github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-20 21:34:11 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1 from serghey-rodin/master

Browse source 
update
This commit is contained in:
T. Mulyana 2019-10-01 20:42:54 +07:00 committed by GitHub
commit 6645586fb2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1099 changed files with 45624 additions and 8912 deletions
Download patch file Download diff file Expand all files Collapse all files

7
bin/v-add-backup-host
View file

@ -38,8 +38,7 @@ EOF
sftpc() { sftpc() {
expect -f "-" <<EOF "$@" expect -f "-" <<EOF "$@"
set count 0 set count 0
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \ spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
Port=$port $user@$host
expect { expect {
"password:" { "password:" {
send "$password\r" send "$password\r"
@ -94,12 +93,14 @@ EOF
if [ "$type" != 'local' ];then if [ "$type" != 'local' ];then
check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]" check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
is_format_valid 'host' is_format_valid 'user' 'host' 'path' 'port'
is_password_valid is_password_valid
if [ "$type" = 'sftp' ]; then if [ "$type" = 'sftp' ]; then
which expect >/dev/null 2>&1 which expect >/dev/null 2>&1
check_result $? "expect command not found" $E_NOTEXIST check_result $? "expect command not found" $E_NOTEXIST
fi fi
host "$host" >/dev/null 2>&1
check_result $? "host connection failed" "$E_CONNECT"
fi fi

4
bin/v-add-dns-on-web-alias
View file

@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l)
# Adding second level domain # Adding second level domain
if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
$BIN/v-add-dns-domain \ $BIN/v-add-dns-domain \
$user $alias $ip '' '' '' '' '' $restart >> /dev/null $user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
exit exit
fi fi
# Adding top-level domain and then its sub # Adding top-level domain and then its sub
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null $BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' $restart >> /dev/null
# Checking top-level domain # Checking top-level domain
if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then

8
bin/v-add-dns-record
View file

@ -45,10 +45,12 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
fi fi
fi fi
dvalue=${dvalue//\"/} if [ $rtype != "CAA" ]; then
dvalue=${dvalue//\"/}
if [[ "$dvalue" =~ [\;[:space:]] ]]; then if [[ "$dvalue" =~ [\;[:space:]] ]]; then
dvalue='"'"$dvalue"'"' dvalue='"'"$dvalue"'"'
fi
fi fi
# Additional argument formatting # Additional argument formatting

16
bin/v-add-firewall-chain
View file

@ -21,6 +21,12 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
# Defining absolute path to iptables # Defining absolute path to iptables
iptables="/sbin/iptables" iptables="/sbin/iptables"
# Get vesta port by reading nginx.conf
vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
if [ -z "$vestaport" ]; then
vestaport=8083
fi
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
@ -41,13 +47,19 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
# Checking known chains # Checking known chains
case $chain in case $chain in
SSH) port=22; protocol=TCP ;; SSH) # Get ssh port by reading ssh config file.
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [ -z "$sshport" ]; then
sshport=22
fi
port=$sshport;
protocol=TCP ;;
FTP) port=21; protocol=TCP ;; FTP) port=21; protocol=TCP ;;
MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;; MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;;
DNS) port=53; protocol=UDP ;; DNS) port=53; protocol=UDP ;;
WEB) port='80,443'; protocol=TCP ;; WEB) port='80,443'; protocol=TCP ;;
DB) port='3306,5432'; protocol=TCP ;; DB) port='3306,5432'; protocol=TCP ;;
VESTA) port=8083; protocol=TCP ;; VESTA) port=$vestaport; protocol=TCP ;;
*) check_args '2' "$#" 'CHAIN PORT' ;; *) check_args '2' "$#" 'CHAIN PORT' ;;
esac esac

254
bin/v-add-letsencrypt-domain
View file

@ -1,13 +1,8 @@
#!/bin/bash #!/bin/bash
# info: adding letsencrypt ssl cetificate for domain # info: check letsencrypt domain
# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY] # options: USER DOMAIN [ALIASES]
# #
# The function turns on SSL support for a domain. Parameter ssl_dir is a path # The function check and validates domain with Let's Encript
# to directory where 2 or 3 ssl files can be found. Certificate file
# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
# authority domain.tld.ca file is optional. If home directory parameter
# (ssl_home) is not set, https domain uses public_shtml as separate
# documentroot directory.
#----------------------------------------------------------# #----------------------------------------------------------#
@ -18,8 +13,9 @@
user=$1 user=$1
domain=$2 domain=$2
aliases=$3 aliases=$3
restart=$4
notify=$5 # LE API
API='https://acme-v02.api.letsencrypt.org'
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -27,30 +23,67 @@ source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
# Additional argument formatting # Additional argument formatting
format_domain_idn format_identifier_idn() {
identifier_idn=$identifier
if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
identifier_idn=$(idn -t --quiet -a $identifier_idn)
fi
}
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
curl -s -i -d "$post_data" "$1" -H "$content"
}
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]' check_args '2' "$#" 'USER DOMAIN [ALIASES]'
is_format_valid 'user' 'domain' is_format_valid 'user' 'domain' 'aliases'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain"
get_domain_values 'web'
# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
if [[ "$aliases" != "*.$domain" ]]; then
for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
if [ -z "$check_alias" ]; then
check_result $E_NOTEXIST "domain alias $alias doesn't exist"
fi
done
fi;
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Parsing domain data
get_domain_values 'web'
# Registering LetsEncrypt user account # Registering LetsEncrypt user account
$BIN/v-add-letsencrypt-user $user $BIN/v-add-letsencrypt-user $user
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
@ -62,53 +95,153 @@ fi
# Parsing LetsEncrypt account data # Parsing LetsEncrypt account data
source $USER_DATA/ssl/le.conf source $USER_DATA/ssl/le.conf
email=$EMAIL
# Validating domain and aliases # Checking wildcard alias
i=1 if [ "$aliases" = "*.$domain" ]; then
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do wildcard='yes'
$BIN/v-check-letsencrypt-domain $user $alias proto="dns-01"
if [ "$?" -ne 0 ]; then if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
touch $VESTA/data/queue/letsencrypt.pipe check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe fi
send_notice "LETSENCRYPT" "$alias validation failed" else
check_result $E_INVALID "LE domain validation" >/dev/null proto="http-01"
fi
# Requesting nonce / STEP 1
answer=$(curl -s -I "$API/directory")
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt nonce request status $status"
fi
# Placing new order / STEP 2
url="$API/acme/new-order"
payload='{"identifiers":['
for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
format_identifier_idn
payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
done
payload=$(echo "$payload"|sed "s/,$//")
payload=$payload']}'
answer=$(query_le_v2 "$url" "$payload" "$nonce")
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
if [[ "$status" -ne 201 ]]; then
check_result $E_CONNECT "Let's Encrypt new auth status $status"
fi
# Requesting authorization token / STEP 3
for auth in $authz; do
payload=''
answer=$(query_le_v2 "$auth" "$payload" "$nonce")
url=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
fi fi
# Checking LE limits per account # Accepting challenge / STEP 4
if [ "$i" -gt 100 ]; then if [ "$wildcard" = 'yes' ]; then
touch $VESTA/data/queue/letsencrypt.pipe record=$(printf "%s" "$token.$THUMB" |\
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe openssl dgst -sha256 -binary |encode_base64)
send_notice 'LETSENCRYPT' 'Limit of domains per account is reached' old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
check_result $E_LIMIT "LE can't sign more than 100 domains" old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
for old_record in $old_records; do
$BIN/v-delete-dns-record $user $domain $old_record
done
$BIN/v-add-dns-record $user $domain "_acme-challenge" "TXT" $record
check_result $? "DNS _acme-challenge record wasn't created"
else
if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
> $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$THUMB'";' >> $conf
echo '}' >> $conf
fi
if [ ! -e "$sconf" ]; then
ln -s "$conf" "$sconf"
fi
$BIN/v-restart-proxy
check_result $? "Proxy restart failed" >/dev/null
else
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
acme_challenge="$well_known/acme-challenge"
mkdir -p $acme_challenge
echo "$token.$THUMB" > $acme_challenge/$token
chown -R $user:$user $well_known
fi
$BIN/v-restart-web
check_result $? "Web restart failed" >/dev/null
fi
# Requesting ACME validation / STEP 5
validation_check=$(echo "$answer" |grep '"valid"')
if [[ ! -z "$validation_check" ]]; then
validation='valid'
else
validation='pending'
fi
# Doing pol check on status
i=1
while [ "$validation" = 'pending' ]; do
payload='{}'
answer=$(query_le_v2 "$url" "$payload" "$nonce")
validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt validation status $status"
fi
i=$((i + 1))
if [ "$i" -gt 10 ]; then
check_result $E_CONNECT "Let's Encrypt domain validation timeout"
fi
sleep 1
done
if [ "$validation" = 'invalid' ]; then
check_result $E_CONNECT "Let's Encrypt domain verification failed"
fi fi
i=$((i++))
done done
# Generating CSR
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \ # Generating new ssl certificate
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
"San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}') "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
# Signing CSR # Sending CSR to finalize order / STEP 6
crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir) csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
if [ "$?" -ne 0 ]; then payload='{"csr":"'$csr'"}'
touch $VESTA/data/queue/letsencrypt.pipe answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
send_notice "LETSENCRYPT" "$alias validation failed" status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
check_result "$E_INVALID" "LE $domain validation" certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
fi fi
echo "$crt" > $ssl_dir/$domain.crt
# Dowloading CA certificate # Downloading signed certificate / STEP 7
le_certs='https://letsencrypt.org/certs' curl -s "$certificate" -o $ssl_dir/$domain.pem
x1='lets-encrypt-x1-cross-signed.pem.txt'
x3='lets-encrypt-x3-cross-signed.pem.txt' # Splitting up downloaded pem
issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:") crt_end=$(grep -n END $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
if [ -z "$(echo $issuer|grep X3)" ]; then head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
else pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
curl -s $le_certs/$x3 > $ssl_dir/$domain.ca ca_end=$(grep -n "BEGIN" $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
fi ca_end=$(( pem_lines - crt_end + 1 ))
tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
# Adding SSL # Adding SSL
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME') ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
@ -140,18 +273,13 @@ update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
# Vesta # # Vesta #
#----------------------------------------------------------# #----------------------------------------------------------#
# Restarting web # Deleteing task from queue
$BIN/v-restart-web $restart touch $VESTA/data/queue/letsencrypt.pipe
if [ "$?" -ne 0 ]; then sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
fi
# Notifying user # Notifying user
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully" send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
# Deleteing task from queue
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
# Logging # Logging
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

125
bin/v-add-letsencrypt-user
View file

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
# info: register letsencrypt user account # info: register letsencrypt user account
# options: USER [EMAIL] # options: USER
# #
# The function creates and register LetsEncript account key # The function creates and register LetsEncript account
#----------------------------------------------------------# #----------------------------------------------------------#
@ -11,8 +11,9 @@
# Argument definition # Argument definition
user=$1 user=$1
email=$2
key_size=4096 # LE API
API='https://acme-v02.api.letsencrypt.org'
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -23,15 +24,38 @@ encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n=' cat |base64 |tr '+/' '-_' |tr -d '\r\n='
} }
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
curl -s -i -d "$post_data" "$1" -H "$content"
}
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [EMAIL]' check_args '1' "$#" 'USER'
is_format_valid 'user' is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
if [ -e "$USER_DATA/ssl/le.conf" ]; then if [ -e "$USER_DATA/ssl/le.conf" ]; then
source "$USER_DATA/ssl/le.conf"
fi
if [ ! -z "$KID" ]; then
exit exit
fi fi
@ -40,57 +64,57 @@ fi
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
api='https://acme-v01.api.letsencrypt.org'
if [ -z "$email" ]; then # Defining user email
email=$(get_user_value '$CONTACT') if [[ -z "$EMAIL" ]]; then
EMAIL=$(get_user_value '$CONTACT')
fi fi
agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n') # Defining user agreement
agreement=''
# Generating key # Generating user key
key="$USER_DATA/ssl/user.key" KEY="$USER_DATA/ssl/user.key"
if [ ! -e "$key" ]; then if [ ! -e "$KEY" ]; then
openssl genrsa -out $key $key_size >/dev/null 2>&1 openssl genrsa -out $KEY 4096 >/dev/null 2>&1
chmod 600 $key chmod 600 $KEY
fi fi
# Defining key exponent # Defining key exponent
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\ if [ -z "$EXPONENT" ]; then
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
xxd -r -p |encode_base64) grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
xxd -r -p |encode_base64)
fi
# Defining key modulus # Defining key modulus
modulus=$(openssl rsa -in "$key" -modulus -noout |\ if [ -z "$MODULUS" ]; then
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64) MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
fi
# Defining key thumb # Defining JWK
thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
# Defining JWK header # Defining key thumbnail
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' if [ -z "$THUMB" ]; then
header='{"alg":"RS256","jwk":'"$header"'}' THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
fi
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining registration query # Requesting ACME nonce
query='{"resource":"new-reg","contact":["mailto:'"$email"'"],' nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')
query=$query'"agreement":"'$agreement'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API # Creating ACME account
answer=$(curl -s -i -d "$data" "$api/acme/new-reg") url="$API/acme/new-acct"
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') payload='{"termsOfServiceAgreed": true}'
answer=$(query_le_v2 "$url" "$payload" "$nonce")
kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
# Checking http answer status # Checking answer status
if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
check_result $E_CONNECT "LetsEncrypt account registration $status" if [[ "${status:0:2}" -ne "20" ]]; then
check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
fi fi
@ -99,12 +123,17 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Adding le.conf # Adding le.conf
echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
chmod 660 $USER_DATA/ssl/le.conf echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
chmod 660 $USER_DATA/ssl/le.conf
else
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
fi
# Logging # Logging
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

1
bin/v-add-mail-domain
View file

@ -45,6 +45,7 @@ is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_domain_new 'mail' "$domain" is_domain_new 'mail' "$domain"
is_package_full 'MAIL_DOMAINS' is_package_full 'MAIL_DOMAINS'
is_dir_symlink $HOMEDIR/$user/mail
#----------------------------------------------------------# #----------------------------------------------------------#

106
bin/v-add-sys-mail-ssl Executable file
View file

@ -0,0 +1,106 @@
#!/bin/bash
# info: copy mail ssl certificate
# options: USER DOMAIN [RESTART]
#
# The function copies user domain SSL to mail SSL directory
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
restart=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain'
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining certificate location
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
dom_key="/home/$user/conf/web/ssl.$domain.key"
vst_crt="$VESTA/ssl/mail.crt"
vst_key="$VESTA/ssl/mail.key"
# Checking certificate
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
check_result $E_NOTEXIST "$domain certificate doesn't exist"
fi
# Checking difference
diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old >/dev/null 2>&1
mv $vst_key $vst_key.old >/dev/null 2>&1
cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key
else
restart=no
fi
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Updating vesta.conf
if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
else
sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
$VESTA/conf/vesta.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

97
bin/v-add-sys-vesta-ssl Executable file
View file

@ -0,0 +1,97 @@
#!/bin/bash
# info: add vesta ssl certificate
# options: USER DOMAIN [RESTART]
#
# The function copies user domain SSL to vesta SSL directory
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
restart=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining certificate location
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
dom_key="/home/$user/conf/web/ssl.$domain.key"
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Checking certificate
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
check_result $E_NOTEXIST "$domain certificate doesn't exist"
fi
# Checking difference
diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old
mv $vst_key $vst_key.old
cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key
else
restart=no
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
if [ ! -z "$FTP_SYSTEM" ]; then
$BIN/v-restart-service "$FTP_SYSTEM"
fi
if [ -e "/var/run/vesta-nginx.pid" ]; then
kill -HUP $(cat /var/run/vesta-nginx.pid)
else
service vesta restart
fi
fi
# Updating vesta.conf
if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
else
sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
$VESTA/conf/vesta.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

22
bin/v-add-user-package
View file

@ -30,37 +30,37 @@ is_package_new() {
is_package_consistent() { is_package_consistent() {
source $pkg_dir/$package.pkg source $pkg_dir/$package.pkg
if [ "$WEB_DOMAINS" != 'unlimited' ]; then if [ "$WEB_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS' is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
fi fi
if [ "$WEB_ALIASES" != 'unlimited' ]; then if [ "$WEB_ALIASES" != 'unlimited' ]; then
is_format_valid_int $WEB_ALIASES 'WEB_ALIASES' is_int_format_valid $WEB_ALIASES 'WEB_ALIASES'
fi fi
if [ "$DNS_DOMAINS" != 'unlimited' ]; then if [ "$DNS_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS' is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS'
fi fi
if [ "$DNS_RECORDS" != 'unlimited' ]; then if [ "$DNS_RECORDS" != 'unlimited' ]; then
is_format_valid_int $DNS_RECORDS 'DNS_RECORDS' is_int_format_valid $DNS_RECORDS 'DNS_RECORDS'
fi fi
if [ "$MAIL_DOMAINS" != 'unlimited' ]; then if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS' is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS'
fi fi
if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
fi fi
if [ "$DATABASES" != 'unlimited' ]; then if [ "$DATABASES" != 'unlimited' ]; then
is_format_valid_int $DATABASES 'DATABASES' is_int_format_valid $DATABASES 'DATABASES'
fi fi
if [ "$CRON_JOBS" != 'unlimited' ]; then if [ "$CRON_JOBS" != 'unlimited' ]; then
is_format_valid_int $CRON_JOBS 'CRON_JOBS' is_int_format_valid $CRON_JOBS 'CRON_JOBS'
fi fi
if [ "$DISK_QUOTA" != 'unlimited' ]; then if [ "$DISK_QUOTA" != 'unlimited' ]; then
is_format_valid_int $DISK_QUOTA 'DISK_QUOTA' is_int_format_valid $DISK_QUOTA 'DISK_QUOTA'
fi fi
if [ "$BANDWIDTH" != 'unlimited' ]; then if [ "$BANDWIDTH" != 'unlimited' ]; then
is_format_valid_int $BANDWIDTH 'BANDWIDTH' is_int_format_valid $BANDWIDTH 'BANDWIDTH'
fi fi
if [ "$BACKUPS" != 'unlimited' ]; then if [ "$BACKUPS" != 'unlimited' ]; then
is_format_valid_int $BACKUPS 'BACKUPS' is_int_format_valid $BACKUPS 'BACKUPS'
fi fi
is_format_valid_shell $SHELL is_format_valid_shell $SHELL
} }

14
bin/v-add-web-domain
View file

@ -47,6 +47,7 @@ is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_package_full 'WEB_DOMAINS' 'WEB_ALIASES' is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
is_domain_new 'web' "$domain,$aliases" is_domain_new 'web' "$domain,$aliases"
is_dir_symlink $HOMEDIR/$user/web
if [ ! -z "$ip" ]; then if [ ! -z "$ip" ]; then
is_ip_valid "$ip" "$user" is_ip_valid "$ip" "$user"
else else
@ -62,7 +63,7 @@ fi
source $USER_DATA/user.conf source $USER_DATA/user.conf
# Creating domain directories # Creating domain directories
mkdir -p $HOMEDIR/$user/web/$domain \ sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/public_shtml \
$HOMEDIR/$user/web/$domain/document_errors \ $HOMEDIR/$user/web/$domain/document_errors \
@ -79,7 +80,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
$HOMEDIR/$user/web/$domain/logs/ $HOMEDIR/$user/web/$domain/logs/
# Adding domain skeleton # Adding domain skeleton
cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1 sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
sed -i "s/%domain%/$domain/g" $file sed -i "s/%domain%/$domain/g" $file
done done
@ -90,7 +91,7 @@ chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/* chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
chmod 644 $HOMEDIR/$user/web/$domain/public_*html/* chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
# Addding PHP-FPM backend # Addding PHP-FPM backend
if [ ! -z "$WEB_BACKEND" ]; then if [ ! -z "$WEB_BACKEND" ]; then
@ -112,9 +113,12 @@ if [ "$aliases" = 'none' ]; then
ALIAS='' ALIAS=''
else else
ALIAS="www.$domain" ALIAS="www.$domain"
if [ ! -z "$aliases" ]; then if [ -z "$aliases" ]; then
ALIAS="$ALIAS,$aliases" ALIAS="www.$domain"
else
ALIAS="$aliases"
fi fi
ip_alias=$(get_ip_alias $domain) ip_alias=$(get_ip_alias $domain)
if [ ! -z "$ip_alias" ]; then if [ ! -z "$ip_alias" ]; then
ALIAS="$ALIAS,$ip_alias" ALIAS="$ALIAS,$ip_alias"

27
bin/v-add-web-domain-ssl
View file

@ -120,6 +120,33 @@ check_result $? "Web restart failed" >/dev/null
$BIN/v-restart-proxy $restart $BIN/v-restart-proxy $restart
check_result $? "Proxy restart failed" >/dev/null check_result $? "Proxy restart failed" >/dev/null
# Updating system ssl dependencies
if [ ! -z "$VESTA_CERTIFICATE" ]; then
crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
hostname=$(hostname)
if [ "$hostname" = "$domain" ]; then
$BIN/v-update-host-certificate $user $domain
fi
fi
if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
eval "$UPDATE_SSL_SCRIPT $user $domain"
fi
# Logging # Logging
log_history "enabled ssl support for $domain" log_history "enabled ssl support for $domain"
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

55
bin/v-backup-user
View file

@ -68,8 +68,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
(( ++i)) (( ++i))
done done
if [ -z "$BACKUP_TEMP" ]; then
BACKUP_TEMP=$BACKUP
fi
# Creating temporary directory # Creating temporary directory
tmpdir=$(mktemp -p /tmp -d) tmpdir=$(mktemp -p $BACKUP_TEMP -d)
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
@ -212,24 +216,32 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
cp $USER_DATA/ssl/$domain.* vesta/ cp $USER_DATA/ssl/$domain.* vesta/
fi fi
# Changin dir to documentroot
cd $HOMEDIR/$user/web/$domain
# Define exclude arguments # Define exclude arguments
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
set -f set -f
fargs=() fargs=()
fargs+=(--exclude='logs/*') fargs+=(--exclude='./logs/*')
if [ ! -z "$exlusion" ]; then if [ ! -z "$exlusion" ]; then
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
for xpath in $xdirs; do for xpath in $xdirs; do
fargs+=(--exclude=$xpath/*) if [ -d "$xpath" ]; then
echo "$(date "+%F %T") excluding directory $xpath" fargs+=(--exclude=$xpath/*)
msg="$msg\n$(date "+%F %T") excluding directory $xpath" echo "$(date "+%F %T") excluding directory $xpath"
msg="$msg\n$(date "+%F %T") excluding directory $xpath"
else
echo "$(date "+%F %T") excluding file $xpath"
msg="$msg\n$(date "+%F %T") excluding file $xpath"
fargs+=(--exclude=$xpath)
fi
done done
fi fi
set +f set +f
# Backup files # Backup files
cd $HOMEDIR/$user/web/$domain tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
done done
# Print total # Print total
@ -388,14 +400,17 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
grep "DB='$database'" $conf > vesta/db.conf grep "DB='$database'" $conf > vesta/db.conf
dump="$tmpdir/db/$database/$database.$TYPE.sql" dump="$tmpdir/db/$database/$database.$TYPE.sql"
dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz"
grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER" grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
case $TYPE in if [ ! -f "$dumpgz" ]; then
mysql) dump_mysql_database ;; case $TYPE in
pgsql) dump_pgsql_database ;; mysql) dump_mysql_database ;;
esac pgsql) dump_pgsql_database ;;
esac
# Compress dump # Compress dump
gzip -$BACKUP_GZIP $dump gzip -$BACKUP_GZIP $dump
fi
done done
# Print total # Print total
@ -445,11 +460,15 @@ if [ "$USER" != '*' ]; then
fi fi
fargs=() fargs=()
for xpath in $(echo "$USER" |tr ',' '\n'); do for xpath in $(echo "$USER" |tr ',' '\n'); do
fargs+=(-not) if [ -d "$xpath" ]; then
fargs+=(-path) fargs+=(--exclude=$xpath/*)
fargs+=("./$xpath*") echo "$(date "+%F %T") excluding directory $xpath" |\
echo "$(date "+%F %T") excluding directory $xpath" |\
tee -a $BACKUP/$user.log tee -a $BACKUP/$user.log
else
echo "$(date "+%F %T") excluding file $xpath" |\
tee -a $BACKUP/$user.log
fargs+=(--exclude=$xpath)
fi
done done
IFS=$'\n' IFS=$'\n'
@ -464,7 +483,7 @@ if [ "$USER" != '*' ]; then
echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
# Backup files and dirs # Backup files and dirs
tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
fi fi
done done
set +f set +f

3
bin/v-backup-users
View file

@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then
exit exit
fi fi
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf) check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
log=$VESTA/log/backup.log log=$VESTA/log/backup.log
if [ ! -z "$check_suspend" ]; then if [ ! -z "$check_suspend" ]; then

86
bin/v-change-sys-ip-nat
View file

@ -34,48 +34,72 @@ is_ip_valid "$ip"
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Changing nat ip # Updating IP
if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then
sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip
old=''
new=$nat_ip
else else
update_ip_value '$NAT' "$nat_ip" old=$(get_ip_value '$NAT')
fi new=$nat_ip
sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip
# Check ftp system if [ -z "$nat_ip" ]; then
if [ "$FTP_SYSTEM" = 'vsftpd' ]; then new=$ip
# Find configuration
if [ -e '/etc/vsftpd/vsftpd.conf' ]; then
conf='/etc/vsftpd/vsftpd.conf'
fi
if [ -e '/etc/vsftpd.conf' ]; then
conf='/etc/vsftpd.conf'
fi
# Update config
if [ -z "$(grep pasv_address $conf)" ]; then
if [ ! -z "$nat_ip" ]; then
echo "pasv_address=$nat_ip" >> $conf
fi
else
if [ ! -z "$nat_ip" ]; then
sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
else
sed -i "/pasv_address/d" $conf
fi
fi fi
fi fi
# Updating WEB configs
if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then
sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-web-domains $user no
done
$BIN/v-restart-dns $restart
fi
# Updating DNS configs
if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then
sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf
sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-dns-domains $user no
done
$BIN/v-restart-dns $restart
fi
# Updating FTP
if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then
conf=$(find /etc -name $FTP_SYSTEM.conf)
if [ -e "$conf" ]; then
sed -i "s/$old/$new/g" $conf
if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
check_pasv=$(grep pasv_address $conf)
if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
echo "pasv_address=$nat_ip" >> $conf
fi
if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then
sed -i "/pasv_address/d" $conf
fi
if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
fi
fi
fi
$BIN/v-restart-ftp $restart
fi
# Updating firewall
if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then
sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
$BIN/v-update-firewall
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #
#----------------------------------------------------------# #----------------------------------------------------------#
# Restart ftp server
$BIN/v-restart-ftp $restart
check_result $? "FTP restart failed" >/dev/null
# Logging # Logging
log_history "changed associated nat address on $ip to $nat_ip" '' 'admin' log_history "changed associated nat address on $ip to $nat_ip" '' 'admin'
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

12
bin/v-change-sys-service-config
View file

@ -95,13 +95,21 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
if [ "$service" = 'php' ]; then if [ "$service" = 'php' ]; then
if [ "$WEB_SYSTEM" = "nginx" ]; then if [ "$WEB_SYSTEM" = "nginx" ]; then
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p) if [ $(ps --no-headers -o comm 1) == systemd ]; then
service=$(systemctl | grep -o -E "php.*fpm.*\.service")
service=${service//.service/}
else
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
fi
else else
service=$WEB_SYSTEM service=$WEB_SYSTEM
fi fi
fi fi
service $service restart >/dev/null 2>&1 for single_service in $service; do
service $single_service restart >/dev/null 2>&1
done <<< "$service"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
for config in $dst; do for config in $dst; do
cat $config.vst.back > $config cat $config.vst.back > $config

4
bin/v-change-user-password
View file

@ -37,6 +37,10 @@ is_password_valid
echo "$user:$password" | /usr/sbin/chpasswd echo "$user:$password" | /usr/sbin/chpasswd
md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow) md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)
if [ "$user" = 'admin' ] && [ -e "$VESTA/web/reset.admin" ]; then
rm -f $VESTA/web/reset.admin
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

2
bin/v-change-web-domain-ip
View file

@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user"
# Preparing variables for vhost replace # Preparing variables for vhost replace
get_domain_values 'web' get_domain_values 'web'
old=$(get_real_ip $IP) old=$(get_real_ip $IP)
new=$ip new=$(get_real_ip $ip)
# Replacing vhost # Replacing vhost
replace_web_config "$WEB_SYSTEM" "$TPL.tpl" replace_web_config "$WEB_SYSTEM" "$TPL.tpl"

40
bin/v-check-api-key Executable file
View file

@ -0,0 +1,40 @@
#!/bin/bash
# info: check api key
# options: KEY
#
# The function checks a key file in /usr/local/vesta/data/keys/
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
if [ -z "$1" ]; then
echo "Error: key missmatch"
exit 9
fi
key=$(basename $1)
ip=${2-127.0.0.1}
time_n_date=$(date +'%T %F')
time=$(echo "$time_n_date" |cut -f 1 -d \ )
date=$(echo "$time_n_date" |cut -f 2 -d \ )
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ ! -e $VESTA/data/keys/$key ]; then
echo "Error: key missmatch"
echo "$date $time api $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
echo "$date $time api $ip successfully launched" >> $VESTA/log/auth.log
exit

162
bin/v-check-letsencrypt-domain
View file

@ -1,162 +0,0 @@
#!/bin/bash
# info: check letsencrypt domain
# options: USER DOMAIN
#
# The function check and validates domain with LetsEncript
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Additional argument formatting
format_domain_idn
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
fi
rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
if [ -z "$rdomain" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
source $USER_DATA/ssl/le.conf
api='https://acme-v01.api.letsencrypt.org'
r_domain=$(echo "$rdomain" |cut -f 2 -d \')
key="$USER_DATA/ssl/user.key"
exponent="$EXPONENT"
modulus="$MODULUS"
thumb="$THUMB"
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining ACME query (request challenge)
query='{"resource":"new-authz","identifier"'
query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
# Checking http answer status
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
if [[ "$status" -ne "201" ]]; then
check_result $E_CONNECT "LetsEncrypt challenge request $status"
fi
# Parsing domain nonce,token and uri
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
# Adding location wrapper for request challenge
if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$thumb'";' >> $conf
echo '}' >> $conf
fi
if [ ! -e "$sconf" ]; then
ln -s "$conf" "$sconf"
fi
else
acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
if [ ! -d "$acme" ]; then
mkdir -p $acme
fi
echo "$token.$thumb" > $acme/$token
chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
fi
# Restarting web server
if [ -z "$PROXY_SYSTEM" ]; then
$BIN/v-restart-web
check_result $? "Proxy restart failed" >/dev/null
else
$BIN/v-restart-proxy
$BIN/v-restart-web
check_result $? "Web restart failed" >/dev/null
fi
# Defining ACME query (request validation)
query='{"resource":"challenge","type":"http-01","keyAuthorization"'
query=$query':"'$token.$thumb'","token":"'$token'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$uri")
# Checking domain validation status
i=1
status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
while [ "$status" = 'pending' ]; do
answer=$(curl -s -i "$location")
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
sleep 1
i=$((i + 1))
if [ "$i" -gt 60 ]; then
check_result $E_CONNECT "$detail"
fi
done
if [ "$status" = 'invalid' ]; then
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
check_result $E_CONNECT "$detail"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

100
bin/v-check-user-hash Executable file
View file

@ -0,0 +1,100 @@
#!/bin/bash
# info: check user hash
# options: USER HASH [IP]
#
# The function verifies user hash
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
hash=$2; HIDE=2
ip=${3-127.0.0.1}
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
time_n_date=$(date +'%T %F')
time=$(echo "$time_n_date" |cut -f 1 -d \ )
date=$(echo "$time_n_date" |cut -f 2 -d \ )
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER HASH'
is_format_valid 'user'
# Checking user
if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
# Checking user hash
is_hash_valid
# Checking empty hash
if [[ -z "$hash" ]]; then
echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing user's salt
shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
then
salt=$(echo "$shadow" |cut -f 3 -d \$)
method=$(echo "$shadow" |cut -f 2 -d \$)
if [ "$method" -eq '1' ]; then
method='md5'
elif [ "$method" -eq '6' ]; then
method='sha-512'
else
echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
else
salt=${shadow:0:2}
method='des'
fi
# Checking salt
if [ -z "$salt" ]; then
echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
# Comparing hashes
if [[ "$shadow" != "$hash" ]]; then
echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
echo "$date $time $user $ip successfully logged in" >> $VESTA/log/auth.log
exit

3
bin/v-check-user-password
View file

@ -82,7 +82,8 @@ if [ -z "$salt" ]; then
fi fi
# Generating hash # Generating hash
hash=$($BIN/v-generate-password-hash $method $salt <<< $password) set -o noglob
hash=$($BIN/v-generate-password-hash $method $salt <<< "$password")
if [[ -z "$hash" ]]; then if [[ -z "$hash" ]]; then
echo "Error: password missmatch" echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log

2
bin/v-delete-mail-domain
View file

@ -56,7 +56,7 @@ fi
# Deleting dkim dns record # Deleting dkim dns record
if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
records=$($BIN/v-list-dns-records $user $domain plain) records=$($BIN/v-list-dns-records $user $domain plain)
dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
for id in $dkim_records; do for id in $dkim_records; do
$BIN/v-delete-dns-record $user $domain $id $BIN/v-delete-dns-record $user $domain $id
done done

75
bin/v-delete-sys-mail-ssl Executable file
View file

@ -0,0 +1,75 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
# Moving old certificates
if [ -e "$VESTA/ssl/mail.crt" ]; then
mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
fi
if [ -e "VESTA/ssl/mail.key" ]; then
mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
fi
# Updating vesta.conf value
sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

37
bin/v-delete-sys-vesta-ssl Executable file
View file

@ -0,0 +1,37 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Updating vesta.conf value
sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

2
bin/v-delete-user-favourites
View file

@ -32,6 +32,8 @@ case $system in
DNS_REC) is_format_valid 'id' ;; DNS_REC) is_format_valid 'id' ;;
*) is_format_valid 'object' *) is_format_valid 'object'
esac esac
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"

118
bin/v-get-user-salt Executable file
View file

@ -0,0 +1,118 @@
#!/bin/bash
# info: get user salt
# options: USER [IP] [FORMAT]
#
# The function provides users salt
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
ip=${2-127.0.0.1}
format=${3-shell}
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
time_n_date=$(date +'%T %F')
time=$(echo "$time_n_date" |cut -f 1 -d \ )
date=$(echo "$time_n_date" |cut -f 2 -d \ )
# JSON list function
json_list() {
echo '{'
echo ' "'$user'": {
"METHOD": "'$method'",
"SALT": "'$salt'",
"TIME": "'$time'",
"DATE": "'$date'"
}'
echo '}'
}
# SHELL list function
shell_list() {
echo "METHOD: $method"
echo "SALT: $salt"
}
# PLAIN list function
plain_list() {
echo -e "$method\t$salt"
}
# CSV list function
csv_list() {
echo "METHOD,SALT"
echo "$method, $salt"
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'USER [IP] [SALT]'
is_format_valid 'user'
# Checking user
if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing user's salt
shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
then
salt=$(echo "$shadow" |cut -f 3 -d \$)
method=$(echo "$shadow" |cut -f 2 -d \$)
if [ "$method" -eq '1' ]; then
method='md5'
elif [ "$method" -eq '6' ]; then
method='sha-512'
else
echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
else
salt=${shadow:0:2}
method='des'
fi
if [ -z "$salt" ]; then
echo "Error: password missmatch"
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
exit

1
bin/v-list-dns-domain
View file

@ -71,6 +71,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'dns' 'DOMAIN' "$domain" is_object_valid 'dns' 'DOMAIN' "$domain"

11
bin/v-list-letsencrypt-user
View file

@ -23,7 +23,8 @@ json_list() {
"EMAIL": "'$EMAIL'", "EMAIL": "'$EMAIL'",
"EXPONENT": "'$EXPONENT'", "EXPONENT": "'$EXPONENT'",
"MODULUS": "'$MODULUS'", "MODULUS": "'$MODULUS'",
"THUMB: "'$THUMB'" "THUMB": "'$THUMB'",
"KID": "'$KID'"
}' }'
echo '}' echo '}'
} }
@ -35,17 +36,18 @@ shell_list() {
echo "THUMB: $THUMB" echo "THUMB: $THUMB"
echo "EXPONENT: $EXPONENT" echo "EXPONENT: $EXPONENT"
echo "MODULUS: $MODULUS" echo "MODULUS: $MODULUS"
echo "KID: $KID"
} }
# PLAIN list function # PLAIN list function
plain_list() { plain_list() {
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB" echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID"
} }
# CSV list function # CSV list function
csv_list() { csv_list() {
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB" echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID"
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB" echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID"
} }
@ -54,6 +56,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist" check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"

3
bin/v-list-mail-domain-dkim-dns
View file

@ -57,6 +57,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'mail' 'DOMAIN' "$domain" is_object_valid 'mail' 'DOMAIN' "$domain"
@ -67,7 +68,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
# Parsing domain keys # Parsing domain keys
if [ -e "$USER_DATA/mail/$domain.pub" ]; then if [ -e "$USER_DATA/mail/$domain.pub" ]; then
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----") pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r")
pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g') pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
else else
pub="DKIM-SUPPORT-IS-NOT-ACTIVATED" pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"

19
bin/v-list-sys-config
View file

@ -51,7 +51,9 @@ json_list() {
"MAIL_URL": "'$MAIL_URL'", "MAIL_URL": "'$MAIL_URL'",
"DB_PMA_URL": "'$DB_PMA_URL'", "DB_PMA_URL": "'$DB_PMA_URL'",
"DB_PGA_URL": "'$DB_PGA_URL'", "DB_PGA_URL": "'$DB_PGA_URL'",
"SOFTACULOUS": "'$SOFTACULOUS'" "SOFTACULOUS": "'$SOFTACULOUS'",
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
} }
}' }'
} }
@ -138,6 +140,12 @@ shell_list() {
if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
echo "Language: $LANGUAGE" echo "Language: $LANGUAGE"
fi fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
echo "Mail SSL: $MAIL_CERTIFICATE"
fi
if [ ! -z "$VESTA_CERTIFICATE" ]; then
echo "Vesta SSL: $VESTA_CERTIFICATE"
fi
echo "Version: $VERSION" echo "Version: $VERSION"
} }
@ -151,7 +159,8 @@ plain_list() {
echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t" echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t" echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t" echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL" echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
echo -e "$VESTA_CERTIFICATE"
} }
@ -165,7 +174,8 @@ csv_list() {
echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM'," echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY'," echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP'," echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'" echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
echo echo
echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL'," echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT'," echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@ -176,6 +186,7 @@ csv_list() {
echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY'," echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP'," echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'" echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
echo echo
} }
@ -187,7 +198,7 @@ csv_list() {
# Listing data # Listing data
case $format in case $format in
json) json_list ;; json) json_list ;;
plain) shell_list ;; plain) plain_list ;;
csv) csv_list ;; csv) csv_list ;;
shell) shell_list ;; shell) shell_list ;;
esac esac

135
bin/v-list-sys-mail-ssl Executable file
View file

@ -0,0 +1,135 @@
#!/bin/bash
# info: list mail ssl certificate
# options: [FORMAT]
#
# The function of obtaining mail ssl files.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
echo '{'
echo -e "\t\"MAIL\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CA\": \"$ca\","
echo " \"SUBJECT\": \"$subj\","
echo " \"ALIASES\": \"$alt_dns\","
echo " \"NOT_BEFORE\": \"$before\","
echo " \"NOT_AFTER\": \"$after\","
echo " \"SIGNATURE\": \"$signature\","
echo " \"PUB_KEY\": \"$pub_key\","
echo " \"ISSUER\": \"$issuer\""
echo -e "\t}\n}"
}
# SHELL list function
shell_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$crt" ]; then
echo
echo
echo "SUBJECT: $subj"
if [ ! -z "$alt_dns" ]; then
echo "ALIASES: ${alt_dns//,/ }"
fi
echo "VALID FROM: $before"
echo "VALID TIL: $after"
echo "SIGNATURE: $signature"
echo "PUB_KEY: $pub_key"
echo "ISSUER: $issuer"
fi
}
# PLAIN list function
plain_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$ca" ]; then
echo -e "\n$ca"
fi
if [ ! -z "$crt" ]; then
echo "$subj"
echo "${alt_dns//,/ }"
echo "$before"
echo "$after"
echo "$signature"
echo "$pub_key"
echo "$issuer"
fi
}
# CSV list function
csv_list() {
echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
echo "PUB_KEY,ISSUER"
echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing SSL certificate
if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
exit
fi
crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
# Parsing SSL certificate details without CA
info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

1
bin/v-list-user
View file

@ -154,6 +154,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

1
bin/v-list-user-backup
View file

@ -75,6 +75,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER BACKUP [FORMAT]' check_args '2' "$#" 'USER BACKUP [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'backup' 'BACKUP' "$backup" is_object_valid 'backup' 'BACKUP' "$backup"

23
bin/v-list-user-log
View file

@ -23,7 +23,10 @@ json_list() {
objects=$(echo "$logs" |wc -l) objects=$(echo "$logs" |wc -l)
echo "{" echo "{"
for str in $logs; do for str in $logs; do
eval $str ID=$(echo "$str" |cut -f 2 -d \')
DATE=$(echo "$str" |cut -f 4 -d \')
TIME=$(echo "$str" |cut -f 6 -d \')
CMD=$(echo "$str" |cut -f 8 -d \')
CMD=${CMD//\"/\\\"} CMD=${CMD//\"/\\\"}
echo -n ' "'$ID'": { echo -n ' "'$ID'": {
"CMD": "'$CMD'", "CMD": "'$CMD'",
@ -46,13 +49,9 @@ shell_list() {
echo "DATE~TIME~CMD" echo "DATE~TIME~CMD"
echo "----~----~---" echo "----~----~---"
for str in $logs; do for str in $logs; do
eval $str DATE=$(echo "$str" |cut -f 4 -d \')
if [ -z "$DATE" ]; then TIME=$(echo "$str" |cut -f 6 -d \')
DATE='no' CMD=$(echo "$str" |cut -f 8 -d \')
fi
if [ -z "$TIME" ]; then
TIME='no'
fi
echo "$DATE~$TIME~$CMD" echo "$DATE~$TIME~$CMD"
done done
} }
@ -61,7 +60,9 @@ shell_list() {
plain_list() { plain_list() {
IFS=$'\n' IFS=$'\n'
for str in $logs; do for str in $logs; do
eval $str DATE=$(echo "$str" |cut -f 4 -d \')
TIME=$(echo "$str" |cut -f 6 -d \')
CMD=$(echo "$str" |cut -f 8 -d \')
echo -e "$ID\t$CMD\t$UNDO\t$TIME\t$DATE" echo -e "$ID\t$CMD\t$UNDO\t$TIME\t$DATE"
done done
} }
@ -71,7 +72,9 @@ csv_list() {
IFS=$'\n' IFS=$'\n'
echo "ID,CMD,UNDO,TIME,DATE" echo "ID,CMD,UNDO,TIME,DATE"
for str in $logs; do for str in $logs; do
eval $str DATE=$(echo "$str" |cut -f 4 -d \')
TIME=$(echo "$str" |cut -f 6 -d \')
CMD=$(echo "$str" |cut -f 8 -d \')
echo "$ID,\"$CMD\",\"$UNDO\",$TIME,$DATE" echo "$ID,\"$CMD\",\"$UNDO\",$TIME,$DATE"
done done
} }

1
bin/v-list-user-stats
View file

@ -115,6 +115,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

25
bin/v-list-users
View file

@ -15,9 +15,14 @@ format=${1-shell}
# JSON list function # JSON list function
json_list() { json_list() {
echo '{' echo '{'
object_count=$(grep '@' /etc/passwd |wc -l)
i=1 i=1
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
if [ $i -gt 1 ]; then
echo ","
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n ' "'$USER'": { echo -n ' "'$USER'": {
"FNAME": "'$FNAME'", "FNAME": "'$FNAME'",
@ -74,14 +79,8 @@ json_list() {
"TIME": "'$TIME'", "TIME": "'$TIME'",
"DATE": "'$DATE'" "DATE": "'$DATE'"
}' }'
if [ "$i" -lt "$object_count" ]; then
echo ','
else
echo
fi
((i++)) ((i++))
done < <(grep '@' /etc/passwd |cut -f1 -d:) done < <(grep '@' /etc/passwd |cut -f1 -d:)
echo '}' echo '}'
} }
@ -90,6 +89,9 @@ shell_list() {
echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE" echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE"
echo "---- --- --- --- --- -- ---- -- ---- ----" echo "---- --- --- --- --- -- ---- -- ---- ----"
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS" echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
@ -99,6 +101,9 @@ shell_list() {
# PLAIN list function # PLAIN list function
plain_list() { plain_list() {
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t" echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
@ -131,6 +136,9 @@ csv_list() {
echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE," echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
@ -151,6 +159,9 @@ csv_list() {
# Raw list function # Raw list function
raw_list() { raw_list() {
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
echo $VESTA/data/users/$USER/user.conf echo $VESTA/data/users/$USER/user.conf
cat $VESTA/data/users/$USER/user.conf cat $VESTA/data/users/$USER/user.conf
done < <(grep '@' /etc/passwd |cut -f1 -d:) done < <(grep '@' /etc/passwd |cut -f1 -d:)

1
bin/v-list-web-domain
View file

@ -110,6 +110,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"

2
bin/v-list-web-domain-ssl
View file

@ -19,6 +19,7 @@ source $VESTA/func/main.sh
# JSON list function # JSON list function
json_list() { json_list() {
issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
echo '{' echo '{'
echo -e "\t\"$domain\": {" echo -e "\t\"$domain\": {"
echo " \"CRT\": \"$crt\"," echo " \"CRT\": \"$crt\","
@ -97,6 +98,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"

1
bin/v-list-web-domains
View file

@ -100,6 +100,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

5
bin/v-open-fs-config
View file

@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then
echo "Error: invalid source path $src_file" echo "Error: invalid source path $src_file"
exit 2 exit 2
fi fi
spath=$(echo "$rpath" |egrep "/etc|/var/lib")
if [ -z "$spath" ]; then
echo "Error: invalid source path $src_file"
exit 2
fi
fi fi
# Reading conf # Reading conf

4
bin/v-rebuild-web-domains
View file

@ -37,7 +37,7 @@ is_object_unsuspended 'user' 'USER' "$user"
#----------------------------------------------------------# #----------------------------------------------------------#
# Deleting old web configs # Deleting old web configs
sed -i "/.*\/$user\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf sed -i "/.*\/$user\/conf\/web\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then
rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf
fi fi
@ -47,7 +47,7 @@ fi
# Deleting old proxy configs # Deleting old proxy configs
if [ ! -z "$PROXY_SYSTEM" ]; then if [ ! -z "$PROXY_SYSTEM" ]; then
sed -i "/.*\/$user\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf sed -i "/.*\/$user\/conf\/web\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then
rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf

32
bin/v-restore-user
View file

@ -229,8 +229,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
(( ++i)) (( ++i))
done done
if [ -z "$BACKUP_TEMP" ]; then
BACKUP_TEMP=$BACKUP
fi
# Creating temporary directory # Creating temporary directory
tmpdir=$(mktemp -p /tmp -d) tmpdir=$(mktemp -p $BACKUP_TEMP -d)
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
@ -402,15 +406,21 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
fi fi
# Restoring web domain data # Restoring web domain data
tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ chown $user $tmpdir
-C $HOMEDIR/$user/web/$domain/ chmod u+w $HOMEDIR/$user/web/$domain
if [ "$?" -ne 0 ]; then sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
rm -rf $tmpdir -C $HOMEDIR/$user/web/$domain/ --exclude=logs/* \
error="can't unpack $domain data tarball" 2> $HOMEDIR/$user/web/$domain/restore_errors.log
echo "$error" |$SENDMAIL -s "$subj" $email $notify if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
check_result "$E_PARSING" "$error"
fi fi
#if [ "$?" -ne 0 ]; then
# rm -rf $tmpdir
# error="can't unpack $domain data tarball"
# echo "$error" |$SENDMAIL -s "$subj" $email $notify
# sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
# check_result "$E_PARSING" "$error"
#fi
# Applying Fix for tar < 1.24 # Applying Fix for tar < 1.24
find $HOMEDIR/$user/web/$domain -type d \ find $HOMEDIR/$user/web/$domain -type d \
@ -588,7 +598,9 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
# Restoring emails # Restoring emails
if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ chown $user $tmpdir
chmod u+w $HOMEDIR/$user/mail/$domain_idn
sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
-C $HOMEDIR/$user/mail/$domain_idn/ -C $HOMEDIR/$user/mail/$domain_idn/
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
rm -rf $tmpdir rm -rf $tmpdir

93
bin/v-search-ssl-certificates Executable file
View file

@ -0,0 +1,93 @@
#!/bin/bash
# info: search ssl certificates
# options: [FORMAT]
#
# The function to obtain the list of available ssl certificates.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
IFS=$'\n'
objects=$(echo "$search_cmd" |wc -l)
i=1
echo '['
for str in $search_cmd; do
eval $str
if [ "$i" -lt "$objects" ]; then
echo -e "\t\"$USER:$DOMAIN\","
else
echo -e "\t\"$USER:$DOMAIN\""
fi
(( ++i))
done
echo "]"
}
# SHELL list function
shell_list() {
IFS=$'\n'
echo "USER DOMAIN"
echo "---- ------"
for str in $search_cmd; do
eval $str
echo "$USER $DOMAIN"
done
}
# PLAIN list function
plain_list() {
IFS=$'\n'
for str in $search_cmd; do
eval $str
echo -e "$USER\t$DOMAIN"
done
}
# CSV list function
csv_list() {
IFS=$'\n'
echo "USER,DOMAIN"
for str in $search_cmd; do
eval $str
echo "$USER,$DOMAIN"
done
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
cut -f 1 -d ' ' |\
sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list |column -t ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

110
bin/v-sign-letsencrypt-csr
View file

@ -1,110 +0,0 @@
#!/bin/bash
# info: sing letsencrypt csr
# options: USER DOMAIN CSR_DIR [FORMAT]
#
# The function signs certificate request using LetsEncript API
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
csr="$3/$domain.csr"
format=$4
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '3' "$#" 'USER DOMAIN CSR'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
fi
check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
if [ -z "$check_domain" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
if [ ! -e "$csr" ]; then
check_result $E_NOTEXIST "$csr doesn't exist"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
source $USER_DATA/ssl/le.conf
api='https://acme-v01.api.letsencrypt.org'
key="$USER_DATA/ssl/user.key"
exponent="$EXPONENT"
modulus="$MODULUS"
thumb="$THUMB"
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining ACME query (request challenge)
csr=$(openssl req -in $csr -outform DER |encode_base64)
query='{"resource":"new-cert","csr":"'$csr'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(mktemp)
curl -s -d "$data" "$api/acme/new-cert" -o $answer
if [ ! -z "$(grep Error $answer)" ]; then
detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
detail=$(echo "$detail" |awk -F "::" '{print $2}')
rm $answer
check_result $E_LIMIT "$detail"
fi
# Printing certificate
crt=$(cat "$answer" |openssl base64 -e)
rm $answer
if [ "$format" != 'json' ]; then
echo "-----BEGIN CERTIFICATE-----"
echo "$crt"
echo "-----END CERTIFICATE-----"
else
echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
echo -n '-----BEGIN CERTIFICATE-----\n'
echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
echo -n '-----END CERTIFICATE-----'
echo -e "\"\n\t\t}\n\t}"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

10
bin/v-suspend-dns-domain
View file

@ -41,6 +41,16 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain"
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Deleting system configs
if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
if [ -e '/etc/named.conf' ]; then
dns_conf='/etc/named.conf'
else
dns_conf='/etc/bind/named.conf'
fi
sed -i "/\/$user\/conf\/dns\/$domain.db\"/d" $dns_conf
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

14
bin/v-unsuspend-dns-domain
View file

@ -40,7 +40,21 @@ is_object_suspended 'dns' 'DOMAIN' "$domain"
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Creating system configs
if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
if [ -e '/etc/named.conf' ]; then
dns_conf='/etc/named.conf'
dns_group='named'
else
dns_conf='/etc/bind/named.conf'
dns_group='bind'
fi
# Adding zone in named.conf
named="zone \"$domain_idn\" {type master; file"
named="$named \"$HOMEDIR/$user/conf/dns/$domain.db\";};"
echo "$named" >> $dns_conf
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

3
bin/v-unsuspend-mail-account
View file

@ -48,6 +48,9 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
if [[ "$MAIL_SYSTEM" =~ exim ]]; then if [[ "$MAIL_SYSTEM" =~ exim ]]; then
md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5') md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA') quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
if [ "$quota" = 'unlimited' ]; then
quota=0
fi
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota" str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd

5
bin/v-update-firewall
View file

@ -51,11 +51,6 @@ if [ $? -ne 0 ]; then
conntrack_ftp='no' conntrack_ftp='no'
fi fi
# Checking custom OpenSSH port
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then
sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
fi
# Creating temporary file # Creating temporary file
tmp=$(mktemp) tmp=$(mktemp)

15
bin/v-update-host-certificate
View file

@ -72,11 +72,16 @@ chown $exim_user:mail $VESTA/ssl/certificate.crt
chown $exim_user:mail $VESTA/ssl/certificate.key chown $exim_user:mail $VESTA/ssl/certificate.key
# Restart exim, dovecot & vesta # Restart exim, dovecot & vesta
v-restart-mail $BIN/v-restart-mail
v-restart-service dovecot if [ ! -z "$IMAP_SYSTEM" ]; then
v-restart-service vesta $BIN/v-restart-service "$IMAP_SYSTEM"
fi
if [ ! -z "$FTP_SYSTEM" ]; then
$BIN/v-restart-service "$FTP_SYSTEM"
fi
if [ -f "/var/run/vesta-nginx.pid" ]; then
kill -HUP $(cat /var/run/vesta-nginx.pid)
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

53
bin/v-update-letsencrypt-ssl
View file

@ -22,42 +22,33 @@ source $VESTA/conf/vesta.conf
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Defining user list lecounter=0
users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
# Checking users # Checking user certificates
for user in $users; do for user in $($BIN/v-list-users plain |cut -f 1); do
USER_DATA=$VESTA/data/users/$user USER_DATA=$VESTA/data/users/$user
# Checking user certificates
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
crt="$VESTA/data/users/$user/ssl/$domain.crt" for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
crt_data=$(openssl x509 -text -in "$crt") crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
expire=$(echo "$crt_data" |grep "Not After") not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
expire=$(echo "$expire" |cut -f 2,3,4 -d :) expiration=$(date -d "$not_after" +%s)
expire=$(date -d "$expire" +%s)
now=$(date +%s) now=$(date +%s)
expire=$((expire - now)) seconds_valid=$((expiration - now))
expire=$((expire / 86400)) days_valid=$((seconds_valid / 86400))
domain=$(basename $crt |sed -e "s/.crt$//") if [[ "$days_valid" -lt 31 ]]; then
if [[ "$expire" -lt 31 ]]; then if [ $lecounter -gt 0 ]; then
aliases=$(echo "$crt_data" |grep DNS:) sleep 10
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//") fi
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d") ((lecounter++))
aliases=$(echo "$aliases" |grep -v "^$domain$") aliases=$(echo "$crt_data" |grep DNS:)
if [ ! -z "$aliases" ]; then aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g') aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases) aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
if [ $? -ne 0 ]; then aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
echo "$domain $msg" msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
fi if [ $? -ne 0 ]; then
else echo "$domain $msg"
msg==$($BIN/v-add-letsencrypt-domain $user $domain)
if [ $? -ne 0 ]; then
echo "$domain $msg"
fi
fi fi
sleep 10
fi fi
done done
done done

154
bin/v-update-sys-ip
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# info: update system ip # info: update system ip
# options: [USER] [IP_STATUS] # options: [NONE]
# #
# The function scans configured ip in the system and register them with vesta # The function scans configured ip in the system and register them with vesta
# internal database. This call is intended for use on vps servers, where ip is # internal database. This call is intended for use on vps servers, where ip is
@ -11,12 +11,10 @@
# Variable&Function # # Variable&Function #
#----------------------------------------------------------# #----------------------------------------------------------#
# Argument definition # Importing system variables
user=${1-admin} source /etc/profile
ip_status=${2-shared}
# Includes # Includes
source /etc/profile.d/vesta.sh
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/func/ip.sh source $VESTA/func/ip.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
@ -26,87 +24,84 @@ source $VESTA/conf/vesta.conf
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '0' "$#" '[USER] [IP_STATUS]'
is_format_valid 'user' 'ip_status'
is_object_valid 'user' 'USER' "$user" "$user"
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Get list of ip addresses # Listing system ip addresses
ip_list=$(/sbin/ip addr|grep 'inet '|grep global|awk '{print $2}') ips=$(/sbin/ip addr |grep 'inet ' |grep global |awk '{print $2}' |cut -f1 -d/)
ip_list=$(echo "$ip_list"|cut -f 1 -d /) v_ips=$(ls $VESTA/data/ips/)
ip_num=$(echo "$ip_list" | wc -l) ip_num=$(echo "$ips" |wc -l)
v_ip_num=$(echo "$v_ips" |wc -l)
# WorkAround for DHCP IP address # Checking primary IP change
vst_ip_list=$(ls $VESTA/data/ips/) if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
vst_ip_num=$(echo "$vst_ip_list" | wc -l) if [ "$ips" != "$v_ips" ]; then
new=$ips
if [ ! -z "$vst_ip_list" ] && [ "$vst_ip_num" -eq '1' ]; then old=$v_ips
if [ $ip_num -eq 1 ] && [ "$ip_list" != "$vst_ip_list" ]; then
new=$ip_list
old=$vst_ip_list
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
if [ ! -z "$PROXY_SYSTEM" ]; then
mv /etc/$PROXY_SYSTEM/conf.d/$old.conf \
/etc/$PROXY_SYSTEM/conf.d/$new.conf
sed -i "s/$old/$new/g" /etc/$PROXY_SYSTEM/conf.d/$new.conf
fi
if [ ! -z "$WEB_SYSTEM" ]; then
mv /etc/$WEB_SYSTEM/conf.d/$old.conf \
/etc/$WEB_SYSTEM/conf.d/$new.conf
sed -i "s/$old/$new/g" /etc/$WEB_SYSTEM/conf.d/$new.conf
sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
# Rebuild web domains
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-web-domains $user no
done
fi
if [ ! -z "$FTP_SYSTEM" ];then
ftpd_conf_file=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
sed -i "s/$old/$new/g" $ftpd_conf_file
fi
# Restarting web server
$BIN/v-restart-web
# Restarting ftp server
$BIN/v-restart-ftp
# Restarting proxy server
if [ ! -z "$PROXY_SYSTEM" ]; then
$BIN/v-restart-proxy
fi
# Restarting firewall
if [ ! -z "$FIREWALL_SYSTEM" ]; then
$BIN/v-update-firewall
fi
if [ ! -z "$DNS_SYSTEM" ]; then
# Rebuild dns domains
for user in $(ls $VESTA/data/users/); do
sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns.conf
sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns/*.conf
$BIN/v-rebuild-dns-domains $user no
done
$BIN/v-restart-dns
check_result $? "dns restart failed" >/dev/null
fi
# No further comparation is needed
exit
fi fi
fi fi
# Compare ips # Updating configs
for ip in $ip_list; do if [ ! -z "$old" ]; then
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
# Updating PROXY
if [ ! -z "$PROXY_SYSTEM" ]; then
cd /etc/$PROXY_SYSTEM/conf.d
if [ -e "$old.conf" ]; then
mv $old.conf $new.conf
sed -i "s/$old/$new/g" $new.conf
fi
fi
# Updating WEB
if [ ! -z "$WEB_SYSTEM" ]; then
cd /etc/$WEB_SYSTEM/conf.d
if [ -e "$old.conf" ]; then
mv $old.conf $new.conf
sed -i "s/$old/$new/g" $new.conf
fi
sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-web-domains $user no
done
$BIN/v-restart-proxy
$BIN/v-restart-web
fi
# Updating DNS
if [ ! -z "$DNS_SYSTEM" ]; then
sed -i "s/$old/$new/g" $VESTA/data/users/*/dns.conf
sed -i "s/$old/$new/g" $VESTA/data/users/*/dns/*.conf
for user in $(ls $VESTA/data/users/); do
$BIN/v-rebuild-dns-domains $user no
done
$BIN/v-restart-dns
fi
# Updating FTP
if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then
conf=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
if [ ! -z "$conf" ]; then
sed -i "s/$old/$new/g" $conf
$BIN/v-restart-ftp
fi
fi
# Updating firewall
if [ ! -z "$FIREWALL_SYSTEM" ]; then
sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
$BIN/v-update-firewall
fi
fi
# Adding system IP
for ip in $ips; do
check_ifconfig=$(/sbin/ifconfig |grep "$ip") check_ifconfig=$(/sbin/ifconfig |grep "$ip")
if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then
interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}'|uniq) interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}' |uniq)
interface=$(echo "$interface" |cut -f 1 -d : |head -n 1) interface=$(echo "$interface" |cut -f 1 -d : |head -n 1)
netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ ) netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ )
netmask=$(convert_cidr $netmask) netmask=$(convert_cidr $netmask)
@ -114,6 +109,15 @@ for ip in $ip_list; do
fi fi
done done
# Updating NAT
pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
if [ ! -e "$VESTA/data/ips/$pub_ip" ]; then
if [ -z "$(grep -R "$pub_ip" $VESTA/data/ips/)" ]; then
ip=$(ls -t $VESTA/data/ips/ |head -n1)
$BIN/v-change-sys-ip-nat $ip $pub_ip
fi
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #

22
bin/v-update-sys-rrd-mysql
View file

@ -14,6 +14,7 @@ period=${1-daily}
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/func/db.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
@ -66,23 +67,10 @@ for host in $hosts; do
fi fi
if [ "$period" = 'daily' ]; then if [ "$period" = 'daily' ]; then
# Defining host credentials mysql_connect $host
host_str=$(grep "HOST='$host'" $conf) query='SHOW GLOBAL STATUS'
for key in $host_str; do status=$(mysql_query "$query" 2>/dev/null)
eval ${key%%=*}=${key#*=} if [ $? -ne 0 ]; then
done
sql="mysql -h $HOST -u $USER -p$PASSWORD -e"
# Checking empty vars
if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ]; then
echo "Error: config is broken"
log_event "$E_PARSING" "$ARGUMENTS"
exit $E_PARSING
fi
# Parsing data
status=$($sql "SHOW GLOBAL STATUS" 2>/dev/null); code="$?"
if [ '0' -ne "$code" ]; then
active=0 active=0
slow=0 slow=0
else else

2
bin/v-update-sys-rrd-pgsql
View file

@ -85,7 +85,7 @@ for host in $hosts; do
# Parsing data # Parsing data
q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends) q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
FROM pg_stat_database;' FROM pg_stat_database;'
status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?" status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?"
if [ '0' -ne "$code" ]; then if [ '0' -ne "$code" ]; then
active=0 active=0
slow=0 slow=0

2
bin/v-update-sys-vesta
View file

@ -33,7 +33,7 @@ check_args '1' "$#" 'PACKAGE'
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
if [ -d "/etc/sysconfig" ]; then if [ -n "$(command -v yum)" ]; then
# Clean yum chache # Clean yum chache
yum -q clean all yum -q clean all

1
bin/v-update-user-counters
View file

@ -53,6 +53,7 @@ for user in $user_list; do
IP_OWNED=0 IP_OWNED=0
U_USERS=0 U_USERS=0
U_DISK=0 U_DISK=0
DISK=0
U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS') U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
if [ -z "$U_DISK_DIRS" ]; then if [ -z "$U_DISK_DIRS" ]; then
U_DISK_DIRS=0 U_DISK_DIRS=0

2
bin/v-update-user-quota
View file

@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user"
# Updating disk quota # Updating disk quota
# Had quota equals package value. Soft quota equals 90% of package value for warnings. # Had quota equals package value. Soft quota equals 90% of package value for warnings.
quota=$(get_user_value '$DISK_QUOTA') quota=$(get_user_value '$DISK_QUOTA')
soft=$(echo "$quota * 1024 * 0.90"|bc |cut -f 1 -d .) soft=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .) hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
# Searching home mount point # Searching home mount point

3
bin/v-update-user-stats
View file

@ -67,6 +67,9 @@ TOTAL_USERS=0
# Updating user stats # Updating user stats
for user in $user_list; do for user in $user_list; do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
USER_DATA=$VESTA/data/users/$user USER_DATA=$VESTA/data/users/$user
source $USER_DATA/user.conf source $USER_DATA/user.conf
next_month=$(date +'%m/01/%y' -d '+ 1 month') next_month=$(date +'%m/01/%y' -d '+ 1 month')

19
func/db.sh
View file

@ -38,23 +38,31 @@ mysql_connect() {
exit $E_CONNECT exit $E_CONNECT
fi fi
mysql_ver=$(cat $mysql_out |tail -n1 |cut -f 1 -d -) mysql_ver=$(cat $mysql_out |tail -n1 |cut -f 1 -d -)
mysql_fork="mysql"
check_mysql_fork=$(grep "MariaDB" $mysql_out)
if [ ! -z "$check_mysql_fork" ]; then
mysql_fork="mariadb"
fi
rm -f $mysql_out rm -f $mysql_out
} }
mysql_query() { mysql_query() {
mysql --defaults-file=$mycnf -e "$1" 2>/dev/null sql_tmp=$(mktemp)
echo "$1" > $sql_tmp
mysql --defaults-file=$mycnf < "$sql_tmp" 2>/dev/null
rm -f "$sql_tmp"
} }
mysql_dump() { mysql_dump() {
err="/tmp/e.mysql" err="/tmp/e.mysql"
mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
if [ '0' -ne "$?" ]; then if [ '0' -ne "$?" ]; then
rm -rf $tmpdir rm -rf $tmpdir
if [ "$notify" != 'no' ]; then if [ "$notify" != 'no' ]; then
echo -e "Can't dump database $database\n$(cat $err)" |\ echo -e "Can't dump database $database\n$(cat $err)" |\
$SENDMAIL -s "$subj" $email $SENDMAIL -s "$subj" $email
fi fi
echo "Error: dump $database failed" echo "Error: dump $database failed\n$(cat $err)"
log_event "$E_DB" "$ARGUMENTS" log_event "$E_DB" "$ARGUMENTS"
exit $E_DB exit $E_DB
fi fi
@ -84,7 +92,10 @@ psql_connect() {
} }
psql_query() { psql_query() {
psql -h $HOST -U $USER -c "$1" 2>/dev/null sql_tmp=$(mktemp)
echo "$1" > $sql_tmp
psql -h $HOST -U $USER -f "$sql_tmp" 2>/dev/null
rm -f $sql_tmp
} }
psql_dump() { psql_dump() {

26
func/domain.sh
View file

@ -215,7 +215,11 @@ add_web_config() {
fi fi
fi fi
trigger="${2/.*pl/.sh}" trigger="${2/%.tpl/.sh}"
if [[ "$2" =~ stpl$ ]]; then
trigger="${2/%.stpl/.sh}"
fi
if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
$WEBTPL/$1/$WEB_BACKEND/$trigger \ $WEBTPL/$1/$WEB_BACKEND/$trigger \
$user $domain $local_ip $HOMEDIR \ $user $domain $local_ip $HOMEDIR \
@ -269,7 +273,7 @@ replace_web_config() {
fi fi
} }
# Delete web configuartion # Delete web configuration
del_web_config() { del_web_config() {
conf="$HOMEDIR/$user/conf/web/$domain.$1.conf" conf="$HOMEDIR/$user/conf/web/$domain.$1.conf"
if [[ "$2" =~ stpl$ ]]; then if [[ "$2" =~ stpl$ ]]; then
@ -285,12 +289,16 @@ del_web_config() {
if [[ "$2" =~ stpl$ ]]; then if [[ "$2" =~ stpl$ ]]; then
conf="$HOMEDIR/$user/conf/web/s$1.conf" conf="$HOMEDIR/$user/conf/web/s$1.conf"
fi fi
get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf if [ -e "$conf" ]; then
sed -i "$top_line,$bottom_line d" $conf get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
sed -i "$top_line,$bottom_line d" $conf
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) fi
if [ "$web_domain" -eq '0' ]; then fi
sed -i "/.*\/$user\/.*$1.conf/d" /etc/$1/conf.d/vesta.conf # clean-up for both config styles if there is no more domains
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
if [ "$web_domain" -eq '0' ]; then
sed -i "/.*\/$user\/conf\/web\//d" /etc/$1/conf.d/vesta.conf
if [ -f "$conf" ]; then
rm -f $conf rm -f $conf
fi fi
fi fi
@ -335,7 +343,7 @@ is_web_domain_cert_valid() {
check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)" check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
fi fi
openssl s_server -quiet -cert $ssl_dir/$domain.crt \ openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \
-key $ssl_dir/$domain.key >> /dev/null 2>&1 & -key $ssl_dir/$domain.key >> /dev/null 2>&1 &
pid=$! pid=$!
sleep 0.5 sleep 0.5

4
func/ip.sh
View file

@ -26,7 +26,7 @@ get_ip_iface() {
} }
# Check ip address speciefic value # Check ip address specific value
is_ip_key_empty() { is_ip_key_empty() {
key="$1" key="$1"
string=$(cat $VESTA/data/ips/$ip) string=$(cat $VESTA/data/ips/$ip)
@ -141,7 +141,7 @@ get_real_ip() {
else else
nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*) nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
if [ ! -z "$nat" ]; then if [ ! -z "$nat" ]; then
echo "$nat" |cut -f 1 -d : |cut -f 7 -d / echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1
fi fi
fi fi
} }

41
func/main.sh
View file

@ -35,6 +35,7 @@ E_DB=17
E_RRD=18 E_RRD=18
E_UPDATE=19 E_UPDATE=19
E_RESTART=20 E_RESTART=20
E_TEAPOT=418
# Event string for logger # Event string for logger
for ((I=1; I <= $# ; I++)); do for ((I=1; I <= $# ; I++)); do
@ -212,7 +213,8 @@ is_object_new() {
# Check if object is valid # Check if object is valid
is_object_valid() { is_object_valid() {
if [ $2 = 'USER' ]; then if [ $2 = 'USER' ]; then
if [ ! -d "$VESTA/data/users/$3" ]; then user_vst_dir=$(basename $3)
if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
check_result $E_NOTEXIST "$1 $3 doesn't exist" check_result $E_NOTEXIST "$1 $3 doesn't exist"
fi fi
else else
@ -273,11 +275,27 @@ is_object_value_exist() {
is_password_valid() { is_password_valid() {
if [[ "$password" =~ ^/tmp/ ]]; then if [[ "$password" =~ ^/tmp/ ]]; then
if [ -f "$password" ]; then if [ -f "$password" ]; then
password=$(head -n1 $password) password="$(head -n1 $password)"
fi fi
fi fi
} }
# Check if hash is transmitted via file
is_hash_valid() {
if [[ "$hash" =~ ^/tmp/ ]]; then
if [ -f "$hash" ]; then
hash="$(head -n1 $hash)"
fi
fi
}
# Check if directory is a symlink
is_dir_symlink() {
if [[ -L "$1" ]]; then
check_result $E_FORBIDEN "$1 directory is a symlink"
fi
}
# Get object value # Get object value
get_object_value() { get_object_value() {
object=$(grep "$2='$3'" $USER_DATA/$1.conf) object=$(grep "$2='$3'" $USER_DATA/$1.conf)
@ -516,7 +534,7 @@ is_user_format_valid() {
is_domain_format_valid() { is_domain_format_valid() {
object_name=${2-domain} object_name=${2-domain}
exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]" exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]"
if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]]; then if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then
check_result $E_INVALID "invalid $object_name format :: $1" check_result $E_INVALID "invalid $object_name format :: $1"
fi fi
} }
@ -643,7 +661,7 @@ is_dbuser_format_valid() {
# DNS record type validator # DNS record type validator
is_dns_type_format_valid() { is_dns_type_format_valid() {
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA' known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA'
if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
check_result $E_INVALID "invalid dns record type format :: $1" check_result $E_INVALID "invalid dns record type format :: $1"
fi fi
@ -789,7 +807,16 @@ is_password_format_valid() {
check_result $E_INVALID "invalid password format :: $1" check_result $E_INVALID "invalid password format :: $1"
fi fi
} }
# Missing function -
# Before: validate_format_shell
# After: is_format_valid_shell
is_format_valid_shell() {
if [ -z "$(grep -w $1 /etc/shells)" ]; then
echo "Error: shell $1 is not valid"
log_event "$E_INVALID" "$EVENT"
exit $E_INVALID
fi
}
# Format validation controller # Format validation controller
is_format_valid() { is_format_valid() {
for arg_name in $*; do for arg_name in $*; do
@ -857,6 +884,8 @@ is_format_valid() {
rtype) is_dns_type_format_valid "$arg" ;; rtype) is_dns_type_format_valid "$arg" ;;
rule) is_int_format_valid "$arg" "rule id" ;; rule) is_int_format_valid "$arg" "rule id" ;;
soa) is_domain_format_valid "$arg" 'SOA' ;; soa) is_domain_format_valid "$arg" 'SOA' ;;
#missing command: is_format_valid_shell
shell) is_format_valid_shell "$arg" ;;
stats_pass) is_password_format_valid "$arg" ;; stats_pass) is_password_format_valid "$arg" ;;
stats_user) is_user_format_valid "$arg" "$arg_name" ;; stats_user) is_user_format_valid "$arg" "$arg_name" ;;
template) is_object_format_valid "$arg" "$arg_name" ;; template) is_object_format_valid "$arg" "$arg_name" ;;
@ -906,7 +935,7 @@ format_aliases() {
aliases=$(echo "$aliases" |tr -s '.') aliases=$(echo "$aliases" |tr -s '.')
aliases=$(echo "$aliases" |sed -e "s/[.]*$//g") aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
aliases=$(echo "$aliases" |sed -e "s/^[.]*//") aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d") aliases=$(echo "$aliases" |sed -e "/^$/d")
aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//") aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
fi fi
} }

43
func/rebuild.sh
View file

@ -71,6 +71,9 @@ rebuild_user_conf() {
echo "$BIN/v-update-web-domains-disk $user" \ echo "$BIN/v-update-web-domains-disk $user" \
>> $VESTA/data/queue/disk.pipe >> $VESTA/data/queue/disk.pipe
if [[ -L "$HOMEDIR/$user/web" ]]; then
rm $HOMEDIR/$user/web
fi
mkdir -p $HOMEDIR/$user/conf/web mkdir -p $HOMEDIR/$user/conf/web
mkdir -p $HOMEDIR/$user/web mkdir -p $HOMEDIR/$user/web
mkdir -p $HOMEDIR/$user/tmp mkdir -p $HOMEDIR/$user/tmp
@ -105,6 +108,9 @@ rebuild_user_conf() {
echo "$BIN/v-update-mail-domains-disk $user" \ echo "$BIN/v-update-mail-domains-disk $user" \
>> $VESTA/data/queue/disk.pipe >> $VESTA/data/queue/disk.pipe
if [[ -L "$HOMEDIR/$user/mail" ]]; then
rm $HOMEDIR/$user/mail
fi
mkdir -p $HOMEDIR/$user/conf/mail mkdir -p $HOMEDIR/$user/conf/mail
mkdir -p $HOMEDIR/$user/mail mkdir -p $HOMEDIR/$user/mail
chmod 751 $HOMEDIR/$user/mail chmod 751 $HOMEDIR/$user/mail
@ -146,7 +152,7 @@ rebuild_web_domain_conf() {
prepare_web_domain_values prepare_web_domain_values
# Rebuilding domain directories # Rebuilding domain directories
mkdir -p $HOMEDIR/$user/web/$domain \ sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/public_shtml \
$HOMEDIR/$user/web/$domain/document_errors \ $HOMEDIR/$user/web/$domain/document_errors \
@ -172,7 +178,8 @@ rebuild_web_domain_conf() {
# Propagating html skeleton # Propagating html skeleton
if [ ! -e "$WEBTPL/skel/document_errors/" ]; then if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/ sudo -u $user cp -r $WEBTPL/skel/document_errors/ \
$HOMEDIR/$user/web/$domain/
fi fi
# Set folder permissions # Set folder permissions
@ -535,12 +542,30 @@ rebuild_mail_domain_conf() {
rebuild_mysql_database() { rebuild_mysql_database() {
mysql_connect $HOST mysql_connect $HOST
mysql_query "CREATE DATABASE \`$DB\` CHARACTER SET $CHARSET" >/dev/null mysql_query "CREATE DATABASE \`$DB\` CHARACTER SET $CHARSET" >/dev/null
if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then if [ "$mysql_fork" = "mysql" ]; then
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" >/dev/null # mysql
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" >/dev/null if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then
query="UPDATE mysql.user SET authentication_string='$MD5'" # mysql >= 5.7
query="$query WHERE User='$DBUSER'" mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null
query="UPDATE mysql.user SET authentication_string='$MD5'"
query="$query WHERE User='$DBUSER'"
else
# mysql < 5.7
query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'"
fi
else else
# mariadb
if [ "$(echo $mysql_ver |cut -d '.' -f1)" -eq 5 ]; then
# mariadb = 5
mysql_query "CREATE USER \`$DBUSER\`" > /dev/null
mysql_query "CREATE USER \`$DBUSER\`@localhost" > /dev/null
else
# mariadb = 10
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null
fi
# mariadb any version
query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'" query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'"
fi fi
mysql_query "GRANT ALL ON \`$DB\`.* TO \`$DBUSER\`@\`%\`" >/dev/null mysql_query "GRANT ALL ON \`$DB\`.* TO \`$DBUSER\`@\`%\`" >/dev/null
@ -576,7 +601,7 @@ rebuild_pgsql_database() {
exit $E_CONNECT exit $E_CONNECT
fi fi
query="CREATE ROLE $DBUSER" query="CREATE ROLE $DBUSER WITH LOGIN"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'" query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
@ -593,7 +618,7 @@ rebuild_pgsql_database() {
query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER" query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
query="GRANT CONNECT ON DATABASE template1 to $dbuser" query="GRANT CONNECT ON DATABASE template1 to $DBUSER"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
} }

1
install/debian/7/nginx/nginx.conf
View file

@ -50,6 +50,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

7
install/debian/7/pma/config.inc.php
View file

@ -137,6 +137,13 @@ if (!empty($dbname)) {
$cfg['UploadDir'] = ''; $cfg['UploadDir'] = '';
$cfg['SaveDir'] = ''; $cfg['SaveDir'] = '';
/*
* Temp dir for faster beahivour
*
*/
$cfg['TempDir'] = '/tmp';
/* Support additional configurations */ /* Support additional configurations */
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
{ {

2
install/debian/7/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

2
install/debian/7/templates/web/apache2/basedir.stpl
View file

@ -15,7 +15,7 @@
AllowOverride All AllowOverride All
SSLRequireSSL SSLRequireSSL
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"

2
install/debian/7/templates/web/apache2/hosting.stpl
View file

@ -22,7 +22,7 @@
php_admin_flag mysql.allow_persistent off php_admin_flag mysql.allow_persistent off
php_admin_flag safe_mode off php_admin_flag safe_mode off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>

2
install/debian/7/templates/web/apache2/phpcgi.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php Action phpcgi-script /cgi-bin/php

2
install/debian/7/templates/web/apache2/phpfcgid.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
<Files *.php> <Files *.php>

3
install/debian/7/templates/web/nginx/caching.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

3
install/debian/7/templates/web/nginx/default.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

5
install/debian/7/templates/web/nginx/hosting.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
@ -31,7 +30,7 @@ server {
location ~ /\.hg/ {return 404;} location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;} location ~ /\.bzr/ {return 404;}
disable_symlinks if_not_owner from=%docroot%; disable_symlinks if_not_owner from=%sdocroot%;
include %home%/%user%/conf/web/snginx.%domain%.conf*; include %home%/%user%/conf/web/snginx.%domain%.conf*;
} }

9
install/debian/7/templates/web/nginx/http2.stpl
View file

@ -1,17 +1,16 @@
server { server {
listen %ip%:%proxy_ssl_port% http2; listen %ip%:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/debian/7/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

98
install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -11,68 +11,52 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location / {
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

99
install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -7,69 +7,52 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location / {
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

90
install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -11,70 +11,58 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location = /favicon.ico { location @rewrite {
log_not_found off; rewrite ^/(.*)$ /index.php?q=$1;
access_log off;
} }
location = /robots.txt { location / {
allow all; location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
} }
location ~* \.(txt|log)$ { location = /robots.txt {
allow 192.168.0.0/16; allow all;
deny all; log_not_found off;
} access_log off;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403; return 403;
} }
location / { location ~ ^/sites/.*/private/ {
try_files $uri @rewrite; return 403;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) { fastcgi_pass %backend_lsnr%;
return 404; include /etc/nginx/fastcgi_params;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
} }
} }
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

99
install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -7,71 +7,58 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico { location @rewrite {
log_not_found off; rewrite ^/(.*)$ /index.php?q=$1;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; location = /favicon.ico {
log_not_found off;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { access_log off;
expires max;
} }
location ~ [^/]\.php(/|$) { location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) { fastcgi_pass %backend_lsnr%;
return 404; include /etc/nginx/fastcgi_params;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
} }
} }
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

94
install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -11,71 +11,63 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location = /favicon.ico { location @rewrite {
log_not_found off; rewrite ^/(.*)$ /index.php?q=$1;
access_log off;
} }
location = /robots.txt { location / {
allow all; location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
} }
location ~* \.(txt|log)$ { location = /robots.txt {
allow 192.168.0.0/16; allow all;
deny all; log_not_found off;
} access_log off;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403; return 403;
} }
location / { location ~ ^/sites/.*/private/ {
try_files $uri @rewrite; return 403;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) { fastcgi_pass %backend_lsnr%;
return 404; include /etc/nginx/fastcgi_params;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
} }
} }
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

103
install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -7,72 +7,63 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico { location @rewrite {
log_not_found off; rewrite ^/(.*)$ /index.php?q=$1;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; location = /favicon.ico {
log_not_found off;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { access_log off;
expires max;
} }
location ~ [^/]\.php(/|$)|^/update.php { location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) { fastcgi_pass %backend_lsnr%;
return 404; include /etc/nginx/fastcgi_params;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
} }
} }
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

2
install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl
View file

@ -3,7 +3,7 @@ server {
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
root %docroot%; root %sdocroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

2
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl
View file

@ -1,7 +1,7 @@
server { server {
listen %ip%:%web_ssl_port%; listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
root %docroot%; root %sdocroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

89
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl Normal file
View file

@ -0,0 +1,89 @@
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}

85
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl Normal file
View file

@ -0,0 +1,85 @@
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain%.conf*;
}

1
install/debian/8/nginx/nginx.conf
View file

@ -51,6 +51,7 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

7
install/debian/8/pma/config.inc.php
View file

@ -137,6 +137,13 @@ if (!empty($dbname)) {
$cfg['UploadDir'] = ''; $cfg['UploadDir'] = '';
$cfg['SaveDir'] = ''; $cfg['SaveDir'] = '';
/*
* Temp dir for faster beahivour
*
*/
$cfg['TempDir'] = '/tmp';
/* Support additional configurations */ /* Support additional configurations */
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
{ {

2
install/debian/8/sudo/admin
View file

@ -4,5 +4,5 @@ Defaults:admin !syslog
Defaults:admin !requiretty Defaults:admin !requiretty
Defaults:root !requiretty Defaults:root !requiretty
admin ALL=(ALL) ALL # sudo is limited to vesta scripts
admin ALL=NOPASSWD:/usr/local/vesta/bin/* admin ALL=NOPASSWD:/usr/local/vesta/bin/*

2
install/debian/8/templates/web/apache2/basedir.stpl
View file

@ -15,7 +15,7 @@
AllowOverride All AllowOverride All
SSLRequireSSL SSLRequireSSL
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"

2
install/debian/8/templates/web/apache2/hosting.stpl
View file

@ -22,7 +22,7 @@
php_admin_flag mysql.allow_persistent off php_admin_flag mysql.allow_persistent off
php_admin_flag safe_mode off php_admin_flag safe_mode off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>

2
install/debian/8/templates/web/apache2/phpcgi.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php Action phpcgi-script /cgi-bin/php

2
install/debian/8/templates/web/apache2/phpfcgid.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
<Files *.php> <Files *.php>

3
install/debian/8/templates/web/nginx/caching.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

3
install/debian/8/templates/web/nginx/default.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

5
install/debian/8/templates/web/nginx/hosting.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
@ -31,7 +30,7 @@ server {
location ~ /\.hg/ {return 404;} location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;} location ~ /\.bzr/ {return 404;}
disable_symlinks if_not_owner from=%docroot%; disable_symlinks if_not_owner from=%sdocroot%;
include %home%/%user%/conf/web/snginx.%domain%.conf*; include %home%/%user%/conf/web/snginx.%domain%.conf*;
} }

9
install/debian/8/templates/web/nginx/http2.stpl
View file

@ -1,17 +1,16 @@
server { server {
listen %ip%:%proxy_ssl_port% http2; listen %ip%:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/debian/8/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

98
install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -11,68 +11,52 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location / {
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

99
install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -7,69 +7,52 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
}
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location / {
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

90
install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -11,70 +11,58 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location = /favicon.ico { location @rewrite {
log_not_found off; rewrite ^/(.*)$ /index.php?q=$1;
access_log off;
} }
location = /robots.txt { location / {
allow all; location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
} }
location ~* \.(txt|log)$ { location = /robots.txt {
allow 192.168.0.0/16; allow all;
deny all; log_not_found off;
} access_log off;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403; return 403;
} }
location / { location ~ ^/sites/.*/private/ {
try_files $uri @rewrite; return 403;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
} }
location ~ [^/]\.php(/|$) { location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) { fastcgi_pass %backend_lsnr%;
return 404; include /etc/nginx/fastcgi_params;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
} }
} }
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

Some files were not shown because too many files have changed in this diff Show more