => 'İNDİR', - 'Are you sure?' => 'Are you sure?', + 'Are you sure?' => 'Emin misin?', 'Hit' => 'Hit', 'to reload the page' => 'sayfayı yenilemek için', 'Directory name cannot be empty' => 'Dizin adı boş olamaz', @@ -623,20 +625,20 @@ $LANG['tr'] = array( 'Copy' => 'Kopyala', 'Cancel' => 'Vazgeç', 'Rename' => 'Yeniden Adlandır', - 'Move' => 'Move', - 'Change Rights' => 'Change Rights', + 'Move' => 'Taşı', + 'Change Rights' => 'İzinleri Değiştir', 'Delete' => 'Sil', 'Extract' => 'Çıkart', 'Create' => 'Oluştur', 'Compress' => 'Sıkıştır', 'OK' => 'TAMAM', - 'YOU ARE COPYING' => 'YOU ARE COPYING', - 'YOU ARE REMOVING' => 'YOU ARE REMOVING', - 'Delete items' => 'Delete items', - 'Copy files' => 'Copy files', - 'Move files' => 'Move files', + 'YOU ARE COPYING' => 'KOPYALAMA YAPIYORSUNUZ', + 'YOU ARE REMOVING' => 'SİLME İŞLEMİ YAPIYORSUNUZ', + 'Delete items' => 'Öğeleri sil', + 'Copy files' => 'Dosyaları kopyala', + 'Move files' => 'Dosyaları taşı', 'Are you sure you want to copy' => 'Kopyalamak istediğinizden emin misiniz', - 'Are you sure you want to move' => 'Are you sure you want to move', + 'Are you sure you want to move' => 'Taşımak istediğinizden emin misiniz', 'Are you sure you want to delete' => 'Silmek istediğinizden emin misiniz', 'into' => 'into', 'existing files will be replaced' => 'varolan dosyalar değiştirilir', @@ -655,7 +657,7 @@ $LANG['tr'] = array( 'write by others' => 'write by others', 'execute/search by others' => 'execute/search by others', - 'Shortcuts' => 'Shortcuts', + 'Shortcuts' => 'Kısayollar', 'Add New object' => 'Yeni Nesne Ekle', 'Save Form' => 'Formu Kaydet', 'Cancel saving form' => 'Formu kaydetmekten vazgeç', @@ -671,8 +673,8 @@ $LANG['tr'] = array( 'Move backward through top menu' => 'Üst menüden arasında geriye doğru git', 'Move forward through top menu' => 'Üst menüden arasında ileriye doğru git', 'Enter focused element' => 'Odaklanmış elemanı gir', - 'Move up through elements list' => 'Move up through elements list', - 'Move down through elements list' => 'Move down through elements list', + 'Move up through elements list' => 'Öğeler listesinde yukarı git', + 'Move down through elements list' => 'Öğeler listesinde aşağı git', 'Upload' => 'Yükle', 'New File' => 'Yeni Dosya', @@ -689,7 +691,7 @@ $LANG['tr'] = array( 'Go to the Top of the File List' => 'Dosya Listesinin Tepesine git', 'Go to the Last File' => 'Son Dosyaya git', 'Open File / Enter Directory' => 'Dosya Aç/Dizin Gir', - 'Edit File' => 'Edit File', + 'Edit File' => 'Dosya düzenle', 'Go to Parent Directory' => 'Üst Dizine Git', 'Select Current File' => 'Şuanki Dosyayı Seç', 'Select Bunch of Files' => 'Dosya Demetini Seç', @@ -732,7 +734,7 @@ $LANG['tr'] = array( 'every minute' => 'her dakika', 'every two minutes' => 'her iki dakikada bir', 'every' => 'her', - 'Generate' => 'Generate', + 'Generate' => 'Oluştur', 'webalizer' => 'webalizer', 'awstats' => 'awstats', @@ -746,14 +748,14 @@ $LANG['tr'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'Use server hostname', - 'Use domain hostname' => 'Use domain hostname', - 'Use STARTTLS' => 'Use STARTTLS', - 'Use SSL / TLS' => 'Use SSL / TLS', - 'No encryption' => 'No encryption', - 'Do not use encryption' => 'Do not use encryption', + 'Use server hostname' => 'Sunucu adını kullan', + 'Use domain hostname' => 'Alan adını kullan', + 'Use STARTTLS' => 'STARTTLS Kullan', + 'Use SSL / TLS' => 'SSL / TLS Kullan', + 'No encryption' => 'Şifreleme yok', + 'Do not use encryption' => 'Şifreleme kullanma', - 'maximum characters length, including prefix' => 'maximum %s characters length, including prefix', + 'maximum characters length, including prefix' => 'önek dahil maksimum %s karakter uzunluğu', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'E-posta Kimlik Bilgileri', ); diff --git a/web/inc/i18n/tw.php b/web/inc/i18n/tw.php index 163bee62..145f465d 100644 --- a/web/inc/i18n/tw.php +++ b/web/inc/i18n/tw.php @@ -197,6 +197,7 @@ $LANG['tw'] = array( 'SSL Home Directory' => 'SSL 主目錄', 'Lets Encrypt Support' => 'Lets Encrypt 支援', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => '您的憑證會在五分鐘內完成簽發', 'Proxy Support' => 'Proxy 支援', 'Proxy Extensions' => 'Proxy 副檔名', diff --git a/web/inc/i18n/ua.php b/web/inc/i18n/ua.php index 136cc73f..d552b3f8 100644 --- a/web/inc/i18n/ua.php +++ b/web/inc/i18n/ua.php @@ -196,6 +196,7 @@ $LANG['ua'] = array( 'SSL Home Directory' => 'Домашня тека SSL', 'Lets Encrypt Support' => 'Підтримка Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Ваш сертифікат буде автоматично виданий протягом 5-ти хвилин', 'Proxy Support' => 'Підтримка Proxy', 'Proxy Extensions' => 'Розширення Proxy', diff --git a/web/inc/i18n/ur.php b/web/inc/i18n/ur.php index 2c95e821..87c11ed3 100644 --- a/web/inc/i18n/ur.php +++ b/web/inc/i18n/ur.php @@ -108,6 +108,8 @@ $LANG['ur'] = array( 'reread IP' => 'IP پھر سے پڑھنا', 'enable autoupdate' => 'آٹو اپ ڈیٹ کو چالو', 'disable autoupdate' => 'غیر فعال آٹو اپ ڈیٹ', + 'turn on notifications' => 'turn on notifications', + 'turn off notifications' => 'turn off notifications', 'configure' => 'ترتیب دے', 'Adding User' => 'شامل کرنے صارف', @@ -194,6 +196,7 @@ $LANG['ur'] = array( 'SSL Home Directory' => 'SSL ہوم', 'Lets Encrypt Support' => 'ینکریپٹ سپورٹ کی اجازت دیتا ہے', 'Lets Encrypt' => 'ینکریپٹ کی اجازت دیتا ہے', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'آپ کے سرٹیفکیٹ خود بخود 5 منٹ میں جاری کیا جائے گا', 'Proxy Support' => 'پراکسی سپورٹ', 'Proxy Extensions' => 'پراکسی ایکسٹنشن', @@ -747,7 +750,7 @@ $LANG['ur'] = array( 'Use server hostname' => 'سرور استعمال میزبان نام', 'Use domain hostname' => 'ڈومین کا استعمال میزبان نام', 'Use STARTTLS' => 'STARTTLS استعمال', - 'Use SSL' => 'SSL استعمال کریں', + 'Use SSL / TLS' => 'SSL استعمال کریں', 'No encryption' => 'کوئی خفیہ کاری', 'Do not use encryption' => 'خفیہ کاری کا استعمال نہ کریں', diff --git a/web/inc/i18n/vi.php b/web/inc/i18n/vi.php index 2de145b4..303bf8ac 100644 --- a/web/inc/i18n/vi.php +++ b/web/inc/i18n/vi.php @@ -198,6 +198,7 @@ $LANG['vi'] = array( 'SSL Home Directory' => 'Trang chủ SSL', 'Lets Encrypt Support' => 'Hỗ trợ Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', + 'You can add LetsEncrypt after adding domain, just EDIT this domain later' => 'You can add LetsEncrypt after adding domain, just EDIT this domain later', 'Your certificate will be automatically issued in 5 minutes' => 'Chứng chỉ của bạn sẽ được tự động cấp phát trong 5 phút', 'Proxy Support' => 'Hỗ trợ Nginx', 'Proxy Extensions' => 'Phần mở rộng Nginx', diff --git a/web/inc/main.php b/web/inc/main.php index 09eef5f7..f13e4142 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -1,8 +1,5 @@ Your browser sent HTTP_ORIGIN with value: ".$_SERVER['HTTP_ORIGIN']."
myVesta expected HTTP_ORIGIN with value: ".$expected_http_origin."
Probably some browser extension is blocking it... disable all browser extensions and try again (or try to login with other browser).
If you are system administrator of this server, you can disable CSRF check by doing (as root, in SSH): mkdir -p /usr/local/vesta/conf_web && touch /usr/local/vesta/conf_web/dont_check_csrf
(but we don't recommend it)
If you are not system administrator of this server and you can't access the hosting panel even you disabled all browser extensions, please copy-paste this message to the system administrator of this server.
Once again, before you disable CSRF check, try to disable all browser extensions or try to login with other browser."); + } + } +} + +function prevent_get_csrf () { + global $login_url; + if (file_exists('/usr/local/vesta/conf_web/dont_check_csrf')) return; + if ($_SERVER['REQUEST_METHOD'] == "GET") { + if (isset($_GET[$login_url])) return; + if ($_SERVER['REQUEST_URI']=="" || $_SERVER['REQUEST_URI']=="/" || $_SERVER['REQUEST_URI']=="/login/" || $_SERVER['REQUEST_URI']=="/list/user/" || $_SERVER['REQUEST_URI']=="/list/web/") return; + if ($_SERVER['DOCUMENT_URI']=="/reset/index.php") return; + } + if (isset($_SERVER['HTTP_HOST']) == false) return; + if (isset($_SERVER['SERVER_PORT']) == false) return; + if (isset($_SERVER['HTTP_REFERER']) == false) return; + $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']); + if (substr($_SERVER['HTTP_REFERER'], 0, 8) != "file:///" && substr($_SERVER['HTTP_REFERER'], 0, 7) != "http://" && substr($_SERVER['HTTP_REFERER'], 0, 8) != "https://") return; + $host_arr = explode(":", $_SERVER['HTTP_HOST']); + $hostname = $host_arr[0]; + $port = $_SERVER['SERVER_PORT']; + $expected_http_referer = "https://".$hostname.":".$port; + $expected_http_referer_length = strlen($expected_http_referer); + if (substr($_SERVER['HTTP_REFERER'], 0, $expected_http_referer_length) != $expected_http_referer) { + die ("You clicked on someone's link from other site.
This is just a protection layer to prevent potentially dangerous clicks, so if it was your link (or you got the link from the trusted source) - then you can proceed safely to your hosting panel.

Technical details:
Your browser sent HTTP_REFERER with value: ".$_SERVER['HTTP_REFERER']."
myVesta expected HTTP_REFERER to begin with value: ".$expected_http_referer."
If you got this error during casual work in your hosting panel, probably some browser extension is blocking HTTP_REFERER... disable all browser extensions and try again (or try to login with other browser).
If you are system administrator of this server, you can disable CSRF check by doing (as root, in SSH): mkdir -p /usr/local/vesta/conf_web && touch /usr/local/vesta/conf_web/dont_check_csrf
(but we don't recommend it)
If you are not system administrator of this server and you can't access the hosting panel even you clicked \"proceed safely to your hosting panel\" and disabled all browser extensions or changed the browser, please copy-paste this message to the system administrator of this server.
Once again, before you disable CSRF check, try to click \"proceed safely to your hosting panel\", and if that does not help then try to disable all browser extensions or try to login with other browser."); + } +} + +// Preventing all CSRFs +if ($secure_gate_check == true) { + prevent_post_csrf(); + prevent_get_csrf(); +} diff --git a/web/js/app.js b/web/js/app.js index 58eb60a8..978b7d09 100644 --- a/web/js/app.js +++ b/web/js/app.js @@ -797,6 +797,8 @@ App.Ajax.request = function(method, data, callback, onError){ }*/ //App.Helpers.setAjaxBusy(method, data); data = data || {}; + var token = $('#token').attr('token'); + data.token = token; var prgs = $('.progress-container'); @@ -1070,3 +1072,42 @@ function elementHideShow(elementToHideOrShow){ el.style.display = el.style.display === 'none' ? 'block' : 'none'; } +(function($) { + $(document).ready(function() { + $('.get-ip-info-btn').click(function() { + var token = $('#token').attr('token'); + var index = $(this).attr('data-index'); + var btn_el = $('.get-ip-info-btn[data-index="' + index + '"]'); + var result_el = $('.get-ip-info-btn[data-index="' + index + '"] + .get-ip-info-result'); + var ip = btn_el.attr('data-ip'); + + var url_params = new URLSearchParams(window.location.search); + var clear_cache = url_params.get('clear_cache'); + + if (!$.trim(result_el.html())) { + result_el.html(''); + + $.ajax({ + method: "POST", + url: "/list/firewall/banlist/ip_info.php", + data: { ip: ip, clear_cache: clear_cache, token: token }, + cache: false, + error: function(jqXHR, textStatus, errorThrown) { + result_el.html('GENERAL ERROR
' + errorThrown); + }, + success: function(result_data) { + if (btn_el.find('i').hasClass('fa-times')) { + result_el.html(result_data); + } + } + }); + + btn_el.find('i').removeClass('fa-search').addClass('fa-times'); + } + else { + result_el.html(''); + btn_el.find('i').removeClass('fa-times').addClass('fa-search'); + } + }); + }); +})(jQuery); diff --git a/web/js/file_manager.js b/web/js/file_manager.js index 749a3a97..bcbe319e 100644 --- a/web/js/file_manager.js +++ b/web/js/file_manager.js @@ -533,7 +533,8 @@ FM.downloadFileFromSubcontext = function(elm) { var src = $.parseJSON($(elm).find('.source').val()); var path = src.full_path; - var win = window.open('/download/file/?path=' + path, '_blank'); + var token = $('#token').attr('token'); + var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank'); win.focus(); } @@ -552,20 +553,21 @@ FM.openFile = function(dir, box, elm) { }; App.Ajax.request('check_file_type', params, function(reply) { + var token = $('#token').attr('token'); if (reply.result) { if (FM.isFileEditable(src, reply.data)) { - var myWindow = window.open('/edit/file/?path=' + src.full_path, '_blank');//, src.full_path, "width=900, height=700"); + var myWindow = window.open('/edit/file/?token='+token+'&path=' + src.full_path, '_blank');//, src.full_path, "width=900, height=700"); } else { var path = src.full_path; - var win = window.open('/download/file/?path=' + path, '_blank'); + var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank'); //win.focus(); } } else { // force download file var path = src.full_path; - var win = window.open('/download/file/?path=' + path, '_blank'); + var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank'); //win.focus(); } }); @@ -1994,7 +1996,8 @@ FM.downloadFiles = function() { } var path = src.full_path; - var win = window.open('/download/file/?path=' + path, '_blank'); + var token = $('#token').attr('token'); + var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank'); win.focus(); } diff --git a/web/js/fix.js b/web/js/fix.js new file mode 100644 index 00000000..aaf0fa05 --- /dev/null +++ b/web/js/fix.js @@ -0,0 +1,121 @@ +function setCookie(cname, cvalue, exdays) { + var d = new Date(); + d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000)); + var expires = "expires="+d.toUTCString(); + document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/"; +} + +function getCookie(cname) { + var name = cname + "="; + var ca = document.cookie.split(';'); + for(var i = 0; i < ca.length; i++) { + var c = ca[i]; + while (c.charAt(0) === ' ') { + c = c.substring(1); + } + if (c.indexOf(name) === 0) { + return c.substring(name.length, c.length); + } + } + return ""; +} + +function showIoLog(animate) { + //console.log('animate='+animate); + if (animate==0) { + $(".l-content .l-center").css("margin-right", 240); + $(".to-top").css("right", 285); + $(".to-shortcuts").css("right", 330); + $(".right_sidebar").css("right", 0); + //$(".io-log2").css("right", 0); + //$("#myvesta_float").css("margin-right", 280); + } else { + $(".l-content .l-center").animate({"margin-right": 240}); + $(".to-top").animate({"right": 285}); + $(".to-shortcuts").animate({"right": 330}); + $(".right_sidebar").animate({"right": 0}); + //$(".io-log2").animate({"right": 0}); + //$("#myvesta_float").animate({"margin-right": 280}); + } + + /* + $.ajax({url: "/list/log/", success: function(result){ + $( ".io-log div" ).remove(); + $($(result).find('.l-center.units')).insertAfter(".io-log h2"); + $( ".io-log div" ).removeClass(); + }}); + */ +} + +function hideIoLog(animate){ + //console.log('animate='+animate); + if (animate==0) { + $(".l-content .l-center").css("margin-right", 40); + $(".to-top").css("right", 85); + $(".to-shortcuts").css("right", 130); + $(".right_sidebar").css("right", -200); + //$("#myvesta_float").css("margin-right", 100); + } else { + $(".l-content .l-center").animate({"margin-right": 40}); + $(".to-top").animate({"right": 85}); + $(".to-shortcuts").animate({"right": 130}); + $(".right_sidebar").animate({"right": -200}); + //$("#myvesta_float").animate({"margin-right": 100}); + } +} + +function checkCookie() { + iolog = getCookie("iolog"); + //console.log('cookie: "'+iolog+'"'); + if (iolog === '1') { + return 1; + } + if (iolog === '0') { + return 0; + } + if (iolog == '') { + //console.log('cookie is empty'); + return ''; + } +} + +// function getRandomInt(max) { +// return Math.floor(Math.random() * max); +// } +// var randomnumber=getRandomInt(100000000); +var iohtml = '
\n' + + '
'; + +$(document).ready(function(){ + //var sys_height=$(".io-log").height(); + //$(".io-log2").css("top", sys_height+50); + /* + setTimeout(function() { + iolog = getCookie("iolog"); + if (iolog === '0') { + //setCookie("iolog", 0, 365); + hideIoLog(0); + return 0; + } + }, 1); + */ + + //if (GLOBAL.CURRENT_USER_FINAL == 'admin') $(".body-user .l-content > .l-center.units").first().prepend( iohtml ); + + $(".io-log").on("click", function() { + var showlog=checkCookie(); + //console.log('cookie = "'+iolog+'"'); + if (showlog===1 || showlog=='') { + //console.log('cookie is active or empty, calling hidelog()'); + setCookie("iolog", 0, 365); + hideIoLog(1); + } + if (showlog===0) { + //console.log('cookie is inactive, calling showlog()'); + setCookie("iolog", 1, 365); + showIoLog(1); + } + + }); +}); + diff --git a/web/js/init.js b/web/js/init.js index 3ac6175e..06ecc750 100644 --- a/web/js/init.js +++ b/web/js/init.js @@ -31,16 +31,20 @@ $(document).ready(function(){ }); + /* // CREATE BUTTON - - $('.l-sort__create-btn').hover(function(){ - $(".l-sort__create-btn").append("
"); - $(".l-sort__create-btn").append("
"+$('.l-sort__create-btn').attr('title').replace(' ',' ')+"
"); - }, function(){ - $("#add-icon").remove(); - $("#tooltip").remove(); - }); - + if ($(".l-sort__create-btn").length>0) { + //$(".l-sort__create-btn").append("
"); + //$(".l-sort__create-btn").append("
"+$('.l-sort__create-btn').attr('title').replace(' ',' ')+"
"); + $('.l-sort__create-btn').hover(function(){ + $("#tooltip").css('background-color', '#1ca2cc'); + }, function() { + $("#tooltip").css('background-color', '#34b5dd'); + //$("#add-icon").remove(); + //$("#tooltip").remove(); + }); + } + */ // SEARCH BOX @@ -128,6 +132,7 @@ $(document).ready(function(){ $('.l-unit .l-icon-star').click(function(){ var l_unit = $(this).parents('.l-unit'); + var token = $('#token').attr('token'); if(l_unit.hasClass('l-unit--starred')){ // removing star @@ -135,7 +140,7 @@ $(document).ready(function(){ $.ajax({ method: "POST", url: "/delete/favorite/index.php", - data: { v_section: l_unit.attr('v_section'), v_unit_id: l_unit.attr('v_unit_id') } + data: { v_section: l_unit.attr('v_section'), v_unit_id: l_unit.attr('v_unit_id'), token: token } }); l_unit.attr({'sort-star': 0}); @@ -145,7 +150,7 @@ $(document).ready(function(){ $.ajax({ method: "POST", url: "/add/favorite/index.php", - data: { v_unit_id: l_unit.attr('v_unit_id'), v_section: l_unit.attr('v_section') } + data: { v_unit_id: l_unit.attr('v_unit_id'), v_section: l_unit.attr('v_section'), token: token } }); l_unit.attr({'sort-star': 1}); diff --git a/web/js/pages/add_user.js b/web/js/pages/add_user.js index 510ed167..597c869e 100644 --- a/web/js/pages/add_user.js +++ b/web/js/pages/add_user.js @@ -7,7 +7,7 @@ $(function() { randomString = function() { var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz'; - var string_length = 10; + var string_length = 16; var randomstring = ''; for (var i = 0; i < string_length; i++) { var rnum = Math.floor(Math.random() * chars.length); diff --git a/web/js/pages/edit_user.js b/web/js/pages/edit_user.js index 439aeab0..381f4330 100644 --- a/web/js/pages/edit_user.js +++ b/web/js/pages/edit_user.js @@ -1,6 +1,6 @@ function randomString() { var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz'; - var string_length = 10; + var string_length = 16; var randomstring = ''; for (var i = 0; i < string_length; i++) { var rnum = Math.floor(Math.random() * chars.length); diff --git a/web/list/firewall/banlist/ip_info.php b/web/list/firewall/banlist/ip_info.php new file mode 100644 index 00000000..e7888a75 --- /dev/null +++ b/web/list/firewall/banlist/ip_info.php @@ -0,0 +1,164 @@ + 'http://lists.blocklist.de/lists/all.txt', + 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', + 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', + 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', + 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', + 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', + 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', + ]; + $today = date('Y-m-d'); + + foreach ($lists as $code => $url) { + $cache_tag = 'ip-blacklist-' . $code . '-cache'; + + // init cache + if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; + + // invalidate cache if clear_cache parameter is 1 + if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; + + // if cache is not updated, fetch new data and save to cache + if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { + $new_cache_data = fetchURL($url, $url_result); + if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); + $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; + } + + // check ip + $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { + if (str_contains($item, '/')) return cidrMatch($ip, $item); + if ($ip == $item) return true; + return false; + }); + + $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; + $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; + $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; + } + + return $check_results; +} + +// Check token +if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token"); +} + +$ip = $_REQUEST['ip']; + +// Validate IP format +if (filter_var($ip, FILTER_VALIDATE_IP) === false) { + die('GENERAL ERROR
BAD_IP_FORMAT'); +} + +// Query host +$host = gethostbyaddr($ip); + +// Query blocklists +$result_blocklists = ''; +$ip_check = checkIP($ip); +if ($ip_check) { + foreach ($ip_check as $list_code => $list_results) { + $result_blocklists .= '
'; + $result_blocklists .= $list_results['found'] ? '' : ''; + $result_blocklists .= ' '.$list_code.' '; + $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; + $result_blocklists .= '
'; + } +} + +// Query location +$url = 'https://api.db-ip.com/v2/free/'.$ip; +$result = fetchURL($url); +$result_array = json_decode($result, true); +if (!is_array($result_array)) { + die('GENERAL ERROR
BAD_JSON'); +} +if (!empty($result_array['errorCode'])) { + die('GENERAL ERROR
'.$result_array['errorCode']); +} + +// Output +echo " +
+
".__('Host')."
+
".$host."
+
".__('Banlist')."
+
".$result_blocklists."
+
".__('Continent')."
+
".$result_array['continentName']." [".$result_array['continentCode']."]
+
".__('Country')."
+
".$result_array['countryName']." [".$result_array['countryCode']."]
+
".__('State / Province')."
+
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
+
".__('City / Locality')."
+
".$result_array['city']."
+
+"; diff --git a/web/list/user/index.php b/web/list/user/index.php index da708edc..4e5ac369 100644 --- a/web/list/user/index.php +++ b/web/list/user/index.php @@ -22,7 +22,7 @@ if ($user == 'admin') { if ($show_changelog_value_int==1) { $changelog=''; $changelog_arr=file("/usr/local/vesta/Changelog.md"); - for ($i=0; $i<30; $i++) { + for ($i=0; $i<100; $i++) { if (trim($changelog_arr[$i])=="") break; if ($i>1) $changelog.="\n"; $changelog.=$changelog_arr[$i]; diff --git a/web/login/index.php b/web/login/index.php index bf3f2c28..5de05451 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -1,5 +1,7 @@ 9) $rkeyexp=intval($rkeyexp); + unset($output); + if ($rkeyexp === null || $rkeyexp < time() - 900) { + if ($email == $data[$user]['CONTACT']) { + exec("/usr/bin/sudo /usr/local/vesta/bin/v-change-user-rkey ".$v_user, $output, $return_var); + unset($output); + $CMD="/usr/bin/sudo /usr/local/vesta/bin/v-get-user-value ".$v_user." RKEY"; + exec($CMD, $output, $return_var); + $rkey = trim(implode('', $output)); + //unset($output); + //echo $rkey; exit; + //echo $CMD."\n
"; + //var_dump($rkey); exit; + $fname = $data[$user]['FNAME']; + $lname = $data[$user]['LNAME']; + $contact = $data[$user]['CONTACT']; + $to = $data[$user]['CONTACT']; + $subject = __('MAIL_RESET_SUBJECT',date("Y-m-d H:i:s")); + $hostname = exec('hostname'); + $from = __('MAIL_FROM',$hostname); + if (!empty($fname)) { + $mailtext = __('GREETINGS_GORDON_FREEMAN',$fname,$lname); + } else { + $mailtext = __('GREETINGS'); + } + $mailtext .= __('PASSWORD_RESET_REQUEST',$hostname.":".$_SERVER['SERVER_PORT'],$user,$rkey,$hostname.":".$_SERVER['SERVER_PORT'],$user,$rkey); + if (!empty($rkey)) { + send_email($to, $subject, $mailtext, $from); + header("Location: /reset/?action=code&user=".$_POST['user']); + } + } else { + $ERROR = "".__('User and email not matched').""; + exec("/usr/bin/sudo /usr/local/vesta/bin/v-log-failed-login " . $v_user . " " . $v_ip, $output, $return_var); + } + } else { + $ERROR = "".__('Please wait 15 minutes before sending a new request').""; + } + } else { + $ERROR = "".__('User and email not matched').""; } - - header("Location: /reset/?action=code&user=".$_POST['user']); - exit; + unset($output); } if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password'])) ) { + + // Check token + if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token or missing token"); + } + if ( $_POST['password'] == $_POST['password_confirm'] ) { $v_user = escapeshellarg($_POST['user']); $user = $_POST['user']; @@ -47,26 +85,42 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass exec ($cmd." ".$v_user." json", $output, $return_var); if ( $return_var == 0 ) { $data = json_decode(implode('', $output), true); + unset($output); $rkey = $data[$user]['RKEY']; if (hash_equals($rkey, $_POST['code'])) { - $v_password = tempnam("/tmp","vst"); - $fp = fopen($v_password, "w"); - fwrite($fp, $_POST['password']."\n"); - fclose($fp); - $cmd="/usr/bin/sudo /usr/local/vesta/bin/v-change-user-password"; - exec ($cmd." ".$v_user." ".$v_password, $output, $return_var); - unlink($v_password); - if ( $return_var > 0 ) { - $ERROR = "".__('An internal error occurred').""; + unset($output); + exec("/usr/bin/sudo /usr/local/vesta/bin/v-get-user-value ".$v_user." RKEYEXP", $output, $return_var); + $rkeyexp = trim(implode('', $output)); + if (strlen($rkeyexp)>9) $rkeyexp=intval($rkeyexp); + unset($output); + if ($rkeyexp > time() - 900) { + $v_password = tempnam("/tmp","vst"); + $fp = fopen($v_password, "w"); + fwrite($fp, $_POST['password']."\n"); + fclose($fp); + $cmd="/usr/bin/sudo /usr/local/vesta/bin/v-change-user-password"; + exec ($cmd." ".$v_user." ".$v_password, $output, $return_var); + unlink($v_password); + if ( $return_var > 0 ) { + sleep(5); + $ERROR = "".__('An internal error occurred').""; + } else { + $_SESSION['user'] = $_POST['user']; + header("Location: /"); + exit; + } } else { - $_SESSION['user'] = $_POST['user']; - header("Location: /"); - exit; + sleep(5); + $ERROR = "".__('Code has been expired').""; + exec("/usr/bin/sudo /usr/local/vesta/bin/v-log-failed-login " . $v_user . " " . $v_ip, $output, $return_var); } } else { + sleep(5); $ERROR = "".__('Invalid username or code').""; + exec("/usr/bin/sudo /usr/local/vesta/bin/v-log-failed-login " . $v_user . " " . $v_ip, $output, $return_var); } } else { + sleep(5); $ERROR = "".__('Invalid username or code').""; } } else { diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php index 5419d8ea..c0524ebb 100644 --- a/web/reset/mail/index.php +++ b/web/reset/mail/index.php @@ -149,7 +149,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[ $n_hash = '{MD5}'.$n_hash; // Change password - if ( $v_hash == $n_hash ) { + if ( hash_equals($v_hash, $n_hash ) ) { $v_new_password = tempnam("/tmp","vst"); $fp = fopen($v_new_password, "w"); fwrite($fp, $_POST['new']."\n"); diff --git a/web/schedule/backup/index.php b/web/schedule/backup/index.php index 67c7b44f..be7e713c 100644 --- a/web/schedule/backup/index.php +++ b/web/schedule/backup/index.php @@ -1,10 +1,17 @@ - + @@ -107,7 +107,7 @@ - + diff --git a/web/templates/admin/add_web.html b/web/templates/admin/add_web.html index d874be32..77e72239 100644 --- a/web/templates/admin/add_web.html +++ b/web/templates/admin/add_web.html @@ -95,7 +95,7 @@ - + @@ -114,7 +114,7 @@ - + @@ -171,7 +171,7 @@ - + @@ -181,7 +181,7 @@ - + @@ -191,7 +191,7 @@ - + diff --git a/web/templates/admin/edit_backup_exclusions.html b/web/templates/admin/edit_backup_exclusions.html index 819c9244..2c337555 100644 --- a/web/templates/admin/edit_backup_exclusions.html +++ b/web/templates/admin/edit_backup_exclusions.html @@ -50,7 +50,7 @@ - + @@ -60,7 +60,7 @@ - + @@ -70,7 +70,7 @@ - + @@ -80,7 +80,7 @@ - + diff --git a/web/templates/admin/edit_mail_acc.html b/web/templates/admin/edit_mail_acc.html index cf38065d..e11216a2 100644 --- a/web/templates/admin/edit_mail_acc.html +++ b/web/templates/admin/edit_mail_acc.html @@ -86,7 +86,7 @@ - + @@ -96,7 +96,7 @@ - + @@ -119,7 +119,7 @@ - + diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html index 59683b6d..888b081f 100644 --- a/web/templates/admin/edit_server.html +++ b/web/templates/admin/edit_server.html @@ -641,6 +641,17 @@

+ + + + + + + + "> +

+ + @@ -739,7 +750,7 @@ - + @@ -749,7 +760,7 @@ - + diff --git a/web/templates/admin/edit_server_bind9.html b/web/templates/admin/edit_server_bind9.html index 62d9051f..dae145fc 100644 --- a/web/templates/admin/edit_server_bind9.html +++ b/web/templates/admin/edit_server_bind9.html @@ -57,7 +57,7 @@ - + @@ -67,7 +67,7 @@ - + diff --git a/web/templates/admin/edit_server_dovecot.html b/web/templates/admin/edit_server_dovecot.html index f5b4bd27..38ebea60 100644 --- a/web/templates/admin/edit_server_dovecot.html +++ b/web/templates/admin/edit_server_dovecot.html @@ -56,7 +56,7 @@ - + - + @@ -79,7 +79,7 @@ - + @@ -89,7 +89,7 @@ - + @@ -99,7 +99,7 @@ - + @@ -109,7 +109,7 @@ - + @@ -119,7 +119,7 @@ - + @@ -130,7 +130,7 @@ - + @@ -141,7 +141,7 @@ - + diff --git a/web/templates/admin/edit_server_httpd.html b/web/templates/admin/edit_server_httpd.html index c58ae89d..03fca7bb 100644 --- a/web/templates/admin/edit_server_httpd.html +++ b/web/templates/admin/edit_server_httpd.html @@ -57,7 +57,7 @@ - + diff --git a/web/templates/admin/edit_server_mysql.html b/web/templates/admin/edit_server_mysql.html index 8c5325fd..96d2523f 100644 --- a/web/templates/admin/edit_server_mysql.html +++ b/web/templates/admin/edit_server_mysql.html @@ -127,7 +127,7 @@ - + diff --git a/web/templates/admin/edit_server_nginx.html b/web/templates/admin/edit_server_nginx.html index 2267089a..d85c75de 100644 --- a/web/templates/admin/edit_server_nginx.html +++ b/web/templates/admin/edit_server_nginx.html @@ -184,7 +184,7 @@ - + diff --git a/web/templates/admin/edit_server_pgsql.html b/web/templates/admin/edit_server_pgsql.html index 6aca48d4..0b7c65fc 100644 --- a/web/templates/admin/edit_server_pgsql.html +++ b/web/templates/admin/edit_server_pgsql.html @@ -56,7 +56,7 @@ - + @@ -66,7 +66,7 @@ - + diff --git a/web/templates/admin/edit_server_php.html b/web/templates/admin/edit_server_php.html index 16693f81..f2b144df 100644 --- a/web/templates/admin/edit_server_php.html +++ b/web/templates/admin/edit_server_php.html @@ -150,7 +150,7 @@ - + diff --git a/web/templates/admin/edit_server_service.html b/web/templates/admin/edit_server_service.html index 49a81f55..ac92762d 100644 --- a/web/templates/admin/edit_server_service.html +++ b/web/templates/admin/edit_server_service.html @@ -56,7 +56,7 @@ - + diff --git a/web/templates/admin/edit_web.html b/web/templates/admin/edit_web.html index 00600539..b0d79d25 100644 --- a/web/templates/admin/edit_web.html +++ b/web/templates/admin/edit_web.html @@ -82,7 +82,7 @@ - + @@ -172,7 +172,7 @@ - + @@ -218,7 +218,7 @@ - + @@ -228,7 +228,7 @@ - + @@ -238,7 +238,7 @@ - +
- +
diff --git a/web/templates/admin/list_backup_detail.html b/web/templates/admin/list_backup_detail.html index 39790652..a5063e1d 100644 --- a/web/templates/admin/list_backup_detail.html +++ b/web/templates/admin/list_backup_detail.html @@ -1,31 +1,27 @@ -
+ +

+
+
- +
- -
- - - - - - - - - -
-
+
- +
@@ -38,9 +34,10 @@ -
+
-
+
+
:
-
+
-
+
- +
@@ -102,11 +99,11 @@ if (!empty($key)) { ?> -
+
-
+
- +
@@ -150,11 +147,11 @@ if (!empty($key)) { ?> -
+
-
+
- +
@@ -197,11 +194,11 @@ if (!empty($key)) { ?> -
+
-
+
- +
@@ -245,11 +242,11 @@ if (!empty($key)) { ?> -
+
-
+
- +
@@ -293,11 +290,11 @@ if (!empty($key)) { ?> -
+
-
+
- +
@@ -332,11 +329,11 @@ -
+
-
+
- +
@@ -394,3 +391,4 @@
+ diff --git a/web/templates/admin/list_backup_exclusions.html b/web/templates/admin/list_backup_exclusions.html index efaaa450..2093278f 100644 --- a/web/templates/admin/list_backup_exclusions.html +++ b/web/templates/admin/list_backup_exclusions.html @@ -1,6 +1,6 @@
- +
diff --git a/web/templates/admin/list_cron.html b/web/templates/admin/list_cron.html index 4bea20c0..e6bec6b6 100644 --- a/web/templates/admin/list_cron.html +++ b/web/templates/admin/list_cron.html @@ -1,6 +1,6 @@
- +
'; + echo ''; } if($pgsql){ - echo ''; + echo ''; } ?>
phpMyAdminphpMyAdminphpPgAdminphpPgAdmin diff --git a/web/templates/admin/list_dns.html b/web/templates/admin/list_dns.html index 5ce29219..57a0d57e 100644 --- a/web/templates/admin/list_dns.html +++ b/web/templates/admin/list_dns.html @@ -1,6 +1,6 @@
- +