From 902a7c975a69dc5610fc0dad414d6ab0e69b5457 Mon Sep 17 00:00:00 2001 From: dpeca Date: Wed, 19 Oct 2016 13:37:52 +0000 Subject: [PATCH 1/3] Removing the malfunctioning RPAF Apache2 module and substituting it with a working RemoteIP module --- install/vst-install-debian.sh | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 65a9ebf91..c5b6e30ed 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -20,7 +20,7 @@ vestacp="http://$CHOST/$VERSION/$release" if [ "$release" -eq 8 ]; then software="nginx apache2 apache2-utils apache2.2-common - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf + apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon @@ -32,7 +32,7 @@ if [ "$release" -eq 8 ]; then bsdmainutils cron vesta vesta-nginx vesta-php expect" else software="nginx apache2 apache2-utils apache2.2-common - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf + apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd proftpd-basic proftpd-mod-vroot bind9 exim4 exim4-daemon-heavy @@ -527,7 +527,6 @@ if [ "$apache" = 'no' ]; then software=$(echo "$software" | sed -e "s/apache2-suexec-custom//") software=$(echo "$software" | sed -e "s/apache2.2-common//") software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//") - software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//") software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//") software=$(echo "$software" | sed -e "s/libapache2-mod-php5//") fi @@ -830,6 +829,7 @@ if [ "$apache" = 'yes' ]; then a2enmod ssl a2enmod actions a2enmod ruid2 + a2enmod headers mkdir -p /etc/apache2/conf.d echo > /etc/apache2/conf.d/vesta.conf echo "# Powered by vesta" > /etc/apache2/sites-available/default @@ -1164,9 +1164,9 @@ $VESTA/bin/v-change-user-language admin $lang # RoundCube permissions fix if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then - if [ ! -d "/var/log/roundcube" ]; then - mkdir /var/log/roundcube - fi + if [ ! -d "/var/log/roundcube" ]; then + mkdir /var/log/roundcube + fi chown admin:admin /var/log/roundcube fi @@ -1175,9 +1175,11 @@ $VESTA/bin/v-update-sys-ip # Get main ip ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) +copy_of_ip=$ip # Get public ip pub_ip=$(curl -s vestacp.com/what-is-my-ip/) + if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip ip=$pub_ip @@ -1188,6 +1190,26 @@ if [ "$iptables" = 'yes' ]; then $VESTA/bin/v-update-firewall fi +# Configuring libapache2-mod-remoteip +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + # Get public ip after firewall update + copy_of_pub_ip=$(curl -s vestacp.com/what-is-my-ip/) + echo "" > /etc/apache2/mods-available/remoteip.conf + echo " RemoteIPHeader X-Real-IP" >> /etc/apache2/mods-available/remoteip.conf + if [ "$copy_of_ip" != "127.0.0.1" ] && [ "$copy_of_pub_ip" != "127.0.0.1" ]; then + echo " RemoteIPInternalProxy 127.0.0.1" >> /etc/apache2/mods-available/remoteip.conf + fi + if [ ! -z "$copy_of_ip" ] && [ "$copy_of_ip" != "$copy_of_pub_ip" ]; then + echo " RemoteIPInternalProxy $copy_of_ip" >> /etc/apache2/mods-available/remoteip.conf + fi + if [ ! -z "$copy_of_pub_ip" ]; then + echo " RemoteIPInternalProxy $copy_of_pub_ip" >> /etc/apache2/mods-available/remoteip.conf + fi + echo "" >> /etc/apache2/mods-available/remoteip.conf + a2enmod remoteip + service apache2 restart +fi + # Configuring mysql host if [ "$mysql" = 'yes' ]; then $VESTA/bin/v-add-database-host mysql localhost root $vpass From 6531834def29ceced63d7ceeb1ebb927668517f6 Mon Sep 17 00:00:00 2001 From: dpeca Date: Wed, 19 Oct 2016 14:06:44 +0000 Subject: [PATCH 2/3] Enabling real-IPs in Apache2 logs --- install/vst-install-debian.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index c5b6e30ed..ff1e5c39b 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1206,6 +1206,7 @@ if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then echo " RemoteIPInternalProxy $copy_of_pub_ip" >> /etc/apache2/mods-available/remoteip.conf fi echo "" >> /etc/apache2/mods-available/remoteip.conf + sed -i "s/LogFormat \"%h/LogFormat \"%a/g" /etc/apache2/apache2.conf a2enmod remoteip service apache2 restart fi From 5356e95d2fd06dafcc06cd106ca77d1b3c2453d0 Mon Sep 17 00:00:00 2001 From: dpeca Date: Thu, 20 Oct 2016 00:57:12 +0200 Subject: [PATCH 3/3] Fixing a bug that caused $pub_ip is always empty string Putting update-firewall before getting $pub_ip is fixing this issue --- install/vst-install-debian.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ff1e5c39b..49c39d6b3 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1177,6 +1177,11 @@ $VESTA/bin/v-update-sys-ip ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) copy_of_ip=$ip +# Firewall configuration +if [ "$iptables" = 'yes' ]; then + $VESTA/bin/v-update-firewall +fi + # Get public ip pub_ip=$(curl -s vestacp.com/what-is-my-ip/) @@ -1185,15 +1190,9 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then ip=$pub_ip fi -# Firewall configuration -if [ "$iptables" = 'yes' ]; then - $VESTA/bin/v-update-firewall -fi - # Configuring libapache2-mod-remoteip if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then - # Get public ip after firewall update - copy_of_pub_ip=$(curl -s vestacp.com/what-is-my-ip/) + copy_of_pub_ip=$pub_ip echo "" > /etc/apache2/mods-available/remoteip.conf echo " RemoteIPHeader X-Real-IP" >> /etc/apache2/mods-available/remoteip.conf if [ "$copy_of_ip" != "127.0.0.1" ] && [ "$copy_of_pub_ip" != "127.0.0.1" ]; then