diff --git a/install/debian/apache2.conf b/install/debian/7/apache2/apache2.conf similarity index 100% rename from install/debian/apache2.conf rename to install/debian/7/apache2/apache2.conf diff --git a/install/debian/apache2-status.conf b/install/debian/7/apache2/status.conf similarity index 100% rename from install/debian/apache2-status.conf rename to install/debian/7/apache2/status.conf diff --git a/install/debian/named.conf b/install/debian/7/bind/named.conf similarity index 100% rename from install/debian/named.conf rename to install/debian/7/bind/named.conf diff --git a/install/debian/clamd.conf b/install/debian/7/clamav/clamd.conf similarity index 100% rename from install/debian/clamd.conf rename to install/debian/7/clamav/clamd.conf diff --git a/install/debian/7/deb_signing.key b/install/debian/7/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/debian/7/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/7/dovecot.tar.gz b/install/debian/7/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/debian/7/dovecot.tar.gz differ diff --git a/install/debian/dovecot/conf.d/10-auth.conf b/install/debian/7/dovecot/conf.d/10-auth.conf similarity index 100% rename from install/debian/dovecot/conf.d/10-auth.conf rename to install/debian/7/dovecot/conf.d/10-auth.conf diff --git a/install/debian/dovecot/conf.d/10-logging.conf b/install/debian/7/dovecot/conf.d/10-logging.conf similarity index 100% rename from install/debian/dovecot/conf.d/10-logging.conf rename to install/debian/7/dovecot/conf.d/10-logging.conf diff --git a/install/debian/dovecot/conf.d/10-mail.conf b/install/debian/7/dovecot/conf.d/10-mail.conf similarity index 100% rename from install/debian/dovecot/conf.d/10-mail.conf rename to install/debian/7/dovecot/conf.d/10-mail.conf diff --git a/install/debian/dovecot/conf.d/10-master.conf b/install/debian/7/dovecot/conf.d/10-master.conf similarity index 100% rename from install/debian/dovecot/conf.d/10-master.conf rename to install/debian/7/dovecot/conf.d/10-master.conf diff --git a/install/debian/dovecot/conf.d/10-ssl.conf b/install/debian/7/dovecot/conf.d/10-ssl.conf similarity index 100% rename from install/debian/dovecot/conf.d/10-ssl.conf rename to install/debian/7/dovecot/conf.d/10-ssl.conf diff --git a/install/debian/dovecot/conf.d/20-imap.conf b/install/debian/7/dovecot/conf.d/20-imap.conf similarity index 100% rename from install/debian/dovecot/conf.d/20-imap.conf rename to install/debian/7/dovecot/conf.d/20-imap.conf diff --git a/install/debian/dovecot/conf.d/20-pop3.conf b/install/debian/7/dovecot/conf.d/20-pop3.conf similarity index 100% rename from install/debian/dovecot/conf.d/20-pop3.conf rename to install/debian/7/dovecot/conf.d/20-pop3.conf diff --git a/install/debian/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/7/dovecot/conf.d/auth-passwdfile.conf.ext similarity index 100% rename from install/debian/dovecot/conf.d/auth-passwdfile.conf.ext rename to install/debian/7/dovecot/conf.d/auth-passwdfile.conf.ext diff --git a/install/ubuntu/dovecot.conf b/install/debian/7/dovecot/dovecot.conf similarity index 100% rename from install/ubuntu/dovecot.conf rename to install/debian/7/dovecot/dovecot.conf diff --git a/install/debian/dnsbl.conf b/install/debian/7/exim/dnsbl.conf similarity index 100% rename from install/debian/dnsbl.conf rename to install/debian/7/exim/dnsbl.conf diff --git a/install/debian/exim4.conf.template b/install/debian/7/exim/exim4.conf.template similarity index 99% rename from install/debian/exim4.conf.template rename to install/debian/7/exim/exim4.conf.template index 64cd03fca..742f0409e 100644 --- a/install/debian/exim4.conf.template +++ b/install/debian/7/exim/exim4.conf.template @@ -108,7 +108,7 @@ acl_check_rcpt: require message = relay not permitted domains = +local_domains : +relay_to_domains - deny message = smtp auth required + deny message = smtp auth requried sender_domains = +local_domains !authenticated = * diff --git a/install/debian/spam-blocks.conf b/install/debian/7/exim/spam-blocks.conf similarity index 100% rename from install/debian/spam-blocks.conf rename to install/debian/7/exim/spam-blocks.conf diff --git a/install/debian/7/fail2ban.tar.gz b/install/debian/7/fail2ban.tar.gz new file mode 100644 index 000000000..628545b6b Binary files /dev/null and b/install/debian/7/fail2ban.tar.gz differ diff --git a/install/debian/7/fail2ban/action.d/vesta.conf b/install/debian/7/fail2ban/action.d/vesta.conf new file mode 100644 index 000000000..0edfc3491 --- /dev/null +++ b/install/debian/7/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/debian/fail2ban.filter.conf b/install/debian/7/fail2ban/filter.d/vesta.conf similarity index 100% rename from install/debian/fail2ban.filter.conf rename to install/debian/7/fail2ban/filter.d/vesta.conf diff --git a/install/debian/7/fail2ban/jail.local b/install/debian/7/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/debian/7/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/7/firewall.tar.gz b/install/debian/7/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/debian/7/firewall.tar.gz differ diff --git a/install/debian/firewall/ports.conf b/install/debian/7/firewall/ports.conf similarity index 93% rename from install/debian/firewall/ports.conf rename to install/debian/7/firewall/ports.conf index e970f91de..a6ef4dae5 100644 --- a/install/debian/firewall/ports.conf +++ b/install/debian/7/firewall/ports.conf @@ -11,6 +11,6 @@ PROTOCOL='TCP' PORT='143' PROTOCOL='TCP' PORT='3306' PROTOCOL='TCP' PORT='5432' PROTOCOL='TCP' PORT='8080' -PROTOCOL='TCP' PORT='8443' +PROTOCOL='TCP' PORT='8433' PROTOCOL='TCP' PORT='8083' PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/firewall/rules.conf b/install/debian/7/firewall/rules.conf similarity index 89% rename from install/debian/firewall/rules.conf rename to install/debian/7/firewall/rules.conf index 60136e1a5..956c2e1d9 100644 --- a/install/debian/firewall/rules.conf +++ b/install/debian/7/firewall/rules.conf @@ -1,6 +1,6 @@ RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='127.0.0.1/32' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' diff --git a/install/debian/apache2.log b/install/debian/7/logrotate/apache2 similarity index 100% rename from install/debian/apache2.log rename to install/debian/7/logrotate/apache2 diff --git a/install/debian/7/logrotate/nginx b/install/debian/7/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/debian/7/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/debian/vesta.log b/install/debian/7/logrotate/vesta similarity index 100% rename from install/debian/vesta.log rename to install/debian/7/logrotate/vesta diff --git a/install/debian/7/mysql/my-large.cnf b/install/debian/7/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/debian/7/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/my.cnf b/install/debian/7/mysql/my-medium.cnf similarity index 59% rename from install/ubuntu/my.cnf rename to install/debian/7/mysql/my-medium.cnf index 1b5ff1d24..1c10ab9a6 100644 --- a/install/ubuntu/my.cnf +++ b/install/debian/7/mysql/my-medium.cnf @@ -15,11 +15,26 @@ datadir=/var/lib/mysql tmpdir=/tmp lc-messages-dir=/usr/share/mysql log_error=/var/log/mysql/error.log -max_connections=200 -max_user_connections=30 -wait_timeout=30 -interactive_timeout=50 -long_query_time=5 + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 innodb_file_per_table +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + !includedir /etc/mysql/conf.d/ diff --git a/install/debian/7/mysql/my-small.cnf b/install/debian/7/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/debian/7/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/nginx.conf b/install/debian/7/nginx/nginx.conf similarity index 100% rename from install/debian/nginx.conf rename to install/debian/7/nginx/nginx.conf diff --git a/install/debian/7/nginx/phpmyadmin.inc b/install/debian/7/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/debian/7/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/7/nginx/phppgadmin.inc b/install/debian/7/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/debian/7/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/nginx-status.conf b/install/debian/7/nginx/status.conf similarity index 100% rename from install/debian/nginx-status.conf rename to install/debian/7/nginx/status.conf diff --git a/install/debian/7/nginx/webmail.inc b/install/debian/7/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/debian/7/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/7/packages.tar.gz b/install/debian/7/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/debian/7/packages.tar.gz differ diff --git a/install/debian/packages/default.pkg b/install/debian/7/packages/default.pkg similarity index 100% rename from install/debian/packages/default.pkg rename to install/debian/7/packages/default.pkg diff --git a/install/debian/packages/gainsboro.pkg b/install/debian/7/packages/gainsboro.pkg similarity index 100% rename from install/debian/packages/gainsboro.pkg rename to install/debian/7/packages/gainsboro.pkg diff --git a/install/debian/packages/palegreen.pkg b/install/debian/7/packages/palegreen.pkg similarity index 100% rename from install/debian/packages/palegreen.pkg rename to install/debian/7/packages/palegreen.pkg diff --git a/install/debian/packages/slategrey.pkg b/install/debian/7/packages/slategrey.pkg similarity index 100% rename from install/debian/packages/slategrey.pkg rename to install/debian/7/packages/slategrey.pkg diff --git a/install/debian/pga.conf b/install/debian/7/pga/config.inc.php similarity index 100% rename from install/debian/pga.conf rename to install/debian/7/pga/config.inc.php diff --git a/install/debian/apache2-pga.conf b/install/debian/7/pga/phppgadmin.conf similarity index 100% rename from install/debian/apache2-pga.conf rename to install/debian/7/pga/phppgadmin.conf diff --git a/install/debian/apache2-pma.conf b/install/debian/7/pma/apache.conf similarity index 100% rename from install/debian/apache2-pma.conf rename to install/debian/7/pma/apache.conf diff --git a/install/debian/pma.conf b/install/debian/7/pma/config.inc.php similarity index 100% rename from install/debian/pma.conf rename to install/debian/7/pma/config.inc.php diff --git a/install/debian/pg_hba.conf b/install/debian/7/postgresql/pg_hba.conf similarity index 100% rename from install/debian/pg_hba.conf rename to install/debian/7/postgresql/pg_hba.conf diff --git a/install/ubuntu/proftpd.conf b/install/debian/7/proftpd/proftpd.conf similarity index 100% rename from install/ubuntu/proftpd.conf rename to install/debian/7/proftpd/proftpd.conf diff --git a/install/debian/apache2-webmail.conf b/install/debian/7/roundcube/apache.conf similarity index 100% rename from install/debian/apache2-webmail.conf rename to install/debian/7/roundcube/apache.conf diff --git a/install/debian/roundcube-pw.conf b/install/debian/7/roundcube/config.inc.php similarity index 100% rename from install/debian/roundcube-pw.conf rename to install/debian/7/roundcube/config.inc.php diff --git a/install/debian/roundcube-db.conf b/install/debian/7/roundcube/db.inc.php similarity index 100% rename from install/debian/roundcube-db.conf rename to install/debian/7/roundcube/db.inc.php diff --git a/install/debian/roundcube-main.conf b/install/debian/7/roundcube/main.inc.php similarity index 100% rename from install/debian/roundcube-main.conf rename to install/debian/7/roundcube/main.inc.php diff --git a/install/debian/roundcube-driver.php b/install/debian/7/roundcube/vesta.php similarity index 100% rename from install/debian/roundcube-driver.php rename to install/debian/7/roundcube/vesta.php diff --git a/install/debian/sudoers.admin.conf b/install/debian/7/sudo/admin similarity index 56% rename from install/debian/sudoers.admin.conf rename to install/debian/7/sudo/admin index b4f870395..47e16098c 100644 --- a/install/debian/sudoers.admin.conf +++ b/install/debian/7/sudo/admin @@ -1,3 +1,7 @@ # Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + admin ALL=(ALL) ALL admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/7/templates.tar.gz b/install/debian/7/templates.tar.gz new file mode 100644 index 000000000..1373401e3 Binary files /dev/null and b/install/debian/7/templates.tar.gz differ diff --git a/install/debian/templates/dns/child-ns.tpl b/install/debian/7/templates/dns/child-ns.tpl similarity index 100% rename from install/debian/templates/dns/child-ns.tpl rename to install/debian/7/templates/dns/child-ns.tpl diff --git a/install/debian/7/templates/dns/default.tpl b/install/debian/7/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/debian/7/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/templates/dns/gmail.tpl b/install/debian/7/templates/dns/gmail.tpl similarity index 100% rename from install/debian/templates/dns/gmail.tpl rename to install/debian/7/templates/dns/gmail.tpl diff --git a/install/debian/templates/web/apache2/basedir.stpl b/install/debian/7/templates/web/apache2/basedir.stpl similarity index 86% rename from install/debian/templates/web/apache2/basedir.stpl rename to install/debian/7/templates/web/apache2/basedir.stpl index 269c09711..96de57af7 100755 --- a/install/debian/templates/web/apache2/basedir.stpl +++ b/install/debian/7/templates/web/apache2/basedir.stpl @@ -15,9 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp - php_admin_value upload_tmp_dir %home%/%user%/tmp - php_admin_value session.save_path %home%/%user%/tmp + php_admin_value open_basedir %docroot% AllowOverride All diff --git a/install/ubuntu/templates/web/apache2/basedir.tpl b/install/debian/7/templates/web/apache2/basedir.tpl similarity index 84% rename from install/ubuntu/templates/web/apache2/basedir.tpl rename to install/debian/7/templates/web/apache2/basedir.tpl index c24b12796..07ec38c98 100755 --- a/install/ubuntu/templates/web/apache2/basedir.tpl +++ b/install/debian/7/templates/web/apache2/basedir.tpl @@ -14,9 +14,7 @@ AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp - php_admin_value upload_tmp_dir %home%/%user%/tmp - php_admin_value session.save_path %home%/%user%/tmp + php_admin_value open_basedir %docroot% AllowOverride All diff --git a/install/debian/templates/web/apache2/default.stpl b/install/debian/7/templates/web/apache2/default.stpl similarity index 100% rename from install/debian/templates/web/apache2/default.stpl rename to install/debian/7/templates/web/apache2/default.stpl diff --git a/install/debian/templates/web/apache2/default.tpl b/install/debian/7/templates/web/apache2/default.tpl similarity index 100% rename from install/debian/templates/web/apache2/default.tpl rename to install/debian/7/templates/web/apache2/default.tpl diff --git a/install/debian/templates/web/apache2/hosting.stpl b/install/debian/7/templates/web/apache2/hosting.stpl similarity index 100% rename from install/debian/templates/web/apache2/hosting.stpl rename to install/debian/7/templates/web/apache2/hosting.stpl diff --git a/install/debian/templates/web/apache2/hosting.tpl b/install/debian/7/templates/web/apache2/hosting.tpl similarity index 100% rename from install/debian/templates/web/apache2/hosting.tpl rename to install/debian/7/templates/web/apache2/hosting.tpl diff --git a/install/debian/templates/web/apache2/phpcgi.sh b/install/debian/7/templates/web/apache2/phpcgi.sh similarity index 100% rename from install/debian/templates/web/apache2/phpcgi.sh rename to install/debian/7/templates/web/apache2/phpcgi.sh diff --git a/install/debian/templates/web/apache2/phpcgi.stpl b/install/debian/7/templates/web/apache2/phpcgi.stpl similarity index 100% rename from install/debian/templates/web/apache2/phpcgi.stpl rename to install/debian/7/templates/web/apache2/phpcgi.stpl diff --git a/install/debian/templates/web/apache2/phpcgi.tpl b/install/debian/7/templates/web/apache2/phpcgi.tpl similarity index 100% rename from install/debian/templates/web/apache2/phpcgi.tpl rename to install/debian/7/templates/web/apache2/phpcgi.tpl diff --git a/install/debian/templates/web/apache2/phpfcgid.sh b/install/debian/7/templates/web/apache2/phpfcgid.sh similarity index 100% rename from install/debian/templates/web/apache2/phpfcgid.sh rename to install/debian/7/templates/web/apache2/phpfcgid.sh diff --git a/install/debian/templates/web/apache2/phpfcgid.stpl b/install/debian/7/templates/web/apache2/phpfcgid.stpl similarity index 100% rename from install/debian/templates/web/apache2/phpfcgid.stpl rename to install/debian/7/templates/web/apache2/phpfcgid.stpl diff --git a/install/debian/templates/web/apache2/phpfcgid.tpl b/install/debian/7/templates/web/apache2/phpfcgid.tpl similarity index 100% rename from install/debian/templates/web/apache2/phpfcgid.tpl rename to install/debian/7/templates/web/apache2/phpfcgid.tpl diff --git a/install/debian/templates/web/awstats/awstats.tpl b/install/debian/7/templates/web/awstats/awstats.tpl similarity index 100% rename from install/debian/templates/web/awstats/awstats.tpl rename to install/debian/7/templates/web/awstats/awstats.tpl diff --git a/install/debian/templates/web/awstats/index.tpl b/install/debian/7/templates/web/awstats/index.tpl similarity index 100% rename from install/debian/templates/web/awstats/index.tpl rename to install/debian/7/templates/web/awstats/index.tpl diff --git a/install/debian/templates/web/awstats/nav.tpl b/install/debian/7/templates/web/awstats/nav.tpl similarity index 100% rename from install/debian/templates/web/awstats/nav.tpl rename to install/debian/7/templates/web/awstats/nav.tpl diff --git a/install/debian/templates/web/nginx/caching.stpl b/install/debian/7/templates/web/nginx/caching.stpl similarity index 100% rename from install/debian/templates/web/nginx/caching.stpl rename to install/debian/7/templates/web/nginx/caching.stpl diff --git a/install/debian/templates/web/nginx/caching.tpl b/install/debian/7/templates/web/nginx/caching.tpl similarity index 100% rename from install/debian/templates/web/nginx/caching.tpl rename to install/debian/7/templates/web/nginx/caching.tpl diff --git a/install/debian/templates/web/nginx/default.stpl b/install/debian/7/templates/web/nginx/default.stpl similarity index 100% rename from install/debian/templates/web/nginx/default.stpl rename to install/debian/7/templates/web/nginx/default.stpl diff --git a/install/debian/templates/web/nginx/default.tpl b/install/debian/7/templates/web/nginx/default.tpl similarity index 100% rename from install/debian/templates/web/nginx/default.tpl rename to install/debian/7/templates/web/nginx/default.tpl diff --git a/install/debian/templates/web/nginx/hosting.sh b/install/debian/7/templates/web/nginx/hosting.sh similarity index 100% rename from install/debian/templates/web/nginx/hosting.sh rename to install/debian/7/templates/web/nginx/hosting.sh diff --git a/install/debian/templates/web/nginx/hosting.stpl b/install/debian/7/templates/web/nginx/hosting.stpl similarity index 100% rename from install/debian/templates/web/nginx/hosting.stpl rename to install/debian/7/templates/web/nginx/hosting.stpl diff --git a/install/debian/templates/web/nginx/hosting.tpl b/install/debian/7/templates/web/nginx/hosting.tpl similarity index 100% rename from install/debian/templates/web/nginx/hosting.tpl rename to install/debian/7/templates/web/nginx/hosting.tpl diff --git a/install/debian/7/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/debian/7/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/debian/7/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/debian/7/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/debian/7/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/debian/7/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/debian/7/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/debian/7/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/debian/7/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/default.stpl b/install/debian/7/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/default.tpl b/install/debian/7/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/debian/7/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/debian/7/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/joomla.stpl b/install/debian/7/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/joomla.tpl b/install/debian/7/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/owncloud.stpl b/install/debian/7/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/owncloud.tpl b/install/debian/7/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/piwik.stpl b/install/debian/7/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/piwik.tpl b/install/debian/7/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress.stpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress.tpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/www.conf b/install/debian/7/templates/web/nginx/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/debian/templates/web/nginx/proxy_ip.tpl b/install/debian/7/templates/web/nginx/proxy_ip.tpl similarity index 100% rename from install/debian/templates/web/nginx/proxy_ip.tpl rename to install/debian/7/templates/web/nginx/proxy_ip.tpl diff --git a/install/debian/7/templates/web/php5-fpm/default.tpl b/install/debian/7/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/debian/7/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/debian/7/templates/web/php5-fpm/no-php.tpl b/install/debian/7/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/debian/7/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/debian/7/templates/web/php5-fpm/socket.tpl b/install/debian/7/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/debian/7/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/debian/7/templates/web/skel/document_errors/403.html b/install/debian/7/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/debian/7/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/debian/7/templates/web/skel/document_errors/404.html b/install/debian/7/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/debian/7/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/debian/7/templates/web/skel/document_errors/50x.html b/install/debian/7/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/debian/7/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/debian/templates/web/skel/public_html/index.html b/install/debian/7/templates/web/skel/public_html/index.html similarity index 100% rename from install/debian/templates/web/skel/public_html/index.html rename to install/debian/7/templates/web/skel/public_html/index.html diff --git a/install/debian/templates/web/skel/public_html/robots.txt b/install/debian/7/templates/web/skel/public_html/robots.txt similarity index 100% rename from install/debian/templates/web/skel/public_html/robots.txt rename to install/debian/7/templates/web/skel/public_html/robots.txt diff --git a/install/debian/templates/web/skel/public_shtml/index.html b/install/debian/7/templates/web/skel/public_shtml/index.html similarity index 100% rename from install/debian/templates/web/skel/public_shtml/index.html rename to install/debian/7/templates/web/skel/public_shtml/index.html diff --git a/install/debian/templates/web/skel/public_shtml/robots.txt b/install/debian/7/templates/web/skel/public_shtml/robots.txt similarity index 100% rename from install/debian/templates/web/skel/public_shtml/robots.txt rename to install/debian/7/templates/web/skel/public_shtml/robots.txt diff --git a/install/debian/templates/web/suspend/.htaccess b/install/debian/7/templates/web/suspend/.htaccess similarity index 100% rename from install/debian/templates/web/suspend/.htaccess rename to install/debian/7/templates/web/suspend/.htaccess diff --git a/install/debian/7/templates/web/suspend/index.html b/install/debian/7/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/debian/7/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/debian/templates/web/webalizer/webalizer.tpl b/install/debian/7/templates/web/webalizer/webalizer.tpl similarity index 100% rename from install/debian/templates/web/webalizer/webalizer.tpl rename to install/debian/7/templates/web/webalizer/webalizer.tpl diff --git a/install/debian/vsftpd.conf b/install/debian/7/vsftpd/vsftpd.conf similarity index 100% rename from install/debian/vsftpd.conf rename to install/debian/7/vsftpd/vsftpd.conf diff --git a/install/ubuntu/apache2.conf b/install/debian/8/apache2/apache2.conf similarity index 98% rename from install/ubuntu/apache2.conf rename to install/debian/8/apache2/apache2.conf index 140acee09..221780117 100644 --- a/install/ubuntu/apache2.conf +++ b/install/debian/8/apache2/apache2.conf @@ -11,7 +11,6 @@ # | `-- * # Global configuration -LockFile ${APACHE_LOCK_DIR}/accept.lock PidFile ${APACHE_PID_FILE} Timeout 30 KeepAlive Off diff --git a/install/ubuntu/apache2-status.conf b/install/debian/8/apache2/status.conf similarity index 100% rename from install/ubuntu/apache2-status.conf rename to install/debian/8/apache2/status.conf diff --git a/install/ubuntu/named.conf b/install/debian/8/bind/named.conf similarity index 100% rename from install/ubuntu/named.conf rename to install/debian/8/bind/named.conf diff --git a/install/ubuntu/clamd.conf b/install/debian/8/clamav/clamd.conf similarity index 100% rename from install/ubuntu/clamd.conf rename to install/debian/8/clamav/clamd.conf diff --git a/install/debian/8/deb_signing.key b/install/debian/8/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/debian/8/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/8/dovecot.tar.gz b/install/debian/8/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/debian/8/dovecot.tar.gz differ diff --git a/install/rhel/dovecot/conf.d/10-auth.conf b/install/debian/8/dovecot/conf.d/10-auth.conf similarity index 100% rename from install/rhel/dovecot/conf.d/10-auth.conf rename to install/debian/8/dovecot/conf.d/10-auth.conf diff --git a/install/rhel/dovecot/conf.d/10-logging.conf b/install/debian/8/dovecot/conf.d/10-logging.conf similarity index 100% rename from install/rhel/dovecot/conf.d/10-logging.conf rename to install/debian/8/dovecot/conf.d/10-logging.conf diff --git a/install/rhel/dovecot/conf.d/10-mail.conf b/install/debian/8/dovecot/conf.d/10-mail.conf similarity index 100% rename from install/rhel/dovecot/conf.d/10-mail.conf rename to install/debian/8/dovecot/conf.d/10-mail.conf diff --git a/install/rhel/dovecot/conf.d/10-master.conf b/install/debian/8/dovecot/conf.d/10-master.conf similarity index 100% rename from install/rhel/dovecot/conf.d/10-master.conf rename to install/debian/8/dovecot/conf.d/10-master.conf diff --git a/install/ubuntu/dovecot/conf.d/10-ssl.conf b/install/debian/8/dovecot/conf.d/10-ssl.conf similarity index 100% rename from install/ubuntu/dovecot/conf.d/10-ssl.conf rename to install/debian/8/dovecot/conf.d/10-ssl.conf diff --git a/install/debian/8/dovecot/conf.d/20-imap.conf b/install/debian/8/dovecot/conf.d/20-imap.conf new file mode 100644 index 000000000..1a459f8e4 --- /dev/null +++ b/install/debian/8/dovecot/conf.d/20-imap.conf @@ -0,0 +1,58 @@ +## +## IMAP specific settings +## + +protocol imap { + # Maximum IMAP command line length. Some clients generate very long command + # lines with huge mailboxes, so you may need to raise this if you get + # "Too long argument" or "IMAP command line too large" errors often. + #imap_max_line_length = 64k + + # Maximum number of IMAP connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # IMAP logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + #imap_logout_format = bytes=%i/%o + + # Override the IMAP CAPABILITY response. If the value begins with '+', + # add the given capabilities on top of the defaults (e.g. +XFOO XBAR). + #imap_capability = + + # How long to wait between "OK Still here" notifications when client is + # IDLEing. + #imap_idle_notify_interval = 2 mins + + # ID field names and values to send to clients. Using * as the value makes + # Dovecot use the default value. The following fields have default values + # currently: name, version, os, os-version, support-url, support-email. + #imap_id_send = + + # ID fields sent by client to log. * means everything. + #imap_id_log = + + # Workarounds for various client bugs: + # delay-newmail: + # Send EXISTS/RECENT new mail notifications only when replying to NOOP + # and CHECK commands. Some clients ignore them otherwise, for example OSX + # Mail ( +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/rhel/fail2ban.filter.conf b/install/debian/8/fail2ban/filter.d/vesta.conf similarity index 100% rename from install/rhel/fail2ban.filter.conf rename to install/debian/8/fail2ban/filter.d/vesta.conf diff --git a/install/debian/8/fail2ban/jail.local b/install/debian/8/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/debian/8/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/8/firewall.tar.gz b/install/debian/8/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/debian/8/firewall.tar.gz differ diff --git a/install/rhel/firewall/ports.conf b/install/debian/8/firewall/ports.conf similarity index 93% rename from install/rhel/firewall/ports.conf rename to install/debian/8/firewall/ports.conf index e970f91de..a6ef4dae5 100644 --- a/install/rhel/firewall/ports.conf +++ b/install/debian/8/firewall/ports.conf @@ -11,6 +11,6 @@ PROTOCOL='TCP' PORT='143' PROTOCOL='TCP' PORT='3306' PROTOCOL='TCP' PORT='5432' PROTOCOL='TCP' PORT='8080' -PROTOCOL='TCP' PORT='8443' +PROTOCOL='TCP' PORT='8433' PROTOCOL='TCP' PORT='8083' PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/firewall/rules.conf b/install/debian/8/firewall/rules.conf similarity index 89% rename from install/rhel/firewall/rules.conf rename to install/debian/8/firewall/rules.conf index 60136e1a5..956c2e1d9 100644 --- a/install/rhel/firewall/rules.conf +++ b/install/debian/8/firewall/rules.conf @@ -1,6 +1,6 @@ RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='127.0.0.1/32' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' diff --git a/install/ubuntu/apache2.log b/install/debian/8/logrotate/apache2 similarity index 100% rename from install/ubuntu/apache2.log rename to install/debian/8/logrotate/apache2 diff --git a/install/debian/8/logrotate/nginx b/install/debian/8/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/debian/8/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/rhel/vesta.log b/install/debian/8/logrotate/vesta similarity index 100% rename from install/rhel/vesta.log rename to install/debian/8/logrotate/vesta diff --git a/install/debian/8/mysql/my-large.cnf b/install/debian/8/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/debian/8/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/my.cnf b/install/debian/8/mysql/my-medium.cnf similarity index 59% rename from install/debian/my.cnf rename to install/debian/8/mysql/my-medium.cnf index 1b5ff1d24..1c10ab9a6 100644 --- a/install/debian/my.cnf +++ b/install/debian/8/mysql/my-medium.cnf @@ -15,11 +15,26 @@ datadir=/var/lib/mysql tmpdir=/tmp lc-messages-dir=/usr/share/mysql log_error=/var/log/mysql/error.log -max_connections=200 -max_user_connections=30 -wait_timeout=30 -interactive_timeout=50 -long_query_time=5 + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 innodb_file_per_table +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + !includedir /etc/mysql/conf.d/ diff --git a/install/debian/8/mysql/my-small.cnf b/install/debian/8/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/debian/8/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/rhel/nginx.conf b/install/debian/8/nginx/nginx.conf similarity index 99% rename from install/rhel/nginx.conf rename to install/debian/8/nginx/nginx.conf index f7a77b52d..7937301c1 100644 --- a/install/rhel/nginx.conf +++ b/install/debian/8/nginx/nginx.conf @@ -1,5 +1,5 @@ # Server globals -user nginx; +user www-data; worker_processes 2; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; @@ -106,8 +106,8 @@ http { # Cache proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; - proxy_temp_path /var/cache/nginx/temp; proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; proxy_ignore_headers Expires Cache-Control; proxy_cache_use_stale error timeout invalid_header http_502; proxy_cache_valid any 3d; diff --git a/install/debian/8/nginx/phpmyadmin.inc b/install/debian/8/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/debian/8/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/8/nginx/phppgadmin.inc b/install/debian/8/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/debian/8/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/nginx-status.conf b/install/debian/8/nginx/status.conf similarity index 100% rename from install/rhel/nginx-status.conf rename to install/debian/8/nginx/status.conf diff --git a/install/debian/8/nginx/webmail.inc b/install/debian/8/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/debian/8/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/8/packages.tar.gz b/install/debian/8/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/debian/8/packages.tar.gz differ diff --git a/install/rhel/packages/default.pkg b/install/debian/8/packages/default.pkg similarity index 100% rename from install/rhel/packages/default.pkg rename to install/debian/8/packages/default.pkg diff --git a/install/rhel/packages/gainsboro.pkg b/install/debian/8/packages/gainsboro.pkg similarity index 100% rename from install/rhel/packages/gainsboro.pkg rename to install/debian/8/packages/gainsboro.pkg diff --git a/install/rhel/packages/palegreen.pkg b/install/debian/8/packages/palegreen.pkg similarity index 100% rename from install/rhel/packages/palegreen.pkg rename to install/debian/8/packages/palegreen.pkg diff --git a/install/rhel/packages/slategrey.pkg b/install/debian/8/packages/slategrey.pkg similarity index 100% rename from install/rhel/packages/slategrey.pkg rename to install/debian/8/packages/slategrey.pkg diff --git a/install/rhel/pga.conf b/install/debian/8/pga/config.inc.php similarity index 100% rename from install/rhel/pga.conf rename to install/debian/8/pga/config.inc.php diff --git a/install/ubuntu/apache2-pga.conf b/install/debian/8/pga/phppgadmin.conf similarity index 100% rename from install/ubuntu/apache2-pga.conf rename to install/debian/8/pga/phppgadmin.conf diff --git a/install/debian/8/php5-fpm/www.conf b/install/debian/8/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/debian/8/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/ubuntu/apache2-pma.conf b/install/debian/8/pma/apache.conf similarity index 92% rename from install/ubuntu/apache2-pma.conf rename to install/debian/8/pma/apache.conf index 037a42862..2a8f69e25 100644 --- a/install/ubuntu/apache2-pma.conf +++ b/install/debian/8/pma/apache.conf @@ -15,7 +15,7 @@ Alias /phpmyadmin /usr/share/phpmyadmin php_admin_flag allow_url_fopen Off php_value include_path . php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp - php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript: + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext diff --git a/install/ubuntu/pma.conf b/install/debian/8/pma/config.inc.php similarity index 100% rename from install/ubuntu/pma.conf rename to install/debian/8/pma/config.inc.php diff --git a/install/rhel/pg_hba.conf b/install/debian/8/postgresql/pg_hba.conf similarity index 100% rename from install/rhel/pg_hba.conf rename to install/debian/8/postgresql/pg_hba.conf diff --git a/install/debian/8/proftpd/proftpd.conf b/install/debian/8/proftpd/proftpd.conf new file mode 100644 index 000000000..69ec6b2ec --- /dev/null +++ b/install/debian/8/proftpd/proftpd.conf @@ -0,0 +1,32 @@ +ServerName "FTP" +ServerIdent on "FTP Server ready." +ServerAdmin root@localhost +DefaultServer on +DefaultRoot ~ !adm + + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/apache2-webmail.conf b/install/debian/8/roundcube/apache.conf similarity index 100% rename from install/ubuntu/apache2-webmail.conf rename to install/debian/8/roundcube/apache.conf diff --git a/install/rhel/roundcube-pw.conf b/install/debian/8/roundcube/config.inc.php similarity index 100% rename from install/rhel/roundcube-pw.conf rename to install/debian/8/roundcube/config.inc.php diff --git a/install/rhel/roundcube-db.conf b/install/debian/8/roundcube/db.inc.php similarity index 100% rename from install/rhel/roundcube-db.conf rename to install/debian/8/roundcube/db.inc.php diff --git a/install/rhel/roundcube-main.conf b/install/debian/8/roundcube/main.inc.php similarity index 99% rename from install/rhel/roundcube-main.conf rename to install/debian/8/roundcube/main.inc.php index a6e1fc2ee..97cdbf2df 100644 --- a/install/rhel/roundcube-main.conf +++ b/install/debian/8/roundcube/main.inc.php @@ -175,6 +175,8 @@ $rcmail_config['smtp_timeout'] = 0; // ---------------------------------- // SYSTEM // ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + // THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. // ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! @@ -437,6 +439,7 @@ $rcmail_config['trash_mbox'] = 'Trash'; // these folders will also be displayed with localized names // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) $rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); // automatically create the above listed default folders on first login $rcmail_config['create_default_folders'] = true; diff --git a/install/ubuntu/roundcube-driver.php b/install/debian/8/roundcube/vesta.php similarity index 100% rename from install/ubuntu/roundcube-driver.php rename to install/debian/8/roundcube/vesta.php diff --git a/install/rhel/sudoers.admin.conf b/install/debian/8/sudo/admin similarity index 56% rename from install/rhel/sudoers.admin.conf rename to install/debian/8/sudo/admin index b4f870395..47e16098c 100644 --- a/install/rhel/sudoers.admin.conf +++ b/install/debian/8/sudo/admin @@ -1,3 +1,7 @@ # Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + admin ALL=(ALL) ALL admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/8/templates.tar.gz b/install/debian/8/templates.tar.gz new file mode 100644 index 000000000..ce385d269 Binary files /dev/null and b/install/debian/8/templates.tar.gz differ diff --git a/install/rhel/templates/dns/child-ns.tpl b/install/debian/8/templates/dns/child-ns.tpl similarity index 100% rename from install/rhel/templates/dns/child-ns.tpl rename to install/debian/8/templates/dns/child-ns.tpl diff --git a/install/debian/templates/dns/default.tpl b/install/debian/8/templates/dns/default.tpl similarity index 100% rename from install/debian/templates/dns/default.tpl rename to install/debian/8/templates/dns/default.tpl diff --git a/install/rhel/templates/dns/gmail.tpl b/install/debian/8/templates/dns/gmail.tpl similarity index 100% rename from install/rhel/templates/dns/gmail.tpl rename to install/debian/8/templates/dns/gmail.tpl diff --git a/install/debian/8/templates/web/apache2/basedir.stpl b/install/debian/8/templates/web/apache2/basedir.stpl new file mode 100755 index 000000000..3f71e6999 --- /dev/null +++ b/install/debian/8/templates/web/apache2/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/8/templates/web/apache2/basedir.tpl b/install/debian/8/templates/web/apache2/basedir.tpl new file mode 100755 index 000000000..75daf0e10 --- /dev/null +++ b/install/debian/8/templates/web/apache2/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/8/templates/web/apache2/default.stpl b/install/debian/8/templates/web/apache2/default.stpl new file mode 100755 index 000000000..e884a95b9 --- /dev/null +++ b/install/debian/8/templates/web/apache2/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/8/templates/web/apache2/default.tpl b/install/debian/8/templates/web/apache2/default.tpl new file mode 100755 index 000000000..073724ce0 --- /dev/null +++ b/install/debian/8/templates/web/apache2/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/templates/web/apache2/hosting.stpl b/install/debian/8/templates/web/apache2/hosting.stpl similarity index 96% rename from install/ubuntu/templates/web/apache2/hosting.stpl rename to install/debian/8/templates/web/apache2/hosting.stpl index c1c91e22e..7a5d7787f 100755 --- a/install/ubuntu/templates/web/apache2/hosting.stpl +++ b/install/debian/8/templates/web/apache2/hosting.stpl @@ -43,7 +43,7 @@ AssignUserID %user% %group% - Include %home%/%user%/conf/web/s%web_system%.%domain%.conf* + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* diff --git a/install/ubuntu/templates/web/apache2/hosting.tpl b/install/debian/8/templates/web/apache2/hosting.tpl similarity index 95% rename from install/ubuntu/templates/web/apache2/hosting.tpl rename to install/debian/8/templates/web/apache2/hosting.tpl index 8f3ec012a..ab844dc74 100755 --- a/install/ubuntu/templates/web/apache2/hosting.tpl +++ b/install/debian/8/templates/web/apache2/hosting.tpl @@ -37,7 +37,7 @@ AssignUserID %user% %group% - Include %home%/%user%/conf/web/%web_system%.%domain%.conf* + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* diff --git a/install/rhel/templates/web/httpd/phpcgi.sh b/install/debian/8/templates/web/apache2/phpcgi.sh similarity index 100% rename from install/rhel/templates/web/httpd/phpcgi.sh rename to install/debian/8/templates/web/apache2/phpcgi.sh diff --git a/install/ubuntu/templates/web/apache2/phpcgi.stpl b/install/debian/8/templates/web/apache2/phpcgi.stpl similarity index 93% rename from install/ubuntu/templates/web/apache2/phpcgi.stpl rename to install/debian/8/templates/web/apache2/phpcgi.stpl index 58c4baf90..aa5137308 100755 --- a/install/ubuntu/templates/web/apache2/phpcgi.stpl +++ b/install/debian/8/templates/web/apache2/phpcgi.stpl @@ -29,7 +29,7 @@ SSLCertificateKeyFile %ssl_key% %ssl_ca_str%SSLCertificateChainFile %ssl_ca% - Include %home%/%user%/conf/web/s%web_system%.%domain%.conf* + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* diff --git a/install/ubuntu/templates/web/apache2/phpcgi.tpl b/install/debian/8/templates/web/apache2/phpcgi.tpl similarity index 92% rename from install/ubuntu/templates/web/apache2/phpcgi.tpl rename to install/debian/8/templates/web/apache2/phpcgi.tpl index 21be2cdd7..a05ff252d 100755 --- a/install/ubuntu/templates/web/apache2/phpcgi.tpl +++ b/install/debian/8/templates/web/apache2/phpcgi.tpl @@ -22,7 +22,7 @@ AllowOverride All - Include %home%/%user%/conf/web/%web_system%.%domain%.conf* + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* diff --git a/install/rhel/templates/web/httpd/phpfcgid.sh b/install/debian/8/templates/web/apache2/phpfcgid.sh similarity index 100% rename from install/rhel/templates/web/httpd/phpfcgid.sh rename to install/debian/8/templates/web/apache2/phpfcgid.sh diff --git a/install/ubuntu/templates/web/apache2/phpfcgid.stpl b/install/debian/8/templates/web/apache2/phpfcgid.stpl similarity index 94% rename from install/ubuntu/templates/web/apache2/phpfcgid.stpl rename to install/debian/8/templates/web/apache2/phpfcgid.stpl index 20a580093..622495756 100755 --- a/install/ubuntu/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/8/templates/web/apache2/phpfcgid.stpl @@ -30,7 +30,7 @@ SSLCertificateKeyFile %ssl_key% %ssl_ca_str%SSLCertificateChainFile %ssl_ca% - Include %home%/%user%/conf/web/s%web_system%.%domain%.conf* + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* diff --git a/install/ubuntu/templates/web/apache2/phpfcgid.tpl b/install/debian/8/templates/web/apache2/phpfcgid.tpl similarity index 92% rename from install/ubuntu/templates/web/apache2/phpfcgid.tpl rename to install/debian/8/templates/web/apache2/phpfcgid.tpl index 72e7d8d44..5c1f16e20 100755 --- a/install/ubuntu/templates/web/apache2/phpfcgid.tpl +++ b/install/debian/8/templates/web/apache2/phpfcgid.tpl @@ -22,7 +22,7 @@ AllowOverride All - Include %home%/%user%/conf/web/%web_system%.%domain%.conf* + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* diff --git a/install/rhel/templates/web/awstats/awstats.tpl b/install/debian/8/templates/web/awstats/awstats.tpl similarity index 100% rename from install/rhel/templates/web/awstats/awstats.tpl rename to install/debian/8/templates/web/awstats/awstats.tpl diff --git a/install/rhel/templates/web/awstats/index.tpl b/install/debian/8/templates/web/awstats/index.tpl similarity index 100% rename from install/rhel/templates/web/awstats/index.tpl rename to install/debian/8/templates/web/awstats/index.tpl diff --git a/install/rhel/templates/web/awstats/nav.tpl b/install/debian/8/templates/web/awstats/nav.tpl similarity index 100% rename from install/rhel/templates/web/awstats/nav.tpl rename to install/debian/8/templates/web/awstats/nav.tpl diff --git a/install/debian/8/templates/web/nginx/caching.sh b/install/debian/8/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/debian/8/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/rhel/templates/web/nginx/caching.stpl b/install/debian/8/templates/web/nginx/caching.stpl similarity index 100% rename from install/rhel/templates/web/nginx/caching.stpl rename to install/debian/8/templates/web/nginx/caching.stpl diff --git a/install/rhel/templates/web/nginx/caching.tpl b/install/debian/8/templates/web/nginx/caching.tpl similarity index 100% rename from install/rhel/templates/web/nginx/caching.tpl rename to install/debian/8/templates/web/nginx/caching.tpl diff --git a/install/ubuntu/templates/web/nginx/default.stpl b/install/debian/8/templates/web/nginx/default.stpl similarity index 100% rename from install/ubuntu/templates/web/nginx/default.stpl rename to install/debian/8/templates/web/nginx/default.stpl diff --git a/install/ubuntu/templates/web/nginx/default.tpl b/install/debian/8/templates/web/nginx/default.tpl similarity index 100% rename from install/ubuntu/templates/web/nginx/default.tpl rename to install/debian/8/templates/web/nginx/default.tpl diff --git a/install/rhel/templates/web/nginx/hosting.sh b/install/debian/8/templates/web/nginx/hosting.sh similarity index 100% rename from install/rhel/templates/web/nginx/hosting.sh rename to install/debian/8/templates/web/nginx/hosting.sh diff --git a/install/ubuntu/templates/web/nginx/hosting.stpl b/install/debian/8/templates/web/nginx/hosting.stpl similarity index 100% rename from install/ubuntu/templates/web/nginx/hosting.stpl rename to install/debian/8/templates/web/nginx/hosting.stpl diff --git a/install/ubuntu/templates/web/nginx/hosting.tpl b/install/debian/8/templates/web/nginx/hosting.tpl similarity index 100% rename from install/ubuntu/templates/web/nginx/hosting.tpl rename to install/debian/8/templates/web/nginx/hosting.tpl diff --git a/install/debian/8/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/debian/8/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/debian/8/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/debian/8/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/debian/8/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/debian/8/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/debian/8/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/debian/8/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/debian/8/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/default.stpl b/install/debian/8/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/default.tpl b/install/debian/8/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/debian/8/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/debian/8/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/joomla.stpl b/install/debian/8/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/joomla.tpl b/install/debian/8/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/owncloud.stpl b/install/debian/8/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/owncloud.tpl b/install/debian/8/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/piwik.stpl b/install/debian/8/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/piwik.tpl b/install/debian/8/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress.stpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress.tpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/templates/web/nginx/proxy_ip.tpl b/install/debian/8/templates/web/nginx/proxy_ip.tpl similarity index 100% rename from install/rhel/templates/web/nginx/proxy_ip.tpl rename to install/debian/8/templates/web/nginx/proxy_ip.tpl diff --git a/install/debian/8/templates/web/php5-fpm/default.tpl b/install/debian/8/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/debian/8/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/debian/8/templates/web/php5-fpm/no-php.tpl b/install/debian/8/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/debian/8/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/debian/8/templates/web/php5-fpm/socket.tpl b/install/debian/8/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/debian/8/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/debian/8/templates/web/skel/document_errors/403.html b/install/debian/8/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/debian/8/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/debian/8/templates/web/skel/document_errors/404.html b/install/debian/8/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/debian/8/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/debian/8/templates/web/skel/document_errors/50x.html b/install/debian/8/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/debian/8/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/rhel/templates/web/skel/public_html/index.html b/install/debian/8/templates/web/skel/public_html/index.html similarity index 100% rename from install/rhel/templates/web/skel/public_html/index.html rename to install/debian/8/templates/web/skel/public_html/index.html diff --git a/install/rhel/templates/web/skel/public_html/robots.txt b/install/debian/8/templates/web/skel/public_html/robots.txt similarity index 100% rename from install/rhel/templates/web/skel/public_html/robots.txt rename to install/debian/8/templates/web/skel/public_html/robots.txt diff --git a/install/rhel/templates/web/skel/public_shtml/index.html b/install/debian/8/templates/web/skel/public_shtml/index.html similarity index 100% rename from install/rhel/templates/web/skel/public_shtml/index.html rename to install/debian/8/templates/web/skel/public_shtml/index.html diff --git a/install/rhel/templates/web/skel/public_shtml/robots.txt b/install/debian/8/templates/web/skel/public_shtml/robots.txt similarity index 100% rename from install/rhel/templates/web/skel/public_shtml/robots.txt rename to install/debian/8/templates/web/skel/public_shtml/robots.txt diff --git a/install/rhel/templates/web/suspend/.htaccess b/install/debian/8/templates/web/suspend/.htaccess similarity index 100% rename from install/rhel/templates/web/suspend/.htaccess rename to install/debian/8/templates/web/suspend/.htaccess diff --git a/install/debian/8/templates/web/suspend/index.html b/install/debian/8/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/debian/8/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/rhel/templates/web/webalizer/webalizer.tpl b/install/debian/8/templates/web/webalizer/webalizer.tpl similarity index 100% rename from install/rhel/templates/web/webalizer/webalizer.tpl rename to install/debian/8/templates/web/webalizer/webalizer.tpl diff --git a/install/ubuntu/vsftpd.conf b/install/debian/8/vsftpd/vsftpd.conf similarity index 100% rename from install/ubuntu/vsftpd.conf rename to install/debian/8/vsftpd/vsftpd.conf index 9c3c2742f..0902899e7 100644 --- a/install/ubuntu/vsftpd.conf +++ b/install/debian/8/vsftpd/vsftpd.conf @@ -5,9 +5,9 @@ local_umask=002 anon_upload_enable=NO dirmessage_enable=YES xferlog_enable=YES -dual_log_enable=YES connect_from_port_20=YES xferlog_std_format=YES +dual_log_enable=YES chroot_local_user=YES listen=YES pam_service_name=vsftpd diff --git a/install/debian/apache2.readme.txt b/install/debian/apache2.readme.txt deleted file mode 100644 index b8d05cbe1..000000000 --- a/install/debian/apache2.readme.txt +++ /dev/null @@ -1,11 +0,0 @@ -# -# _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| -# _| _| _| _| _| _| _| -# _| _| _|_|_| _|_| _| _|_|_|_| -# _| _| _| _| _| _| _| -# _| _|_|_|_| _|_|_| _| _| _| -# -# -# Server is manager by Vesta Control Panel. -# See /etc/apache2/conf.d/vesta.conf to get a full list of running vhosts. -# diff --git a/install/debian/certificate.crt b/install/debian/certificate.crt deleted file mode 100644 index 4a3230ac2..000000000 --- a/install/debian/certificate.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqjCCApICCQCBAQdAxoNnAjANBgkqhkiG9w0BAQUFADCBljELMAkGA1UEBhMC -VVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEzARBgNVBAcMClN3YW1wc2NvdHQx -EDAOBgNVBAoMB1Zlc3RhQ1AxCzAJBgNVBAsMAklUMRowGAYDVQQDDBFwYW5lbC52 -ZXN0YWNwLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B2ZXN0YWNwLmNvbTAeFw0x -MzA5MjMwNzA0NDVaFw0xNDA5MjMwNzA0NDVaMIGWMQswCQYDVQQGEwJVUzEWMBQG -A1UECAwNTWFzc2FjaHVzZXR0czETMBEGA1UEBwwKU3dhbXBzY290dDEQMA4GA1UE -CgwHVmVzdGFDUDELMAkGA1UECwwCSVQxGjAYBgNVBAMMEXBhbmVsLnZlc3RhY3Au -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHZlc3RhY3AuY29tMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu84meigHrwPmzEbFpKe/o8FTKwO5w1VL0HU -ILVW5EBGT76VEBqpWC+x0QrChHit14FV7m+hZRvhhkulXrknChTTNA500EVNZ5Wb -UpDWezZDivTKAHzzq0aUwKB230Tz+k3j+duBcbzwFwirnDXb5dE5RqzBOhiIvDw9 -mjP66UyH8RxFF+pTAPlcF18zWak7KnaDreyGknzy7m+Zqs07uLnb0wTgcwIcqREP -eqgw0E8xrEdjz1N9HIvxi+glfnjNgHja3cCYhe9ZCpDDr9ERXrEcULrqRuch6Zfv -QKoscG4dankbq0V4DfpMBYMTvFvFLLp/uWvwLjunzfu37XmBLQIDAQABMA0GCSqG -SIb3DQEBBQUAA4IBAQBl+GF4Ii+7cW0tWVTsDh0Kw+rjc9bEA0eF4p3LBLEsFRkP -Yeqp2t0g8RTAAiq3OyUWYISzOX8xu0i56/3jUFazABBjz0P0w2A0BfRZS5TAEwxJ -TS9zAgobBuLtTh3FDJJIRXLJOKLJZVUmi6D+8QIQVOox0925tMIxGc9CxLK05bIc -HUYdHsn1gDwmTWem/XED559eWV/vGnvf3Ea0EHU76kTQaLPkul2y8BTbbLaHSw96 -1xFc8x9gqxWTT70YmBpZIApmSzvOGVXqTduMY/CeEbmigo1/1i2YMVjePFEDYnmE -/f6rNQrtM9kgtE+glWdA7zHlaigKl3SVof1ETStB ------END CERTIFICATE----- diff --git a/install/debian/certificate.key b/install/debian/certificate.key deleted file mode 100644 index eb913d684..000000000 --- a/install/debian/certificate.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvu84meigHrwPmzEbFpKe/o8FTKwO5w1VL0HUILVW5EBGT76V -EBqpWC+x0QrChHit14FV7m+hZRvhhkulXrknChTTNA500EVNZ5WbUpDWezZDivTK -AHzzq0aUwKB230Tz+k3j+duBcbzwFwirnDXb5dE5RqzBOhiIvDw9mjP66UyH8RxF -F+pTAPlcF18zWak7KnaDreyGknzy7m+Zqs07uLnb0wTgcwIcqREPeqgw0E8xrEdj -z1N9HIvxi+glfnjNgHja3cCYhe9ZCpDDr9ERXrEcULrqRuch6ZfvQKoscG4dankb -q0V4DfpMBYMTvFvFLLp/uWvwLjunzfu37XmBLQIDAQABAoIBAF59YsSAJCWxqgOC -dMZh/z85JkVAbQuZRIvjhwg81eiVinZSedCDcUUMLXKnYYZPdrDM9+rM4dF4z843 -R3quJIzPq4n6kYK0mU7m8fwVY5+MRjbRV9qP+8LKZjlB8DIkHJ3FyEnRgKj5+NNd -Xhgra0y7kx3Pxrxqgdit80qJ6OVlN2gsMjUcDBhqQev9Xs8cKYjYc1uPtFw14B2G -5fsNE8cHJA+hH/aym7xTaEQlz/JOKn2GsH/dOhm3RM2QygdyrVOBBj6rKSi03LMb -7QOkDvZ3nBltxQKOqs2PkYyEAdqR4dMZIPNxye/k21iVovLeMVe4lG7BmNOD6XwB -+TOhYh0CgYEA9WyUeSNPP309Br65wg61GdapWmQIaj7HSZE06BWhp82PPwHaF1yY -p9hWgo6fDxwHiTSLeUqEPXJMaPG+RxvYFc7Lc3JjOKU4ezR9fqz01LLtWXHVVT/x -RZuogMyaDhIjhwMyu4mybpUMkBQ/B3DFufrzTv0y8ljAc0nlFsuXaPMCgYEAxymI -btxZFGES6UNG7ldEaihll9MpP22/VghUeAaia0qgnXlYkbngIIhGpGJUkvZ2pduE -tfw2S20k38qvrWXx/NhLxmiVSIvq5TFi/22dfT20kfrdCcnkrp/tRpeR72IrQ6Kx -+6l7QHV5Gjcc4rvNc8mw7itVu+StgCYx+koD9V8CgYA8sThaaLf9XGxOEbaAXgC9 -Pg+tcdV+6L2B3O33gvnyNGx7SWr0ogqCX4atTLXbF7RpYtwnB52CUJTC0x2aGjGq -2vQHPb95z6oTFdz/CaiWPRVjLDp0lZaF/0OBbpeeaS/uAIV4SUod/LAZpVgc7++F -2aB35TfHJNma6ShFJd3wrwKBgBH444DtjXRTVjuKgKodYeUahCBxQ7Wfl7aRxd2W -66027MuJGb78wQbuhUFsRimE6CwLZSxu+A9SaBNx3OyO2Ilyk1PyOBZ12dqY3FAk -eiPFH7hUpQGvIF3JvMW0A81QVIsj8V++aYrljuoYsxiaze128+pqKrBr8GQyDiyB -5V2NAoGBAIPWovM20cbx6LpEuFN5Pmkl500F6sTc8F3DQVRe3JhwVhqHQXv7tUE1 -VHMqpMybUQin8q/RXvJ0vr2sQEe2fVC2a0FWJTqww1eMwu1V9ppUJAfXfaYWY+XJ -4d3myajakr0Eh3ia+IrSBcMRJ2sD3sL5KQC6jbD0R8odex4syiu2 ------END RSA PRIVATE KEY----- diff --git a/install/debian/dovecot.conf b/install/debian/dovecot.conf deleted file mode 100644 index 005e97aaa..000000000 --- a/install/debian/dovecot.conf +++ /dev/null @@ -1,28 +0,0 @@ -protocols = imap pop3 -listen = *, :: -base_dir = /var/run/dovecot/ -!include conf.d/*.conf - - namespace { - type = private - separator = / - prefix = - inbox = yes - - mailbox Sent { - auto = subscribe - special_use = \Sent - } - mailbox Drafts { - auto = subscribe - special_use = \Drafts - } - mailbox Trash { - auto = subscribe - special_use = \Trash - } - mailbox Junk { - auto = subscribe - special_use = \Junk - } - } diff --git a/install/debian/freshclam.conf b/install/debian/freshclam.conf deleted file mode 100644 index 5e6ca56c1..000000000 --- a/install/debian/freshclam.conf +++ /dev/null @@ -1,27 +0,0 @@ -# Automatically created by the clamav-freshclam postinst -# Comments will get lost when you reconfigure the clamav-freshclam package - -DatabaseOwner clamav -UpdateLogFile /var/log/clamav/freshclam.log -LogVerbose false -LogSyslog false -LogFacility LOG_LOCAL6 -LogFileMaxSize 0 -LogTime true -Foreground false -Debug false -MaxAttempts 5 -DatabaseDirectory /var/lib/clamav -DNSDatabaseInfo current.cvd.clamav.net -AllowSupplementaryGroups false -PidFile /var/run/clamav/freshclam.pid -ConnectTimeout 30 -ReceiveTimeout 30 -TestDatabases yes -ScriptedUpdates yes -CompressLocalDatabase no -Bytecode true -# Check for new database 24 times a day -Checks 24 -DatabaseMirror db.local.clamav.net -DatabaseMirror database.clamav.net diff --git a/install/debian/nginx.readme.txt b/install/debian/nginx.readme.txt deleted file mode 100644 index e5db79e79..000000000 --- a/install/debian/nginx.readme.txt +++ /dev/null @@ -1,11 +0,0 @@ -# -# _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| -# _| _| _| _| _| _| _| -# _| _| _|_|_| _|_| _| _|_|_|_| -# _| _| _| _| _| _| _| -# _| _|_|_|_| _|_|_| _| _| _| -# -# -# Server is manager by Vesta Control Panel. -# See /etc/nginx/conf.d/vesta.conf to get a full list of running vhosts. -# diff --git a/install/debian/sudoers.conf b/install/debian/sudoers.conf deleted file mode 100644 index efe9ce9c9..000000000 --- a/install/debian/sudoers.conf +++ /dev/null @@ -1,32 +0,0 @@ -# -# This file MUST be edited with the 'visudo' command as root. -# -# Please consider adding local content in /etc/sudoers.d/ instead of -# directly modifying this file. -# -# See the man page for details on how to write a sudoers file. -# -Defaults env_reset -Defaults mail_badpass -Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -Defaults env_keep="VESTA" -Defaults:admin !requiretty - -# Host alias specification - -# User alias specification - -# Cmnd alias specification - -# User privilege specification -root ALL=(ALL:ALL) ALL - -# Members of the admin group may gain root privileges -%admin ALL=(ALL) ALL - -# Allow members of group sudo to execute any command -%sudo ALL=(ALL:ALL) ALL - -# See sudoers(5) for more information on "#include" directives: - -#includedir /etc/sudoers.d diff --git a/install/debian/vesta.conf b/install/debian/vesta.conf deleted file mode 100644 index 6c148bd17..000000000 --- a/install/debian/vesta.conf +++ /dev/null @@ -1,24 +0,0 @@ -WEB_SYSTEM='apache2' -WEB_RGROUPS='www-data' -WEB_PORT='8080' -WEB_SSL='mod_ssl' -WEB_SSL_PORT='8443' -PROXY_SYSTEM='nginx' -PROXY_PORT='80' -PROXY_SSL_PORT='443' -FTP_SYSTEM='vsftpd' -MAIL_SYSTEM='exim4' -IMAP_SYSTEM='dovecot' -ANTIVIRUS_SYSTEM='clamav-daemon' -ANTISPAM_SYSTEM='spamassassin' -DB_SYSTEM='mysql' -DNS_SYSTEM='bind9' -STATS_SYSTEM='webalizer,awstats' -BACKUP_SYSTEM='local' -CRON_SYSTEM='cron' -DISK_QUOTA='no' -FIREWALL_SYSTEM='iptables' -FIREWALL_EXTENSION='fail2ban' -REPOSITORY='cmmnt' -VERSION='0.9.8' -LANGUAGE='en' diff --git a/install/debian/whmcs-module.php b/install/debian/whmcs-module.php deleted file mode 100644 index 1cb250611..000000000 --- a/install/debian/whmcs-module.php +++ /dev/null @@ -1,359 +0,0 @@ - array( "Type" => "text", "Default" => "default"), - "SSH Access" => array( "Type" => "yesno", "Description" => "Tick to grant access", ), - "IP Address (optional)" => array( "Type" => "text" ), - ); - return $configarray; - -} - -function vesta_CreateAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-add-user', - 'arg1' => $params["username"], - 'arg2' => $params["password"], - 'arg3' => $params["clientsdetails"]["email"], - 'arg4' => $params["configoption1"], - 'arg5' => $params["clientsdetails"]["firstname"], - 'arg6' => $params["clientsdetails"]["lastname"], - ); - $postdata = http_build_query($postvars); - - // Create user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_UserAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - // Enable ssh access - if(($answer == 'OK') && ($params["configoption2"] == 'on')) { - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-shell', - 'arg1' => $params["username"], - 'arg2' => 'bash' - ); - $postdata = http_build_query($postvars); - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_EnableSSH','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - } - - // Add domain - if(($answer == 'OK') && (!empty($params["domain"]))) { - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-add-domain', - 'arg1' => $params["username"], - 'arg2' => $params["domain"], - 'arg3' => $params["configoption3"], - ); - $postdata = http_build_query($postvars); - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_AddDomain','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - } - } - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_TerminateAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-delete-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Delete user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','TerminateAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_SuspendAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-suspend-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Susupend user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','SuspendAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_UnsuspendAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-unsuspend-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Unsusupend user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','UnsuspendAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ChangePassword($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-password', - 'arg1' => $params["username"], - 'arg2' => $params["password"] - ); - $postdata = http_build_query($postvars); - - // Change user package - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','ChangePassword','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ChangePackage($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-package', - 'arg1' => $params["username"], - 'arg2' => $params["configoption1"] - ); - $postdata = http_build_query($postvars); - - // Change user package - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','ChangePackage','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ClientArea($params) { - - $code = '
- - - - -
'; - return $code; - -} - -function vesta_AdminLink($params) { - - $code = '
- - - -
'; - return $code; - -} - -function vesta_LoginLink($params) { - - echo "control panel"; - -} - -function vesta_UsageUpdate($params) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-list-users', - 'arg1' => 'json' - ); - $postdata = http_build_query($postvars); - - // Get user stats - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - // Decode json data - $results = json_decode($answer, true); - - // Loop through results and update DB - foreach ($results AS $user=>$values) { - update_query("tblhosting",array( - "diskusage"=>$values['U_DISK'], - "disklimit"=>$values['DISK_QUOTA'], - "bwusage"=>$values['U_BANDWIDTH'], - "bwlimit"=>$values['BANDWIDTH'], - "lastupdate"=>"now()", - ),array("server"=>$params['serverid'], "username"=>$user)); - } - -} - -?> diff --git a/install/rhel/5/GPG.txt b/install/rhel/5/GPG.txt new file mode 100644 index 000000000..33bb1ff26 --- /dev/null +++ b/install/rhel/5/GPG.txt @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQGiBExUOVkRBACPJeB3bdrAggHlFpkaB1aRDXDz7clRg6jyEzdMYHhrniSyjhAH ++b53zE4iapCHFIamEG2Fa7zS2lSx7068AmqHsZK5jwmyhTVVYuTtbebj1C4Y5ToW +icHhy4ullB7qeDmAod6EY4YSx2kYO3dR/QLk5QM4lWuV/OLdXWTeoKiiYwCg0UAP +yUkBXgNcKXrFqoJelmG3JEMEAIYM7CGwVd47FsM1UCu56HNQPErxLoUPBUlAQFtx +OMOFDMEm7qH7ve8FgGGRL9oHF7mSJ3y7HgM1BF5MHkKz6FjDrT1U5+Lub6oI2e90 +gfCMGlQAzUm9o+fijfbhKoEQ/xQRkUoqWEaf9zlFx1/4+NH+Qz/L8ZDTHvSLvUgt +HyZlA/916St5suAUugXu9PeLRVqboiHjhz0JWKneQEQ2QcTu8lhHsu/mZTWL9FYn +XwtiCJLZT8bpBSfl8Oeqhof1+sPgnv7t/LuKQ6JJmyJ46Sa453wfrs+xs32hKAe+ +ZN0VGBmHe7NhuhW/LdM0KMMr/LHuJJJAgmt+XVHi2RFwsZvdMbQkVmVzdGEgUGFj +a2FnZXMgPGJ1aWxkZXJAdmVzdGFjcC5jb20+iGAEExECACAFAkxUOVkCGwMGCwkI +BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBbjeFzoXeCtp6dAKDQfeTPHi6hCgg4L+sx +LEjXvVdLOwCfe9yfr+en+uz6qst0QBT2cAwB+q+5Ag0ETFQ5bBAIAJYZa9pV9l/R +OUFgIvdJd1mvzJpRAXsRBBJc22WuOHp22Uj+lMKrJMTRQZvFBvk9s7Mb1/ACXrL4 +vIbsKqXNAlVFp9kF1tKV2ejZ1MrJaQ4819bIkyG0lJzjl6u9lzJopF7ie00YHKC6 +1rltLaevfFjUXq1DoYZBg42hT/SOj+3+2D0e9qcxeuxXbsjnvwtxxUkWcP/ftOSt +HsAAbM1YtwGl9+fZLWG9+WIKNOE9kp+h2ywZtFA4v/Ms2op7oZGAL7C95k1EgLrH +mOZ0B2oKOLctV1z9keWksPN/osyG7Mg8ljv8zF3XwQFqHOHRntDqSWoFBMvJBkNS +vtm6u5WyKd8ABAsH/0RbeWVA+JqpZ24Rl57XoDRPRzno0m0EnkJMXr22uBq1lPg8 +VkadrGOshFXpM3Rho57f3U7fwKmShQXGEV7RHsWcxcfwOSKVJtI468sDuYXc2l1f +5nFo+rCtVh3BBq+JtZFKX0x53BesCT/M7l33Dfm9MDi34tEdPTPjumBIH1dowYdv +9/2HPlPp4NZte7gOO/VIAiS+jJ30aBn09t8duW5md7/rkOPIM5It05LGCLjb9hVm +R9zTwzw30fIrkeyWZdAbk76lH8u8j6PX30U6RRzb33+XIFR4ab3nlyqOQOpoTqyG +cs7B02sgBbyC+RG1EYfcelSEvLXkR8mjcqjs+MCISQQYEQIACQUCTFQ5bAIbDAAK +CRBbjeFzoXeCtlpcAKDLh59svtq/Gn99O9ZZw0nBjWv6sACfffDxPhCP1F852Jab +d8P1WGhr2Q8= +=Z1Jj +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/rhel/clamd.conf b/install/rhel/5/clamav/clamd.conf similarity index 100% rename from install/rhel/clamd.conf rename to install/rhel/5/clamav/clamd.conf diff --git a/install/rhel/5/clamav/clamd.service b/install/rhel/5/clamav/clamd.service new file mode 100644 index 000000000..fdb3af7fd --- /dev/null +++ b/install/rhel/5/clamav/clamd.service @@ -0,0 +1,12 @@ +[Unit] +Description = clamd scanner (clamd) daemon +After = syslog.target nss-lookup.target network.target + +[Service] +Type = simple +ExecStart = /usr/sbin/clamd -c /etc/clamd.conf --nofork=yes +Restart = on-failure +PrivateTmp = true + +[Install] +WantedBy=multi-user.target diff --git a/install/rhel/freshclam.conf b/install/rhel/5/clamav/freshclam.conf similarity index 100% rename from install/rhel/freshclam.conf rename to install/rhel/5/clamav/freshclam.conf diff --git a/install/rhel/5/dovecot.tar.gz b/install/rhel/5/dovecot.tar.gz new file mode 100644 index 000000000..430dbc348 Binary files /dev/null and b/install/rhel/5/dovecot.tar.gz differ diff --git a/install/rhel/dovecot.conf b/install/rhel/5/dovecot/dovecot.conf similarity index 83% rename from install/rhel/dovecot.conf rename to install/rhel/5/dovecot/dovecot.conf index c4b187b53..544d851e6 100644 --- a/install/rhel/dovecot.conf +++ b/install/rhel/5/dovecot/dovecot.conf @@ -1,7 +1,7 @@ protocols = imap imaps pop3 pop3s log_path = /var/log/dovecot.log -ssl_cert_file = /etc/pki/tls/certs/exim.pem -ssl_key_file = /etc/pki/tls/private/exim.pem +ssl_cert_file = /usr/local/vesta/ssl/certificate.crt +ssl_key_file = /usr/local/vesta/ssl/certificate.key disable_plaintext_auth = no mail_location = maildir:%h/mail/%d/%n diff --git a/install/rhel/5/epel-release.rpm b/install/rhel/5/epel-release.rpm new file mode 100644 index 000000000..a65162a8e Binary files /dev/null and b/install/rhel/5/epel-release.rpm differ diff --git a/install/ubuntu/dnsbl.conf b/install/rhel/5/exim/dnsbl.conf similarity index 100% rename from install/ubuntu/dnsbl.conf rename to install/rhel/5/exim/dnsbl.conf diff --git a/install/rhel/exim-smarthost.conf b/install/rhel/5/exim/exim-smarthost.conf similarity index 100% rename from install/rhel/exim-smarthost.conf rename to install/rhel/5/exim/exim-smarthost.conf diff --git a/install/rhel/exim.conf b/install/rhel/5/exim/exim.conf similarity index 99% rename from install/rhel/exim.conf rename to install/rhel/5/exim/exim.conf index d75192e7c..0f9830168 100644 --- a/install/rhel/exim.conf +++ b/install/rhel/5/exim/exim.conf @@ -108,7 +108,7 @@ acl_check_rcpt: require message = relay not permitted domains = +local_domains : +relay_to_domains - deny message = smtp auth required + deny message = smtp auth requried sender_domains = +local_domains !authenticated = * diff --git a/install/ubuntu/spam-blocks.conf b/install/rhel/5/exim/spam-blocks.conf similarity index 100% rename from install/ubuntu/spam-blocks.conf rename to install/rhel/5/exim/spam-blocks.conf diff --git a/install/rhel/5/fail2ban.tar.gz b/install/rhel/5/fail2ban.tar.gz new file mode 100644 index 000000000..563451b41 Binary files /dev/null and b/install/rhel/5/fail2ban.tar.gz differ diff --git a/install/debian/fail2ban.action.conf b/install/rhel/5/fail2ban/fail2ban.action.conf similarity index 100% rename from install/debian/fail2ban.action.conf rename to install/rhel/5/fail2ban/fail2ban.action.conf diff --git a/install/ubuntu/fail2ban.filter.conf b/install/rhel/5/fail2ban/fail2ban.filter.conf similarity index 100% rename from install/ubuntu/fail2ban.filter.conf rename to install/rhel/5/fail2ban/fail2ban.filter.conf diff --git a/install/debian/fail2ban.jail.conf b/install/rhel/5/fail2ban/fail2ban.jail.conf similarity index 100% rename from install/debian/fail2ban.jail.conf rename to install/rhel/5/fail2ban/fail2ban.jail.conf diff --git a/install/rhel/5/firewall.tar.gz b/install/rhel/5/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/rhel/5/firewall.tar.gz differ diff --git a/install/ubuntu/firewall/ports.conf b/install/rhel/5/firewall/ports.conf similarity index 93% rename from install/ubuntu/firewall/ports.conf rename to install/rhel/5/firewall/ports.conf index e970f91de..a6ef4dae5 100644 --- a/install/ubuntu/firewall/ports.conf +++ b/install/rhel/5/firewall/ports.conf @@ -11,6 +11,6 @@ PROTOCOL='TCP' PORT='143' PROTOCOL='TCP' PORT='3306' PROTOCOL='TCP' PORT='5432' PROTOCOL='TCP' PORT='8080' -PROTOCOL='TCP' PORT='8443' +PROTOCOL='TCP' PORT='8433' PROTOCOL='TCP' PORT='8083' PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/firewall/rules.conf b/install/rhel/5/firewall/rules.conf similarity index 89% rename from install/ubuntu/firewall/rules.conf rename to install/rhel/5/firewall/rules.conf index 60136e1a5..956c2e1d9 100644 --- a/install/ubuntu/firewall/rules.conf +++ b/install/rhel/5/firewall/rules.conf @@ -1,6 +1,6 @@ RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='127.0.0.1/32' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' diff --git a/install/rhel/httpd.conf b/install/rhel/5/httpd/httpd.conf similarity index 100% rename from install/rhel/httpd.conf rename to install/rhel/5/httpd/httpd.conf diff --git a/install/rhel/5/httpd/ruid2.conf b/install/rhel/5/httpd/ruid2.conf new file mode 100644 index 000000000..42f908a85 --- /dev/null +++ b/install/rhel/5/httpd/ruid2.conf @@ -0,0 +1,8 @@ +LoadModule ruid2_module modules/mod_ruid2.so + + + RMode config + RDefaultUidGid apache apache + RUidGid apache apache + RGroups apache + diff --git a/install/rhel/httpd-ssl.conf b/install/rhel/5/httpd/ssl.conf similarity index 100% rename from install/rhel/httpd-ssl.conf rename to install/rhel/5/httpd/ssl.conf diff --git a/install/rhel/httpd-status.conf b/install/rhel/5/httpd/status.conf similarity index 100% rename from install/rhel/httpd-status.conf rename to install/rhel/5/httpd/status.conf diff --git a/install/rhel/httpd.log b/install/rhel/5/logrotate/httpd similarity index 100% rename from install/rhel/httpd.log rename to install/rhel/5/logrotate/httpd diff --git a/install/rhel/5/logrotate/nginx b/install/rhel/5/logrotate/nginx new file mode 100644 index 000000000..b1da1bf16 --- /dev/null +++ b/install/rhel/5/logrotate/nginx @@ -0,0 +1,12 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + create 0644 nginx nginx + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/vesta.log b/install/rhel/5/logrotate/vesta similarity index 100% rename from install/ubuntu/vesta.log rename to install/rhel/5/logrotate/vesta diff --git a/install/rhel/5/mariadb/my-large.cnf b/install/rhel/5/mariadb/my-large.cnf new file mode 100644 index 000000000..4e6c2225c --- /dev/null +++ b/install/rhel/5/mariadb/my-large.cnf @@ -0,0 +1,38 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/5/mariadb/my-medium.cnf b/install/rhel/5/mariadb/my-medium.cnf new file mode 100644 index 000000000..fa255ec52 --- /dev/null +++ b/install/rhel/5/mariadb/my-medium.cnf @@ -0,0 +1,37 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/5/mariadb/my-small.cnf b/install/rhel/5/mariadb/my-small.cnf new file mode 100644 index 000000000..7d2fdc1b3 --- /dev/null +++ b/install/rhel/5/mariadb/my-small.cnf @@ -0,0 +1,35 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 32K +max_allowed_packet = 8M +table_open_cache = 4 +sort_buffer_size = 128K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=50 +max_user_connections=25 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/monit/clamd.conf b/install/rhel/5/monit/clamd.conf similarity index 100% rename from install/rhel/monit/clamd.conf rename to install/rhel/5/monit/clamd.conf diff --git a/install/rhel/monit/dovecot.conf b/install/rhel/5/monit/dovecot.conf similarity index 100% rename from install/rhel/monit/dovecot.conf rename to install/rhel/5/monit/dovecot.conf diff --git a/install/rhel/monit/exim.conf b/install/rhel/5/monit/exim.conf similarity index 100% rename from install/rhel/monit/exim.conf rename to install/rhel/5/monit/exim.conf diff --git a/install/rhel/monit/httpd.conf b/install/rhel/5/monit/httpd.conf similarity index 100% rename from install/rhel/monit/httpd.conf rename to install/rhel/5/monit/httpd.conf diff --git a/install/rhel/monit/mysql.conf b/install/rhel/5/monit/mysql.conf similarity index 100% rename from install/rhel/monit/mysql.conf rename to install/rhel/5/monit/mysql.conf diff --git a/install/rhel/monit/nginx.conf b/install/rhel/5/monit/nginx.conf similarity index 100% rename from install/rhel/monit/nginx.conf rename to install/rhel/5/monit/nginx.conf diff --git a/install/rhel/monit/spamassassin.conf b/install/rhel/5/monit/spamassassin.conf similarity index 100% rename from install/rhel/monit/spamassassin.conf rename to install/rhel/5/monit/spamassassin.conf diff --git a/install/rhel/monit/sshd.conf b/install/rhel/5/monit/sshd.conf similarity index 100% rename from install/rhel/monit/sshd.conf rename to install/rhel/5/monit/sshd.conf diff --git a/install/rhel/monit/vesta-nginx.conf b/install/rhel/5/monit/vesta-nginx.conf similarity index 100% rename from install/rhel/monit/vesta-nginx.conf rename to install/rhel/5/monit/vesta-nginx.conf diff --git a/install/rhel/monit/vesta-php.conf b/install/rhel/5/monit/vesta-php.conf similarity index 100% rename from install/rhel/monit/vesta-php.conf rename to install/rhel/5/monit/vesta-php.conf diff --git a/install/rhel/5/mysqld/my-large.cnf b/install/rhel/5/mysqld/my-large.cnf new file mode 100644 index 000000000..b548eeb87 --- /dev/null +++ b/install/rhel/5/mysqld/my-large.cnf @@ -0,0 +1,38 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/5/mysqld/my-medium.cnf b/install/rhel/5/mysqld/my-medium.cnf new file mode 100644 index 000000000..e5f2677fc --- /dev/null +++ b/install/rhel/5/mysqld/my-medium.cnf @@ -0,0 +1,37 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/5/mysqld/my-small.cnf b/install/rhel/5/mysqld/my-small.cnf new file mode 100644 index 000000000..52a3d33a6 --- /dev/null +++ b/install/rhel/5/mysqld/my-small.cnf @@ -0,0 +1,35 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 32K +max_allowed_packet = 8M +table_open_cache = 4 +sort_buffer_size = 128K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=50 +max_user_connections=25 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/named.conf b/install/rhel/5/named/named.conf similarity index 100% rename from install/rhel/named.conf rename to install/rhel/5/named/named.conf diff --git a/install/rhel/5/nginx/nginx.conf b/install/rhel/5/nginx/nginx.conf new file mode 100644 index 000000000..0316de7ac --- /dev/null +++ b/install/rhel/5/nginx/nginx.conf @@ -0,0 +1,101 @@ +# Server globals +user nginx; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_temp_path /var/cache/nginx/temp; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/rhel/5/nginx/phpmyadmin.inc b/install/rhel/5/nginx/phpmyadmin.inc new file mode 100644 index 000000000..09da52076 --- /dev/null +++ b/install/rhel/5/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpMyAdmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpMyAdmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/5/nginx/phppgadmin.inc b/install/rhel/5/nginx/phppgadmin.inc new file mode 100644 index 000000000..333e560a2 --- /dev/null +++ b/install/rhel/5/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phpPgAdmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phpPgAdmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/nginx-status.conf b/install/rhel/5/nginx/status.conf similarity index 100% rename from install/ubuntu/nginx-status.conf rename to install/rhel/5/nginx/status.conf diff --git a/install/rhel/5/nginx/webmail.inc b/install/rhel/5/nginx/webmail.inc new file mode 100644 index 000000000..2d0fbe293 --- /dev/null +++ b/install/rhel/5/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /usr/share/roundcubemail/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /usr/share/roundcubemail/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/5/packages.tar.gz b/install/rhel/5/packages.tar.gz new file mode 100644 index 000000000..269d9bee0 Binary files /dev/null and b/install/rhel/5/packages.tar.gz differ diff --git a/install/rhel/5/packages/default.pkg b/install/rhel/5/packages/default.pkg new file mode 100644 index 000000000..3df21d3df --- /dev/null +++ b/install/rhel/5/packages/default.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2015-06-05' diff --git a/install/rhel/5/packages/gainsboro.pkg b/install/rhel/5/packages/gainsboro.pkg new file mode 100644 index 000000000..2b66b7d17 --- /dev/null +++ b/install/rhel/5/packages/gainsboro.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2015-06-05' diff --git a/install/rhel/5/packages/palegreen.pkg b/install/rhel/5/packages/palegreen.pkg new file mode 100644 index 000000000..b17e5e1b2 --- /dev/null +++ b/install/rhel/5/packages/palegreen.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='hosting' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2015-06-05' diff --git a/install/rhel/5/packages/slategrey.pkg b/install/rhel/5/packages/slategrey.pkg new file mode 100644 index 000000000..cc9ef423c --- /dev/null +++ b/install/rhel/5/packages/slategrey.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2015-06-05' diff --git a/install/ubuntu/pga.conf b/install/rhel/5/pga/config.inc.php similarity index 100% rename from install/ubuntu/pga.conf rename to install/rhel/5/pga/config.inc.php diff --git a/install/rhel/httpd-pga.conf b/install/rhel/5/pga/phpPgAdmin.conf similarity index 100% rename from install/rhel/httpd-pga.conf rename to install/rhel/5/pga/phpPgAdmin.conf diff --git a/install/rhel/5/php-fpm/www.conf b/install/rhel/5/php-fpm/www.conf new file mode 100644 index 000000000..260109d8f --- /dev/null +++ b/install/rhel/5/php-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = apache +group = apache +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/rhel/pma.conf b/install/rhel/5/pma/config.inc.conf similarity index 100% rename from install/rhel/pma.conf rename to install/rhel/5/pma/config.inc.conf diff --git a/install/rhel/httpd-pma.conf b/install/rhel/5/pma/phpMyAdmin.conf similarity index 89% rename from install/rhel/httpd-pma.conf rename to install/rhel/5/pma/phpMyAdmin.conf index 3950860ef..0049ef2b7 100644 --- a/install/rhel/httpd-pma.conf +++ b/install/rhel/5/pma/phpMyAdmin.conf @@ -37,9 +37,3 @@ Alias /phpmyadmin /usr/share/phpMyAdmin # SecRuleInheritance Off # # - - - Order Deny,Allow - Deny from All - Allow from None - diff --git a/install/rhel/5/postgresql/pg_hba.conf b/install/rhel/5/postgresql/pg_hba.conf new file mode 100644 index 000000000..b65e66434 --- /dev/null +++ b/install/rhel/5/postgresql/pg_hba.conf @@ -0,0 +1,11 @@ +# "local" is for Unix domain socket connections only +local all all md5 + +# IPv4 local connections: +host all all 127.0.0.1/32 md5 + +# IPv6 local connections: +host all all ::1/128 md5 + +# Others +host all all 0.0.0.0/0 md5 diff --git a/install/rhel/proftpd.conf b/install/rhel/5/proftpd/proftpd.conf similarity index 100% rename from install/rhel/proftpd.conf rename to install/rhel/5/proftpd/proftpd.conf diff --git a/install/rhel/5/remi-release.rpm b/install/rhel/5/remi-release.rpm new file mode 100644 index 000000000..e0c3696c4 Binary files /dev/null and b/install/rhel/5/remi-release.rpm differ diff --git a/install/ubuntu/roundcube-pw.conf b/install/rhel/5/roundcube/config.inc.php similarity index 100% rename from install/ubuntu/roundcube-pw.conf rename to install/rhel/5/roundcube/config.inc.php diff --git a/install/ubuntu/roundcube-db.conf b/install/rhel/5/roundcube/db.inc.php similarity index 100% rename from install/ubuntu/roundcube-db.conf rename to install/rhel/5/roundcube/db.inc.php diff --git a/install/rhel/5/roundcube/main.inc.php b/install/rhel/5/roundcube/main.inc.php new file mode 100644 index 000000000..a27c306eb --- /dev/null +++ b/install/rhel/5/roundcube/main.inc.php @@ -0,0 +1,40 @@ + - Order Deny,Allow - Deny from all - Allow from all - - - - Order Deny,Allow - Deny from all - Allow from None + Order Deny,Allow + Deny from all + Allow from all diff --git a/install/rhel/roundcube-driver.php b/install/rhel/5/roundcube/vesta.php similarity index 100% rename from install/rhel/roundcube-driver.php rename to install/rhel/5/roundcube/vesta.php diff --git a/install/ubuntu/sudoers.admin.conf b/install/rhel/5/sudo/admin similarity index 56% rename from install/ubuntu/sudoers.admin.conf rename to install/rhel/5/sudo/admin index b4f870395..47e16098c 100644 --- a/install/ubuntu/sudoers.admin.conf +++ b/install/rhel/5/sudo/admin @@ -1,3 +1,7 @@ # Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + admin ALL=(ALL) ALL admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/5/templates.tar.gz b/install/rhel/5/templates.tar.gz new file mode 100644 index 000000000..6a2fd8909 Binary files /dev/null and b/install/rhel/5/templates.tar.gz differ diff --git a/install/ubuntu/templates/dns/child-ns.tpl b/install/rhel/5/templates/dns/child-ns.tpl similarity index 100% rename from install/ubuntu/templates/dns/child-ns.tpl rename to install/rhel/5/templates/dns/child-ns.tpl diff --git a/install/rhel/5/templates/dns/default.tpl b/install/rhel/5/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/rhel/5/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/templates/dns/gmail.tpl b/install/rhel/5/templates/dns/gmail.tpl similarity index 90% rename from install/ubuntu/templates/dns/gmail.tpl rename to install/rhel/5/templates/dns/gmail.tpl index 59b4779f2..950cfa456 100755 --- a/install/ubuntu/templates/dns/gmail.tpl +++ b/install/rhel/5/templates/dns/gmail.tpl @@ -11,4 +11,4 @@ ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPE ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a ip4:%ip% include:_spf.google.com ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/templates/web/awstats/awstats.tpl b/install/rhel/5/templates/web/awstats/awstats.tpl similarity index 100% rename from install/ubuntu/templates/web/awstats/awstats.tpl rename to install/rhel/5/templates/web/awstats/awstats.tpl diff --git a/install/ubuntu/templates/web/awstats/index.tpl b/install/rhel/5/templates/web/awstats/index.tpl similarity index 100% rename from install/ubuntu/templates/web/awstats/index.tpl rename to install/rhel/5/templates/web/awstats/index.tpl diff --git a/install/ubuntu/templates/web/awstats/nav.tpl b/install/rhel/5/templates/web/awstats/nav.tpl similarity index 100% rename from install/ubuntu/templates/web/awstats/nav.tpl rename to install/rhel/5/templates/web/awstats/nav.tpl diff --git a/install/rhel/templates/web/httpd/basedir.stpl b/install/rhel/5/templates/web/httpd/basedir.stpl similarity index 86% rename from install/rhel/templates/web/httpd/basedir.stpl rename to install/rhel/5/templates/web/httpd/basedir.stpl index cd4a8c88c..d568276df 100755 --- a/install/rhel/templates/web/httpd/basedir.stpl +++ b/install/rhel/5/templates/web/httpd/basedir.stpl @@ -15,9 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp - php_admin_value upload_tmp_dir %home%/%user%/tmp - php_admin_value session.save_path %home%/%user%/tmp + php_admin_value open_basedir %docroot% AllowOverride All diff --git a/install/rhel/templates/web/httpd/basedir.tpl b/install/rhel/5/templates/web/httpd/basedir.tpl similarity index 84% rename from install/rhel/templates/web/httpd/basedir.tpl rename to install/rhel/5/templates/web/httpd/basedir.tpl index 94288db02..41b77334a 100755 --- a/install/rhel/templates/web/httpd/basedir.tpl +++ b/install/rhel/5/templates/web/httpd/basedir.tpl @@ -14,9 +14,7 @@ AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp - php_admin_value upload_tmp_dir %home%/%user%/tmp - php_admin_value session.save_path %home%/%user%/tmp + php_admin_value open_basedir %docroot% AllowOverride All diff --git a/install/rhel/templates/web/httpd/default.stpl b/install/rhel/5/templates/web/httpd/default.stpl similarity index 100% rename from install/rhel/templates/web/httpd/default.stpl rename to install/rhel/5/templates/web/httpd/default.stpl diff --git a/install/rhel/templates/web/httpd/default.tpl b/install/rhel/5/templates/web/httpd/default.tpl similarity index 100% rename from install/rhel/templates/web/httpd/default.tpl rename to install/rhel/5/templates/web/httpd/default.tpl diff --git a/install/rhel/templates/web/httpd/hosting.stpl b/install/rhel/5/templates/web/httpd/hosting.stpl similarity index 100% rename from install/rhel/templates/web/httpd/hosting.stpl rename to install/rhel/5/templates/web/httpd/hosting.stpl diff --git a/install/rhel/templates/web/httpd/hosting.tpl b/install/rhel/5/templates/web/httpd/hosting.tpl similarity index 100% rename from install/rhel/templates/web/httpd/hosting.tpl rename to install/rhel/5/templates/web/httpd/hosting.tpl diff --git a/install/ubuntu/templates/web/apache2/phpcgi.sh b/install/rhel/5/templates/web/httpd/phpcgi.sh similarity index 100% rename from install/ubuntu/templates/web/apache2/phpcgi.sh rename to install/rhel/5/templates/web/httpd/phpcgi.sh diff --git a/install/rhel/templates/web/httpd/phpcgi.stpl b/install/rhel/5/templates/web/httpd/phpcgi.stpl similarity index 100% rename from install/rhel/templates/web/httpd/phpcgi.stpl rename to install/rhel/5/templates/web/httpd/phpcgi.stpl diff --git a/install/rhel/templates/web/httpd/phpcgi.tpl b/install/rhel/5/templates/web/httpd/phpcgi.tpl similarity index 100% rename from install/rhel/templates/web/httpd/phpcgi.tpl rename to install/rhel/5/templates/web/httpd/phpcgi.tpl diff --git a/install/ubuntu/templates/web/apache2/phpfcgid.sh b/install/rhel/5/templates/web/httpd/phpfcgid.sh similarity index 100% rename from install/ubuntu/templates/web/apache2/phpfcgid.sh rename to install/rhel/5/templates/web/httpd/phpfcgid.sh diff --git a/install/rhel/templates/web/httpd/phpfcgid.stpl b/install/rhel/5/templates/web/httpd/phpfcgid.stpl similarity index 100% rename from install/rhel/templates/web/httpd/phpfcgid.stpl rename to install/rhel/5/templates/web/httpd/phpfcgid.stpl diff --git a/install/rhel/templates/web/httpd/phpfcgid.tpl b/install/rhel/5/templates/web/httpd/phpfcgid.tpl similarity index 100% rename from install/rhel/templates/web/httpd/phpfcgid.tpl rename to install/rhel/5/templates/web/httpd/phpfcgid.tpl diff --git a/install/rhel/5/templates/web/nginx/caching.sh b/install/rhel/5/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/rhel/5/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/rhel/5/templates/web/nginx/caching.stpl b/install/rhel/5/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..1109c924f --- /dev/null +++ b/install/rhel/5/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache %domain%; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/caching.tpl b/install/rhel/5/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..6d727c67f --- /dev/null +++ b/install/rhel/5/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache %domain%; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/templates/web/nginx/default.stpl b/install/rhel/5/templates/web/nginx/default.stpl similarity index 100% rename from install/rhel/templates/web/nginx/default.stpl rename to install/rhel/5/templates/web/nginx/default.stpl diff --git a/install/rhel/templates/web/nginx/default.tpl b/install/rhel/5/templates/web/nginx/default.tpl similarity index 100% rename from install/rhel/templates/web/nginx/default.tpl rename to install/rhel/5/templates/web/nginx/default.tpl diff --git a/install/ubuntu/templates/web/nginx/hosting.sh b/install/rhel/5/templates/web/nginx/hosting.sh similarity index 100% rename from install/ubuntu/templates/web/nginx/hosting.sh rename to install/rhel/5/templates/web/nginx/hosting.sh diff --git a/install/rhel/templates/web/nginx/hosting.stpl b/install/rhel/5/templates/web/nginx/hosting.stpl similarity index 100% rename from install/rhel/templates/web/nginx/hosting.stpl rename to install/rhel/5/templates/web/nginx/hosting.stpl diff --git a/install/rhel/templates/web/nginx/hosting.tpl b/install/rhel/5/templates/web/nginx/hosting.tpl similarity index 100% rename from install/rhel/templates/web/nginx/hosting.tpl rename to install/rhel/5/templates/web/nginx/hosting.tpl diff --git a/install/rhel/5/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/rhel/5/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/rhel/5/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/rhel/5/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/rhel/5/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/rhel/5/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/rhel/5/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/rhel/5/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/rhel/5/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/default.stpl b/install/rhel/5/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/default.tpl b/install/rhel/5/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/rhel/5/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/rhel/5/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/joomla.stpl b/install/rhel/5/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/joomla.tpl b/install/rhel/5/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/owncloud.stpl b/install/rhel/5/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/owncloud.tpl b/install/rhel/5/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/piwik.stpl b/install/rhel/5/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/piwik.tpl b/install/rhel/5/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.stpl b/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.tpl b/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress.stpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress.tpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2.stpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2.tpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/templates/web/nginx/proxy_ip.tpl b/install/rhel/5/templates/web/nginx/proxy_ip.tpl similarity index 100% rename from install/ubuntu/templates/web/nginx/proxy_ip.tpl rename to install/rhel/5/templates/web/nginx/proxy_ip.tpl diff --git a/install/rhel/5/templates/web/php-fpm/default.tpl b/install/rhel/5/templates/web/php-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/rhel/5/templates/web/php-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/rhel/5/templates/web/php-fpm/no-php.tpl b/install/rhel/5/templates/web/php-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/rhel/5/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/rhel/5/templates/web/php-fpm/socket.tpl b/install/rhel/5/templates/web/php-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/rhel/5/templates/web/php-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/debian/templates/web/skel/document_errors/403.html b/install/rhel/5/templates/web/skel/document_errors/403.html similarity index 100% rename from install/debian/templates/web/skel/document_errors/403.html rename to install/rhel/5/templates/web/skel/document_errors/403.html diff --git a/install/debian/templates/web/skel/document_errors/404.html b/install/rhel/5/templates/web/skel/document_errors/404.html similarity index 100% rename from install/debian/templates/web/skel/document_errors/404.html rename to install/rhel/5/templates/web/skel/document_errors/404.html diff --git a/install/debian/templates/web/skel/document_errors/50x.html b/install/rhel/5/templates/web/skel/document_errors/50x.html similarity index 100% rename from install/debian/templates/web/skel/document_errors/50x.html rename to install/rhel/5/templates/web/skel/document_errors/50x.html diff --git a/install/ubuntu/templates/web/skel/public_html/index.html b/install/rhel/5/templates/web/skel/public_html/index.html similarity index 100% rename from install/ubuntu/templates/web/skel/public_html/index.html rename to install/rhel/5/templates/web/skel/public_html/index.html diff --git a/install/ubuntu/templates/web/skel/public_html/robots.txt b/install/rhel/5/templates/web/skel/public_html/robots.txt similarity index 100% rename from install/ubuntu/templates/web/skel/public_html/robots.txt rename to install/rhel/5/templates/web/skel/public_html/robots.txt diff --git a/install/ubuntu/templates/web/skel/public_shtml/index.html b/install/rhel/5/templates/web/skel/public_shtml/index.html similarity index 100% rename from install/ubuntu/templates/web/skel/public_shtml/index.html rename to install/rhel/5/templates/web/skel/public_shtml/index.html diff --git a/install/ubuntu/templates/web/skel/public_shtml/robots.txt b/install/rhel/5/templates/web/skel/public_shtml/robots.txt similarity index 100% rename from install/ubuntu/templates/web/skel/public_shtml/robots.txt rename to install/rhel/5/templates/web/skel/public_shtml/robots.txt diff --git a/install/ubuntu/templates/web/suspend/.htaccess b/install/rhel/5/templates/web/suspend/.htaccess similarity index 100% rename from install/ubuntu/templates/web/suspend/.htaccess rename to install/rhel/5/templates/web/suspend/.htaccess diff --git a/install/debian/templates/web/suspend/index.html b/install/rhel/5/templates/web/suspend/index.html similarity index 100% rename from install/debian/templates/web/suspend/index.html rename to install/rhel/5/templates/web/suspend/index.html diff --git a/install/ubuntu/templates/web/webalizer/webalizer.tpl b/install/rhel/5/templates/web/webalizer/webalizer.tpl similarity index 100% rename from install/ubuntu/templates/web/webalizer/webalizer.tpl rename to install/rhel/5/templates/web/webalizer/webalizer.tpl diff --git a/install/rhel/vsftpd.conf b/install/rhel/5/vsftpd/vsftpd.conf similarity index 100% rename from install/rhel/vsftpd.conf rename to install/rhel/5/vsftpd/vsftpd.conf diff --git a/install/rhel/5/wsgi/httpd.tar.gz b/install/rhel/5/wsgi/httpd.tar.gz new file mode 100644 index 000000000..b25acd68e Binary files /dev/null and b/install/rhel/5/wsgi/httpd.tar.gz differ diff --git a/install/rhel/5/wsgi/httpd/wsgi.sh b/install/rhel/5/wsgi/httpd/wsgi.sh new file mode 100755 index 000000000..cb98116cb --- /dev/null +++ b/install/rhel/5/wsgi/httpd/wsgi.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +echo "# Wsgi template +AddHandler wsgi-script .wsgi + +RewriteEngine On + +RewriteCond %{HTTP_HOST} ^www.$2\.ru\$ [NC] +RewriteRule ^(.*)\$ http://$2/\$1 [R=301,L] + +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^(.*)\$ /django.wsgi/\$1 [QSA,PT,L] +" > $docroot/.htaccess +chown $user:$user $docroot/.htaccess + + +echo "import os, sys +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/env/lib/python2.6/site-packages') +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/project/src/shared/') +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/project/src/') + +os.environ['DJANGO_SETTINGS_MODULE'] = 'main.settings' +import django.core.handlers.wsgi +application = django.core.handlers.wsgi.WSGIHandler()" > $docroot/django.wsgi +chown $user:$user $docroot/django.wsgi + +exit 0 diff --git a/install/rhel/5/wsgi/httpd/wsgi.stpl b/install/rhel/5/wsgi/httpd/wsgi.stpl new file mode 100755 index 000000000..e2fdd3f40 --- /dev/null +++ b/install/rhel/5/wsgi/httpd/wsgi.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + WSGIDaemonProcess apx-idea user=%user% group=%user% processes=1 threads=5 display-name=%{GROUP} python-path=%home%/%user%/web/%domain%/private/django/%domain%/env/lib/python2.6/site-packages + WSGIProcessGroup apx-idea + WSGIApplicationGroup %{GLOBAL} + + + + AllowOverride FileInfo + Options ExecCGI Indexes + MultiviewsMatch Handlers + Options +FollowSymLinks + Order allow,deny + Allow from all + + + Include %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/rhel/5/wsgi/httpd/wsgi.tpl b/install/rhel/5/wsgi/httpd/wsgi.tpl new file mode 100644 index 000000000..ad5d8a076 --- /dev/null +++ b/install/rhel/5/wsgi/httpd/wsgi.tpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + WSGIDaemonProcess apx-idea user=%user% group=%user% processes=1 threads=5 display-name=%{GROUP} python-path=%home%/%user%/web/%domain%/private/django/%domain%/env/lib/python2.6/site-packages + WSGIProcessGroup apx-idea + WSGIApplicationGroup %{GLOBAL} + + + + AllowOverride FileInfo + Options ExecCGI Indexes + MultiviewsMatch Handlers + Options +FollowSymLinks + Order allow,deny + Allow from all + + + Include %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/rhel/6/GPG.txt b/install/rhel/6/GPG.txt new file mode 100644 index 000000000..33bb1ff26 --- /dev/null +++ b/install/rhel/6/GPG.txt @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQGiBExUOVkRBACPJeB3bdrAggHlFpkaB1aRDXDz7clRg6jyEzdMYHhrniSyjhAH ++b53zE4iapCHFIamEG2Fa7zS2lSx7068AmqHsZK5jwmyhTVVYuTtbebj1C4Y5ToW +icHhy4ullB7qeDmAod6EY4YSx2kYO3dR/QLk5QM4lWuV/OLdXWTeoKiiYwCg0UAP +yUkBXgNcKXrFqoJelmG3JEMEAIYM7CGwVd47FsM1UCu56HNQPErxLoUPBUlAQFtx +OMOFDMEm7qH7ve8FgGGRL9oHF7mSJ3y7HgM1BF5MHkKz6FjDrT1U5+Lub6oI2e90 +gfCMGlQAzUm9o+fijfbhKoEQ/xQRkUoqWEaf9zlFx1/4+NH+Qz/L8ZDTHvSLvUgt +HyZlA/916St5suAUugXu9PeLRVqboiHjhz0JWKneQEQ2QcTu8lhHsu/mZTWL9FYn +XwtiCJLZT8bpBSfl8Oeqhof1+sPgnv7t/LuKQ6JJmyJ46Sa453wfrs+xs32hKAe+ +ZN0VGBmHe7NhuhW/LdM0KMMr/LHuJJJAgmt+XVHi2RFwsZvdMbQkVmVzdGEgUGFj +a2FnZXMgPGJ1aWxkZXJAdmVzdGFjcC5jb20+iGAEExECACAFAkxUOVkCGwMGCwkI +BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBbjeFzoXeCtp6dAKDQfeTPHi6hCgg4L+sx +LEjXvVdLOwCfe9yfr+en+uz6qst0QBT2cAwB+q+5Ag0ETFQ5bBAIAJYZa9pV9l/R +OUFgIvdJd1mvzJpRAXsRBBJc22WuOHp22Uj+lMKrJMTRQZvFBvk9s7Mb1/ACXrL4 +vIbsKqXNAlVFp9kF1tKV2ejZ1MrJaQ4819bIkyG0lJzjl6u9lzJopF7ie00YHKC6 +1rltLaevfFjUXq1DoYZBg42hT/SOj+3+2D0e9qcxeuxXbsjnvwtxxUkWcP/ftOSt +HsAAbM1YtwGl9+fZLWG9+WIKNOE9kp+h2ywZtFA4v/Ms2op7oZGAL7C95k1EgLrH +mOZ0B2oKOLctV1z9keWksPN/osyG7Mg8ljv8zF3XwQFqHOHRntDqSWoFBMvJBkNS +vtm6u5WyKd8ABAsH/0RbeWVA+JqpZ24Rl57XoDRPRzno0m0EnkJMXr22uBq1lPg8 +VkadrGOshFXpM3Rho57f3U7fwKmShQXGEV7RHsWcxcfwOSKVJtI468sDuYXc2l1f +5nFo+rCtVh3BBq+JtZFKX0x53BesCT/M7l33Dfm9MDi34tEdPTPjumBIH1dowYdv +9/2HPlPp4NZte7gOO/VIAiS+jJ30aBn09t8duW5md7/rkOPIM5It05LGCLjb9hVm +R9zTwzw30fIrkeyWZdAbk76lH8u8j6PX30U6RRzb33+XIFR4ab3nlyqOQOpoTqyG +cs7B02sgBbyC+RG1EYfcelSEvLXkR8mjcqjs+MCISQQYEQIACQUCTFQ5bAIbDAAK +CRBbjeFzoXeCtlpcAKDLh59svtq/Gn99O9ZZw0nBjWv6sACfffDxPhCP1F852Jab +d8P1WGhr2Q8= +=Z1Jj +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/rhel/6/clamav/clamd.conf b/install/rhel/6/clamav/clamd.conf new file mode 100644 index 000000000..c215bcb98 --- /dev/null +++ b/install/rhel/6/clamav/clamd.conf @@ -0,0 +1,502 @@ +## +## Example config file for the Clam AV daemon +## Please read the clamd.conf(5) manual before editing this file. +## + + +# Comment or remove the line below. +#Example + +# Uncomment this option to enable logging. +# LogFile must be writable for the user running daemon. +# A full path is required. +# Default: disabled +LogFile /var/log/clamav/clamd.log + +# By default the log file is locked for writing - the lock protects against +# running clamd multiple times (if want to run another clamd, please +# copy the configuration file, change the LogFile variable, and run +# the daemon with --config-file option). +# This option disables log file locking. +# Default: no +#LogFileUnlock yes + +# Maximum size of the log file. +# Value of 0 disables the limit. +# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) +# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size +# in bytes just don't use modifiers. +# Default: 1M +LogFileMaxSize 0 + +# Log time with each message. +# Default: no +LogTime yes + +# Also log clean files. Useful in debugging but drastically increases the +# log size. +# Default: no +#LogClean yes + +# Use system logger (can work together with LogFile). +# Default: no +LogSyslog yes + +# Specify the type of syslog messages - please refer to 'man syslog' +# for facility names. +# Default: LOG_LOCAL6 +#LogFacility LOG_MAIL + +# Enable verbose logging. +# Default: no +#LogVerbose yes + +# Log additional information about the infected file, such as its +# size and hash, together with the virus name. +#ExtendedDetectionInfo yes + +# This option allows you to save a process identifier of the listening +# daemon (main thread). +# Default: disabled +PidFile /var/run/clamav/clamd.pid + +# Optional path to the global temporary directory. +# Default: system specific (usually /tmp or /var/tmp). +TemporaryDirectory /var/tmp + +# Path to the database directory. +# Default: hardcoded (depends on installation options) +DatabaseDirectory /var/lib/clamav + +# Only load the official signatures published by the ClamAV project. +# Default: no +#OfficialDatabaseOnly no + +# The daemon can work in local mode, network mode or both. +# Due to security reasons we recommend the local mode. + +# Path to a local socket file the daemon will listen on. +# Default: disabled (must be specified by a user) +LocalSocket /var/run/clamav/clamd.sock + +# Sets the group ownership on the unix socket. +# Default: disabled (the primary group of the user running clamd) +#LocalSocketGroup virusgroup + +# Sets the permissions on the unix socket to the specified mode. +# Default: disabled (socket is world accessible) +#LocalSocketMode 660 + +# Remove stale socket after unclean shutdown. +# Default: yes +FixStaleSocket yes + +# TCP port address. +# Default: no +TCPSocket 3310 + +# TCP address. +# By default we bind to INADDR_ANY, probably not wise. +# Enable the following to provide some degree of protection +# from the outside world. +# Default: no +TCPAddr 127.0.0.1 + +# Maximum length the queue of pending connections may grow to. +# Default: 200 +MaxConnectionQueueLength 30 + +# Clamd uses FTP-like protocol to receive data from remote clients. +# If you are using clamav-milter to balance load between remote clamd daemons +# on firewall servers you may need to tune the options below. + +# Close the connection when the data size limit is exceeded. +# The value should match your MTA's limit for a maximum attachment size. +# Default: 25M +#StreamMaxLength 10M + +# Limit port range. +# Default: 1024 +#StreamMinPort 30000 +# Default: 2048 +#StreamMaxPort 32000 + +# Maximum number of threads running at the same time. +# Default: 10 +MaxThreads 50 + +# Waiting for data from a client socket will timeout after this time (seconds). +# Default: 120 +ReadTimeout 300 + +# This option specifies the time (in seconds) after which clamd should +# timeout if a client doesn't provide any initial command after connecting. +# Default: 5 +#CommandReadTimeout 5 + +# This option specifies how long to wait (in miliseconds) if the send buffer is full. +# Keep this value low to prevent clamd hanging +# +# Default: 500 +#SendBufTimeout 200 + +# Maximum number of queued items (including those being processed by MaxThreads threads) +# It is recommended to have this value at least twice MaxThreads if possible. +# WARNING: you shouldn't increase this too much to avoid running out of file descriptors, +# the following condition should hold: +# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) +# +# Default: 100 +#MaxQueue 200 + +# Waiting for a new job will timeout after this time (seconds). +# Default: 30 +#IdleTimeout 60 + +# Don't scan files and directories matching regex +# This directive can be used multiple times +# Default: scan all +#ExcludePath ^/proc/ +#ExcludePath ^/sys/ + +# Maximum depth directories are scanned at. +# Default: 15 +#MaxDirectoryRecursion 20 + +# Follow directory symlinks. +# Default: no +#FollowDirectorySymlinks yes + +# Follow regular file symlinks. +# Default: no +#FollowFileSymlinks yes + +# Scan files and directories on other filesystems. +# Default: yes +#CrossFilesystems yes + +# Perform a database check. +# Default: 600 (10 min) +#SelfCheck 600 + +# Execute a command when virus is found. In the command string %v will +# be replaced with the virus name. +# Default: no +#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" + +# Run as another user (clamd must be started by root for this option to work) +# Default: don't drop privileges +User clam + +# Initialize supplementary group access (clamd must be started by root). +# Default: no +AllowSupplementaryGroups yes + +# Stop daemon when libclamav reports out of memory condition. +#ExitOnOOM yes + +# Don't fork into background. +# Default: no +#Foreground yes + +# Enable debug messages in libclamav. +# Default: no +#Debug yes + +# Do not remove temporary files (for debug purposes). +# Default: no +#LeaveTemporaryFiles yes + +# Detect Possibly Unwanted Applications. +# Default: no +#DetectPUA yes + +# Exclude a specific PUA category. This directive can be used multiple times. +# See http://www.clamav.net/support/pua for the complete list of PUA +# categories. +# Default: Load all categories (if DetectPUA is activated) +#ExcludePUA NetTool +#ExcludePUA PWTool + +# Only include a specific PUA category. This directive can be used multiple +# times. +# Default: Load all categories (if DetectPUA is activated) +#IncludePUA Spy +#IncludePUA Scanner +#IncludePUA RAT + +# In some cases (eg. complex malware, exploits in graphic files, and others), +# ClamAV uses special algorithms to provide accurate detection. This option +# controls the algorithmic detection. +# Default: yes +#AlgorithmicDetection yes + + +## +## Executable files +## + +# PE stands for Portable Executable - it's an executable file format used +# in all 32 and 64-bit versions of Windows operating systems. This option allows +# ClamAV to perform a deeper analysis of executable files and it's also +# required for decompression of popular executable packers such as UPX, FSG, +# and Petite. If you turn off this option, the original files will still be +# scanned, but without additional processing. +# Default: yes +ScanPE yes + +# Executable and Linking Format is a standard format for UN*X executables. +# This option allows you to control the scanning of ELF files. +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +ScanELF yes + +# With this option clamav will try to detect broken executables (both PE and +# ELF) and mark them as Broken.Executable. +# Default: no +DetectBrokenExecutables yes + + +## +## Documents +## + +# This option enables scanning of OLE2 files, such as Microsoft Office +# documents and .msi files. +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +ScanOLE2 yes + + +# With this option enabled OLE2 files with VBA macros, which were not +# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". +# Default: no +#OLE2BlockMacros no + +# This option enables scanning within PDF files. +# If you turn off this option, the original files will still be scanned, but +# without decoding and additional processing. +# Default: yes +#ScanPDF yes + + +## +## Mail files +## + +# Enable internal e-mail scanner. +# If you turn off this option, the original files will still be scanned, but +# without parsing individual messages/attachments. +# Default: yes +ScanMail yes + +# Scan RFC1341 messages split over many emails. +# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. +# WARNING: This option may open your system to a DoS attack. +# Never use it on loaded servers. +# Default: no +#ScanPartialMessages yes + + +# With this option enabled ClamAV will try to detect phishing attempts by using +# signatures. +# Default: yes +#PhishingSignatures yes + +# Scan URLs found in mails for phishing attempts using heuristics. +# Default: yes +#PhishingScanURLs yes + +# Always block SSL mismatches in URLs, even if the URL isn't in the database. +# This can lead to false positives. +# +# Default: no +#PhishingAlwaysBlockSSLMismatch no + +# Always block cloaked URLs, even if URL isn't in database. +# This can lead to false positives. +# +# Default: no +#PhishingAlwaysBlockCloak no + +# Allow heuristic match to take precedence. +# When enabled, if a heuristic scan (such as phishingScan) detects +# a possible virus/phish it will stop scan immediately. Recommended, saves CPU +# scan-time. +# When disabled, virus/phish detected by heuristic scans will be reported only at +# the end of a scan. If an archive contains both a heuristically detected +# virus/phish, and a real malware, the real malware will be reported +# +# Keep this disabled if you intend to handle "*.Heuristics.*" viruses +# differently from "real" malware. +# If a non-heuristically-detected virus (signature-based) is found first, +# the scan is interrupted immediately, regardless of this config option. +# +# Default: no +#HeuristicScanPrecedence yes + +## +## Data Loss Prevention (DLP) +## + +# Enable the DLP module +# Default: No +#StructuredDataDetection yes + +# This option sets the lowest number of Credit Card numbers found in a file +# to generate a detect. +# Default: 3 +#StructuredMinCreditCardCount 5 + +# This option sets the lowest number of Social Security Numbers found +# in a file to generate a detect. +# Default: 3 +#StructuredMinSSNCount 5 + +# With this option enabled the DLP module will search for valid +# SSNs formatted as xxx-yy-zzzz +# Default: yes +#StructuredSSNFormatNormal yes + +# With this option enabled the DLP module will search for valid +# SSNs formatted as xxxyyzzzz +# Default: no +#StructuredSSNFormatStripped yes + + +## +## HTML +## + +# Perform HTML normalisation and decryption of MS Script Encoder code. +# Default: yes +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +#ScanHTML yes + + +## +## Archives +## + +# ClamAV can scan within archives and compressed files. +# If you turn off this option, the original files will still be scanned, but +# without unpacking and additional processing. +# Default: yes +ScanArchive yes + +# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). +# Default: no +ArchiveBlockEncrypted no + + +## +## Limits +## + +# The options below protect your system against Denial of Service attacks +# using archive bombs. + +# This option sets the maximum amount of data to be scanned for each input file. +# Archives and other containers are recursively extracted and scanned up to this +# value. +# Value of 0 disables the limit +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 100M +#MaxScanSize 150M + +# Files larger than this limit won't be scanned. Affects the input file itself +# as well as files contained inside it (when the input file is an archive, a +# document or some other kind of container). +# Value of 0 disables the limit. +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 25M +#MaxFileSize 30M + +# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR +# file, all files within it will also be scanned. This options specifies how +# deeply the process should be continued. +# Note: setting this limit too high may result in severe damage to the system. +# Default: 16 +#MaxRecursion 10 + +# Number of files to be scanned within an archive, a document, or any other +# container file. +# Value of 0 disables the limit. +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 10000 +#MaxFiles 15000 + + +## +## Clamuko settings +## + +# Enable Clamuko. Dazuko must be configured and running. Clamuko supports +# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS +# is the preferred option. For more information please visit www.dazuko.org +# Default: no +#ClamukoScanOnAccess yes + +# The number of scanner threads that will be started (DazukoFS only). +# Having multiple scanner threads allows Clamuko to serve multiple +# processes simultaneously. This is particularly beneficial on SMP machines. +# Default: 3 +#ClamukoScannerCount 3 + +# Don't scan files larger than ClamukoMaxFileSize +# Value of 0 disables the limit. +# Default: 5M +#ClamukoMaxFileSize 10M + +# Set access mask for Clamuko (Dazuko only). +# Default: no +#ClamukoScanOnOpen yes +#ClamukoScanOnClose yes +#ClamukoScanOnExec yes + +# Set the include paths (all files inside them will be scanned). You can have +# multiple ClamukoIncludePath directives but each directory must be added +# in a seperate line. (Dazuko only) +# Default: disabled +#ClamukoIncludePath /home +#ClamukoIncludePath /students + +# Set the exclude paths. All subdirectories are also excluded. (Dazuko only) +# Default: disabled +#ClamukoExcludePath /home/bofh + +# With this option you can whitelist specific UIDs. Processes with these UIDs +# will be able to access all files. +# This option can be used multiple times (one per line). +# Default: disabled +#ClamukoExcludeUID 0 + +# With this option enabled ClamAV will load bytecode from the database. +# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. +# Default: yes +#Bytecode yes + +# Set bytecode security level. +# Possible values: +# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS +# This value is only available if clamav was built with --enable-debug! +# TrustSigned - trust bytecode loaded from signed .c[lv]d files, +# insert runtime safety checks for bytecode loaded from other sources +# Paranoid - don't trust any bytecode, insert runtime checks for all +# Recommended: TrustSigned, because bytecode in .cvd files already has these checks +# Note that by default only signed bytecode is loaded, currently you can only +# load unsigned bytecode in --enable-debug mode. +# +# Default: TrustSigned +#BytecodeSecurity TrustSigned + +# Set bytecode timeout in miliseconds. +# +# Default: 5000 +# BytecodeTimeout 1000 diff --git a/install/rhel/6/clamav/clamd.service b/install/rhel/6/clamav/clamd.service new file mode 100644 index 000000000..fdb3af7fd --- /dev/null +++ b/install/rhel/6/clamav/clamd.service @@ -0,0 +1,12 @@ +[Unit] +Description = clamd scanner (clamd) daemon +After = syslog.target nss-lookup.target network.target + +[Service] +Type = simple +ExecStart = /usr/sbin/clamd -c /etc/clamd.conf --nofork=yes +Restart = on-failure +PrivateTmp = true + +[Install] +WantedBy=multi-user.target diff --git a/install/rhel/6/clamav/freshclam.conf b/install/rhel/6/clamav/freshclam.conf new file mode 100644 index 000000000..61fb36465 --- /dev/null +++ b/install/rhel/6/clamav/freshclam.conf @@ -0,0 +1,6 @@ +DatabaseDirectory /var/lib/clamav +UpdateLogFile /var/log/clamav/freshclam.log +LogSyslog yes +DatabaseOwner clam +DatabaseMirror db.ca.clamav.net +DatabaseMirror db.local.clamav.net diff --git a/install/rhel/6/dovecot.tar.gz b/install/rhel/6/dovecot.tar.gz new file mode 100644 index 000000000..9efb91beb Binary files /dev/null and b/install/rhel/6/dovecot.tar.gz differ diff --git a/install/ubuntu/dovecot/conf.d/10-auth.conf b/install/rhel/6/dovecot/conf.d/10-auth.conf similarity index 100% rename from install/ubuntu/dovecot/conf.d/10-auth.conf rename to install/rhel/6/dovecot/conf.d/10-auth.conf diff --git a/install/ubuntu/dovecot/conf.d/10-logging.conf b/install/rhel/6/dovecot/conf.d/10-logging.conf similarity index 100% rename from install/ubuntu/dovecot/conf.d/10-logging.conf rename to install/rhel/6/dovecot/conf.d/10-logging.conf diff --git a/install/ubuntu/dovecot/conf.d/10-mail.conf b/install/rhel/6/dovecot/conf.d/10-mail.conf similarity index 100% rename from install/ubuntu/dovecot/conf.d/10-mail.conf rename to install/rhel/6/dovecot/conf.d/10-mail.conf diff --git a/install/ubuntu/dovecot/conf.d/10-master.conf b/install/rhel/6/dovecot/conf.d/10-master.conf similarity index 100% rename from install/ubuntu/dovecot/conf.d/10-master.conf rename to install/rhel/6/dovecot/conf.d/10-master.conf diff --git a/install/rhel/6/dovecot/conf.d/10-ssl.conf b/install/rhel/6/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/rhel/6/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = : defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +login: + driver = plaintext + public_name = LOGIN + client_send = ": user@smartrelay.vestacp.com : p4sw0rd" + server_set_id = $auth1 + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +smarthost: + driver = manualroute + domains = ! +local_domains + transport = remote_smtp_auth + route_list = * smartrelay.vestacp.com + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} + require_files = /etc/exim/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +remote_smtp_auth: + driver = smtp + hosts = smartrelay.vestacp.com + hosts_require_auth = smartrelay.vestacp.com + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/rhel/6/exim/exim.conf b/install/rhel/6/exim/exim.conf new file mode 100644 index 000000000..0f9830168 --- /dev/null +++ b/install/rhel/6/exim/exim.conf @@ -0,0 +1,376 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim/domains/ +domainlist relay_to_domains = dsearch;/etc/exim/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.sock +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} + require_files = /etc/exim/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/rhel/6/exim/spam-blocks.conf b/install/rhel/6/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/rhel/6/fail2ban.tar.gz b/install/rhel/6/fail2ban.tar.gz new file mode 100644 index 000000000..563451b41 Binary files /dev/null and b/install/rhel/6/fail2ban.tar.gz differ diff --git a/install/rhel/fail2ban.action.conf b/install/rhel/6/fail2ban/fail2ban.action.conf similarity index 100% rename from install/rhel/fail2ban.action.conf rename to install/rhel/6/fail2ban/fail2ban.action.conf diff --git a/install/rhel/6/fail2ban/fail2ban.filter.conf b/install/rhel/6/fail2ban/fail2ban.filter.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/rhel/6/fail2ban/fail2ban.filter.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/rhel/fail2ban.jail.conf b/install/rhel/6/fail2ban/fail2ban.jail.conf similarity index 100% rename from install/rhel/fail2ban.jail.conf rename to install/rhel/6/fail2ban/fail2ban.jail.conf diff --git a/install/rhel/6/firewall.tar.gz b/install/rhel/6/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/rhel/6/firewall.tar.gz differ diff --git a/install/rhel/6/firewall/ports.conf b/install/rhel/6/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/rhel/6/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/6/firewall/rules.conf b/install/rhel/6/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/rhel/6/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/rhel/6/httpd/httpd.conf b/install/rhel/6/httpd/httpd.conf new file mode 100644 index 000000000..e4ca29eb5 --- /dev/null +++ b/install/rhel/6/httpd/httpd.conf @@ -0,0 +1,256 @@ +ServerTokens OS +ServerRoot "/etc/httpd" +PidFile run/httpd.pid +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MaxClients 200 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestsPerChild 4000 + + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 256 + MaxRequestsPerChild 4000 + + +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_alias_module modules/mod_authn_alias.so +LoadModule authn_anon_module modules/mod_authn_anon.so +#LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_default_module modules/mod_authn_default.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +#LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_default_module modules/mod_authz_default.so +#LoadModule ldap_module modules/mod_ldap.so +#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +LoadModule include_module modules/mod_include.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so +LoadModule env_module modules/mod_env.so +LoadModule ext_filter_module modules/mod_ext_filter.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule expires_module modules/mod_expires.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule headers_module modules/mod_headers.so +LoadModule usertrack_module modules/mod_usertrack.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule mime_module modules/mod_mime.so +LoadModule dav_module modules/mod_dav.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +#LoadModule info_module modules/mod_info.so +#LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +LoadModule actions_module modules/mod_actions.so +#LoadModule speling_module modules/mod_speling.so +#LoadModule userdir_module modules/mod_userdir.so +LoadModule alias_module modules/mod_alias.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule proxy_module modules/mod_proxy.so +#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +#LoadModule proxy_http_module modules/mod_proxy_http.so +#LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule cache_module modules/mod_cache.so +LoadModule suexec_module modules/mod_suexec.so +#LoadModule disk_cache_module modules/mod_disk_cache.so +#LoadModule file_cache_module modules/mod_file_cache.so +#LoadModule mem_cache_module modules/mod_mem_cache.so +LoadModule cgi_module modules/mod_cgi.so +LoadModule version_module modules/mod_version.so + +Include conf.d/*.conf + +ExtendedStatus On + +User apache +Group apache + +ServerAdmin root@localhost +UseCanonicalName Off +DocumentRoot "/var/www/html" + + Options SymLinksIfOwnerMatch + AllowOverride None + + + + Options Indexes SymLinksIfOwnerMatch + AllowOverride None + Order allow,deny + Allow from all + + + + UserDir public_html + + +DirectoryIndex index.php index.htm index.html + +AccessFileName .htaccess + + Order allow,deny + Deny from all + +TypesConfig /etc/mime.types + +DefaultType text/plain + + + MIMEMagicFile conf/magic + + +HostnameLookups Off + +ErrorLog logs/error_log +LogLevel warn + +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes +CustomLog logs/access_log combined + +ServerSignature On + +Alias /icons/ "/var/www/icons/" + + + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + + + + AllowOverride None + Order allow,deny + Allow from all + + +ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + AllowOverride None + Options ExecCGI + Order allow,deny + Allow from all + + +IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable + +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ +DefaultIcon /icons/unknown.gif +ReadmeName README.html +HeaderName HEADER.html +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +ForceLanguagePriority Prefer Fallback + +AddDefaultCharset UTF-8 + +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz +AddType image/x-icon .ico + +AddType text/html .shtml +AddOutputFilter INCLUDES .shtml + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html + +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully diff --git a/install/rhel/6/httpd/ruid2.conf b/install/rhel/6/httpd/ruid2.conf new file mode 100644 index 000000000..42f908a85 --- /dev/null +++ b/install/rhel/6/httpd/ruid2.conf @@ -0,0 +1,8 @@ +LoadModule ruid2_module modules/mod_ruid2.so + + + RMode config + RDefaultUidGid apache apache + RUidGid apache apache + RGroups apache + diff --git a/install/rhel/6/httpd/ssl.conf b/install/rhel/6/httpd/ssl.conf new file mode 100644 index 000000000..6835e420b --- /dev/null +++ b/install/rhel/6/httpd/ssl.conf @@ -0,0 +1,12 @@ +LoadModule ssl_module modules/mod_ssl.so + +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +SSLPassPhraseDialog builtin +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) +SSLSessionCacheTimeout 300 +SSLMutex default +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +SSLCryptoDevice builtin diff --git a/install/rhel/6/httpd/status.conf b/install/rhel/6/httpd/status.conf new file mode 100644 index 000000000..f68f293dc --- /dev/null +++ b/install/rhel/6/httpd/status.conf @@ -0,0 +1,7 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + diff --git a/install/rhel/6/logrotate/httpd b/install/rhel/6/logrotate/httpd new file mode 100644 index 000000000..80dab8e29 --- /dev/null +++ b/install/rhel/6/logrotate/httpd @@ -0,0 +1,10 @@ +/var/log/httpd/*log /var/log/httpd/domains/*log { + missingok + notifempty + compress + sharedscripts + postrotate + /sbin/service httpd reload > /dev/null 2>/dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/rhel/6/logrotate/nginx b/install/rhel/6/logrotate/nginx new file mode 100644 index 000000000..b1da1bf16 --- /dev/null +++ b/install/rhel/6/logrotate/nginx @@ -0,0 +1,12 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + create 0644 nginx nginx + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/rhel/6/logrotate/vesta b/install/rhel/6/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/rhel/6/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/rhel/6/mariadb/my-large.cnf b/install/rhel/6/mariadb/my-large.cnf new file mode 100644 index 000000000..4e6c2225c --- /dev/null +++ b/install/rhel/6/mariadb/my-large.cnf @@ -0,0 +1,38 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/6/mariadb/my-medium.cnf b/install/rhel/6/mariadb/my-medium.cnf new file mode 100644 index 000000000..fa255ec52 --- /dev/null +++ b/install/rhel/6/mariadb/my-medium.cnf @@ -0,0 +1,37 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/6/mariadb/my-small.cnf b/install/rhel/6/mariadb/my-small.cnf new file mode 100644 index 000000000..7d2fdc1b3 --- /dev/null +++ b/install/rhel/6/mariadb/my-small.cnf @@ -0,0 +1,35 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 32K +max_allowed_packet = 8M +table_open_cache = 4 +sort_buffer_size = 128K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=50 +max_user_connections=25 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/6/mysqld/my-large.cnf b/install/rhel/6/mysqld/my-large.cnf new file mode 100644 index 000000000..b548eeb87 --- /dev/null +++ b/install/rhel/6/mysqld/my-large.cnf @@ -0,0 +1,38 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/6/mysqld/my-medium.cnf b/install/rhel/6/mysqld/my-medium.cnf new file mode 100644 index 000000000..e5f2677fc --- /dev/null +++ b/install/rhel/6/mysqld/my-medium.cnf @@ -0,0 +1,37 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/6/mysqld/my-small.cnf b/install/rhel/6/mysqld/my-small.cnf new file mode 100644 index 000000000..966c49c3a --- /dev/null +++ b/install/rhel/6/mysqld/my-small.cnf @@ -0,0 +1,35 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=50 +max_user_connections=25 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/6/named/named.conf b/install/rhel/6/named/named.conf new file mode 100644 index 000000000..472bd829b --- /dev/null +++ b/install/rhel/6/named/named.conf @@ -0,0 +1,13 @@ +options { + directory "/var/named"; + dump-file "/var/named/data/cache_dump.db"; + pid-file "/var/run/named/named.pid"; + statistics-file "/var/named/data/named_stats.txt"; + version "get lost"; + allow-transfer {"none";}; + recursion no; + +}; + +include "/etc/rndc.key"; + diff --git a/install/rhel/6/nginx/nginx.conf b/install/rhel/6/nginx/nginx.conf new file mode 100644 index 000000000..0316de7ac --- /dev/null +++ b/install/rhel/6/nginx/nginx.conf @@ -0,0 +1,101 @@ +# Server globals +user nginx; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_temp_path /var/cache/nginx/temp; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/rhel/6/nginx/phpmyadmin.inc b/install/rhel/6/nginx/phpmyadmin.inc new file mode 100644 index 000000000..09da52076 --- /dev/null +++ b/install/rhel/6/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpMyAdmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpMyAdmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/6/nginx/phppgadmin.inc b/install/rhel/6/nginx/phppgadmin.inc new file mode 100644 index 000000000..333e560a2 --- /dev/null +++ b/install/rhel/6/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phpPgAdmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phpPgAdmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/6/nginx/status.conf b/install/rhel/6/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/rhel/6/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/rhel/6/nginx/webmail.inc b/install/rhel/6/nginx/webmail.inc new file mode 100644 index 000000000..2d0fbe293 --- /dev/null +++ b/install/rhel/6/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /usr/share/roundcubemail/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /usr/share/roundcubemail/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/6/packages.tar.gz b/install/rhel/6/packages.tar.gz new file mode 100644 index 000000000..815900543 Binary files /dev/null and b/install/rhel/6/packages.tar.gz differ diff --git a/install/rhel/6/packages/default.pkg b/install/rhel/6/packages/default.pkg new file mode 100644 index 000000000..3df21d3df --- /dev/null +++ b/install/rhel/6/packages/default.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2015-06-05' diff --git a/install/rhel/6/packages/gainsboro.pkg b/install/rhel/6/packages/gainsboro.pkg new file mode 100644 index 000000000..2b66b7d17 --- /dev/null +++ b/install/rhel/6/packages/gainsboro.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2015-06-05' diff --git a/install/rhel/6/packages/palegreen.pkg b/install/rhel/6/packages/palegreen.pkg new file mode 100644 index 000000000..b17e5e1b2 --- /dev/null +++ b/install/rhel/6/packages/palegreen.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='hosting' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2015-06-05' diff --git a/install/rhel/6/packages/slategrey.pkg b/install/rhel/6/packages/slategrey.pkg new file mode 100644 index 000000000..cc9ef423c --- /dev/null +++ b/install/rhel/6/packages/slategrey.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2015-06-05' diff --git a/install/rhel/6/pga/config.inc.php b/install/rhel/6/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/rhel/6/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/rhel/6/pga/phpPgAdmin.conf b/install/rhel/6/pga/phpPgAdmin.conf new file mode 100644 index 000000000..4f6ea1b53 --- /dev/null +++ b/install/rhel/6/pga/phpPgAdmin.conf @@ -0,0 +1,14 @@ +# +# This configuration file maps the phpPgAdmin directory into the URL space. +# By default this application is only accessible from the local host. +# + +Alias /phpPgAdmin /usr/share/phpPgAdmin +Alias /phppgadmin /usr/share/phpPgAdmin + + + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/rhel/6/php-fpm/www.conf b/install/rhel/6/php-fpm/www.conf new file mode 100644 index 000000000..260109d8f --- /dev/null +++ b/install/rhel/6/php-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = apache +group = apache +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/rhel/6/pma/config.inc.conf b/install/rhel/6/pma/config.inc.conf new file mode 100644 index 000000000..47ae207e4 --- /dev/null +++ b/install/rhel/6/pma/config.inc.conf @@ -0,0 +1,143 @@ +. + * + * @package phpMyAdmin + */ + +/* + * This is needed for cookie based authentication to encrypt password in + * cookie + */ +$cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ + +/* + * Servers configuration + */ +$i = 0; + +/* + * First server + */ +$i++; +/* Authentication type */ +$cfg['Servers'][$i]['auth_type'] = 'cookie'; +/* Server parameters */ +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['connect_type'] = 'tcp'; +$cfg['Servers'][$i]['compress'] = false; +/* Select mysqli if your server has it */ +$cfg['Servers'][$i]['extension'] = 'mysql'; +$cfg['Servers'][$i]['AllowNoPassword'] = false; + +/* + * phpMyAdmin configuration storage settings. + */ + +/* User used to manipulate with storage */ +// $cfg['Servers'][$i]['controluser'] = 'pma'; +// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; + +/* Storage database and tables */ +// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; +// $cfg['Servers'][$i]['relation'] = 'pma_relation'; +// $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; +// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; +// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; +// $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; +// $cfg['Servers'][$i]['history'] = 'pma_history'; +// $cfg['Servers'][$i]['tracking'] = 'pma_tracking'; +// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; +// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig'; +/* Contrib / Swekey authentication */ +// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; + +/* + * End of servers configuration + */ + +/* + * Directories for saving/loading files from server + */ +$cfg['UploadDir'] = ''; +$cfg['SaveDir'] = ''; + +/** + * Defines whether a user should be displayed a "show all (records)" + * button in browse mode or not. + * default = false + */ +//$cfg['ShowAll'] = true; + +/** + * Number of rows displayed when browsing a result set. If the result + * set contains more rows, "Previous" and "Next". + * default = 30 + */ +//$cfg['MaxRows'] = 50; + +/** + * Use graphically less intense menu tabs + * default = false + */ +//$cfg['LightTabs'] = true; + +/** + * disallow editing of binary fields + * valid values are: + * false allow editing + * 'blob' allow editing except for BLOB fields + * 'all' disallow editing + * default = blob + */ +//$cfg['ProtectBinary'] = 'false'; + +/** + * Default language to use, if not browser-defined or user-defined + * (you find all languages in the locale folder) + * uncomment the desired line: + * default = 'en' + */ +//$cfg['DefaultLang'] = 'en'; +//$cfg['DefaultLang'] = 'de'; + +/** + * default display direction (horizontal|vertical|horizontalflipped) + */ +//$cfg['DefaultDisplay'] = 'vertical'; + + +/** + * How many columns should be used for table display of a database? + * (a value larger than 1 results in some information being hidden) + * default = 1 + */ +//$cfg['PropertiesNumColumns'] = 2; + +/** + * Set to true if you want DB-based query history.If false, this utilizes + * JS-routines to display query history (lost by window close) + * + * This requires configuration storage enabled, see above. + * default = false + */ +//$cfg['QueryHistoryDB'] = true; + +/** + * When using DB-based query history, how many entries should be kept? + * + * default = 25 + */ +//$cfg['QueryHistoryMax'] = 100; + +/* + * You can find more configuration options in Documentation.html + * or here: http://wiki.phpmyadmin.net/pma/Config + */ +?> diff --git a/install/rhel/6/pma/phpMyAdmin.conf b/install/rhel/6/pma/phpMyAdmin.conf new file mode 100644 index 000000000..0049ef2b7 --- /dev/null +++ b/install/rhel/6/pma/phpMyAdmin.conf @@ -0,0 +1,39 @@ +# phpMyAdmin - Web based MySQL browser written in php +# +# Allows only localhost by default +# +# But allowing phpMyAdmin to anyone other than localhost should be considered +# dangerous unless properly secured by SSL + +Alias /phpMyAdmin /usr/share/phpMyAdmin +Alias /phpmyadmin /usr/share/phpMyAdmin + + + Order Deny,Allow + Deny from All + Allow from All + + + + Order Deny,Allow + Deny from All + Allow from All + + +# This directory does not require access over HTTP - taken from the original +# phpMyAdmin upstream tarball +# + + Order Deny,Allow + Deny from All + Allow from None + + +# This configuration prevents mod_security at phpMyAdmin directories from +# filtering SQL etc. This may break your mod_security implementation. +# +# +# +# SecRuleInheritance Off +# +# diff --git a/install/ubuntu/pg_hba.conf b/install/rhel/6/postgresql/pg_hba.conf similarity index 100% rename from install/ubuntu/pg_hba.conf rename to install/rhel/6/postgresql/pg_hba.conf diff --git a/install/debian/proftpd.conf b/install/rhel/6/proftpd/proftpd.conf similarity index 84% rename from install/debian/proftpd.conf rename to install/rhel/6/proftpd/proftpd.conf index e948e92a8..6b89d125e 100644 --- a/install/debian/proftpd.conf +++ b/install/rhel/6/proftpd/proftpd.conf @@ -1,15 +1,14 @@ -LoadModule mod_vroot.c ServerName "FTP" ServerIdent on "FTP Server ready." ServerAdmin root@localhost DefaultServer on -VRootEngine off +VRootEngine on DefaultRoot ~ !adm AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c UseReverseDNS off -User proftpd -Group nogroup +User nobody +Group nobody MaxInstances 20 UseSendfile off LogFormat default "%h %l %u %t \"%r\" %s %b" diff --git a/install/rhel/6/remi-release.rpm b/install/rhel/6/remi-release.rpm new file mode 100644 index 000000000..555c7abeb Binary files /dev/null and b/install/rhel/6/remi-release.rpm differ diff --git a/install/rhel/6/roundcube/config.inc.php b/install/rhel/6/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/rhel/6/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/rhel/6/roundcube/main.inc.php b/install/rhel/6/roundcube/main.inc.php new file mode 100644 index 000000000..a27c306eb --- /dev/null +++ b/install/rhel/6/roundcube/main.inc.php @@ -0,0 +1,40 @@ + + Order Deny,Allow + Deny from all + Allow from all + diff --git a/install/rhel/6/roundcube/vesta.php b/install/rhel/6/roundcube/vesta.php new file mode 100644 index 000000000..b8695bd17 --- /dev/null +++ b/install/rhel/6/roundcube/vesta.php @@ -0,0 +1,59 @@ + + */ + +class rcube_vesta_password +{ + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/rhel/6/sudo/admin b/install/rhel/6/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/rhel/6/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/6/templates.tar.gz b/install/rhel/6/templates.tar.gz new file mode 100644 index 000000000..c81c85510 Binary files /dev/null and b/install/rhel/6/templates.tar.gz differ diff --git a/install/rhel/6/templates/dns/child-ns.tpl b/install/rhel/6/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/rhel/6/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/6/templates/dns/default.tpl b/install/rhel/6/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/rhel/6/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/6/templates/dns/gmail.tpl b/install/rhel/6/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/rhel/6/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/6/templates/web/awstats/awstats.tpl b/install/rhel/6/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/rhel/6/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/rhel/6/templates/web/awstats/index.tpl b/install/rhel/6/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/rhel/6/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/rhel/6/templates/web/awstats/nav.tpl b/install/rhel/6/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/rhel/6/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/templates/web/apache2/basedir.stpl b/install/rhel/6/templates/web/httpd/basedir.stpl similarity index 85% rename from install/ubuntu/templates/web/apache2/basedir.stpl rename to install/rhel/6/templates/web/httpd/basedir.stpl index 269c09711..d568276df 100755 --- a/install/ubuntu/templates/web/apache2/basedir.stpl +++ b/install/rhel/6/templates/web/httpd/basedir.stpl @@ -15,9 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp - php_admin_value upload_tmp_dir %home%/%user%/tmp - php_admin_value session.save_path %home%/%user%/tmp + php_admin_value open_basedir %docroot% AllowOverride All @@ -31,7 +29,7 @@ RMode config RUidGid %user% %group% - RGroups www-data + RGroups apache AssignUserID %user% %group% diff --git a/install/debian/templates/web/apache2/basedir.tpl b/install/rhel/6/templates/web/httpd/basedir.tpl similarity index 82% rename from install/debian/templates/web/apache2/basedir.tpl rename to install/rhel/6/templates/web/httpd/basedir.tpl index c24b12796..41b77334a 100755 --- a/install/debian/templates/web/apache2/basedir.tpl +++ b/install/rhel/6/templates/web/httpd/basedir.tpl @@ -14,9 +14,7 @@ AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp - php_admin_value upload_tmp_dir %home%/%user%/tmp - php_admin_value session.save_path %home%/%user%/tmp + php_admin_value open_basedir %docroot% AllowOverride All @@ -25,7 +23,7 @@ RMode config RUidGid %user% %group% - RGroups www-data + RGroups apache AssignUserID %user% %group% diff --git a/install/ubuntu/templates/web/apache2/default.stpl b/install/rhel/6/templates/web/httpd/default.stpl similarity index 97% rename from install/ubuntu/templates/web/apache2/default.stpl rename to install/rhel/6/templates/web/httpd/default.stpl index da523c138..ffb536c54 100755 --- a/install/ubuntu/templates/web/apache2/default.stpl +++ b/install/rhel/6/templates/web/httpd/default.stpl @@ -28,7 +28,7 @@ RMode config RUidGid %user% %group% - RGroups www-data + RGroups apache AssignUserID %user% %group% diff --git a/install/ubuntu/templates/web/apache2/default.tpl b/install/rhel/6/templates/web/httpd/default.tpl similarity index 97% rename from install/ubuntu/templates/web/apache2/default.tpl rename to install/rhel/6/templates/web/httpd/default.tpl index b95c1ee38..29de125f9 100755 --- a/install/ubuntu/templates/web/apache2/default.tpl +++ b/install/rhel/6/templates/web/httpd/default.tpl @@ -22,7 +22,7 @@ RMode config RUidGid %user% %group% - RGroups www-data + RGroups apache AssignUserID %user% %group% diff --git a/install/rhel/6/templates/web/httpd/hosting.stpl b/install/rhel/6/templates/web/httpd/hosting.stpl new file mode 100755 index 000000000..ee06dfce7 --- /dev/null +++ b/install/rhel/6/templates/web/httpd/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + Include %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/rhel/6/templates/web/httpd/hosting.tpl b/install/rhel/6/templates/web/httpd/hosting.tpl new file mode 100755 index 000000000..c3b839972 --- /dev/null +++ b/install/rhel/6/templates/web/httpd/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + Include %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/rhel/6/templates/web/httpd/phpcgi.sh b/install/rhel/6/templates/web/httpd/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/rhel/6/templates/web/httpd/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/rhel/6/templates/web/httpd/phpcgi.stpl b/install/rhel/6/templates/web/httpd/phpcgi.stpl new file mode 100755 index 000000000..b3e6488a6 --- /dev/null +++ b/install/rhel/6/templates/web/httpd/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/httpd/domains/%domain%.bytes bytes + CustomLog /var/log/httpd/domains/%domain%.log combined + ErrorLog /var/log/httpd/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + Include %home%/%user%/conf/web/shttpd.%domain%.conf* + + + diff --git a/install/rhel/6/templates/web/httpd/phpcgi.tpl b/install/rhel/6/templates/web/httpd/phpcgi.tpl new file mode 100755 index 000000000..952d2b493 --- /dev/null +++ b/install/rhel/6/templates/web/httpd/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/httpd/domains/%domain%.bytes bytes + CustomLog /var/log/httpd/domains/%domain%.log combined + ErrorLog /var/log/httpd/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + Include %home%/%user%/conf/web/httpd.%domain%.conf* + + + diff --git a/install/rhel/6/templates/web/httpd/phpfcgid.sh b/install/rhel/6/templates/web/httpd/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/rhel/6/templates/web/httpd/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/rhel/6/templates/web/httpd/phpfcgid.stpl b/install/rhel/6/templates/web/httpd/phpfcgid.stpl new file mode 100755 index 000000000..352d268b6 --- /dev/null +++ b/install/rhel/6/templates/web/httpd/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/httpd/domains/%domain%.bytes bytes + CustomLog /var/log/httpd/domains/%domain%.log combined + ErrorLog /var/log/httpd/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + Include %home%/%user%/conf/web/shttpd.%domain%.conf* + + + diff --git a/install/rhel/6/templates/web/httpd/phpfcgid.tpl b/install/rhel/6/templates/web/httpd/phpfcgid.tpl new file mode 100755 index 000000000..9826c9464 --- /dev/null +++ b/install/rhel/6/templates/web/httpd/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/httpd/domains/%domain%.bytes bytes + CustomLog /var/log/httpd/domains/%domain%.log combined + ErrorLog /var/log/httpd/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + Include %home%/%user%/conf/web/httpd.%domain%.conf* + + + diff --git a/install/rhel/6/templates/web/nginx/caching.sh b/install/rhel/6/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/rhel/6/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/rhel/6/templates/web/nginx/caching.stpl b/install/rhel/6/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..1109c924f --- /dev/null +++ b/install/rhel/6/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache %domain%; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/caching.tpl b/install/rhel/6/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..6d727c67f --- /dev/null +++ b/install/rhel/6/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache %domain%; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/default.stpl b/install/rhel/6/templates/web/nginx/default.stpl new file mode 100755 index 000000000..53ad8d1b8 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/rhel/6/templates/web/nginx/default.tpl b/install/rhel/6/templates/web/nginx/default.tpl new file mode 100755 index 000000000..c1fec114f --- /dev/null +++ b/install/rhel/6/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/rhel/6/templates/web/nginx/hosting.sh b/install/rhel/6/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/rhel/6/templates/web/nginx/hosting.stpl b/install/rhel/6/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..aca458a4b --- /dev/null +++ b/install/rhel/6/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/rhel/6/templates/web/nginx/hosting.tpl b/install/rhel/6/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..44d874962 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/rhel/6/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/rhel/6/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/rhel/6/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/rhel/6/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/rhel/6/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/rhel/6/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/rhel/6/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/rhel/6/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/rhel/6/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/default.stpl b/install/rhel/6/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/default.tpl b/install/rhel/6/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/rhel/6/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/rhel/6/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/joomla.stpl b/install/rhel/6/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/joomla.tpl b/install/rhel/6/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/owncloud.stpl b/install/rhel/6/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/owncloud.tpl b/install/rhel/6/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/piwik.stpl b/install/rhel/6/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/piwik.tpl b/install/rhel/6/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.stpl b/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.tpl b/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress.stpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress.tpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2.stpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2.tpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/proxy_ip.tpl b/install/rhel/6/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/rhel/6/templates/web/php-fpm/default.tpl b/install/rhel/6/templates/web/php-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/rhel/6/templates/web/php-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/rhel/6/templates/web/php-fpm/no-php.tpl b/install/rhel/6/templates/web/php-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/rhel/6/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/rhel/6/templates/web/php-fpm/socket.tpl b/install/rhel/6/templates/web/php-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/rhel/6/templates/web/php-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/rhel/templates/web/skel/document_errors/403.html b/install/rhel/6/templates/web/skel/document_errors/403.html similarity index 100% rename from install/rhel/templates/web/skel/document_errors/403.html rename to install/rhel/6/templates/web/skel/document_errors/403.html diff --git a/install/rhel/templates/web/skel/document_errors/404.html b/install/rhel/6/templates/web/skel/document_errors/404.html similarity index 100% rename from install/rhel/templates/web/skel/document_errors/404.html rename to install/rhel/6/templates/web/skel/document_errors/404.html diff --git a/install/rhel/templates/web/skel/document_errors/50x.html b/install/rhel/6/templates/web/skel/document_errors/50x.html similarity index 100% rename from install/rhel/templates/web/skel/document_errors/50x.html rename to install/rhel/6/templates/web/skel/document_errors/50x.html diff --git a/install/rhel/6/templates/web/skel/public_html/index.html b/install/rhel/6/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/rhel/6/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/rhel/6/templates/web/skel/public_html/robots.txt b/install/rhel/6/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/rhel/6/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/rhel/6/templates/web/skel/public_shtml/index.html b/install/rhel/6/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/rhel/6/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/rhel/6/templates/web/skel/public_shtml/robots.txt b/install/rhel/6/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/rhel/6/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/rhel/6/templates/web/suspend/.htaccess b/install/rhel/6/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/rhel/6/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/rhel/templates/web/suspend/index.html b/install/rhel/6/templates/web/suspend/index.html similarity index 100% rename from install/rhel/templates/web/suspend/index.html rename to install/rhel/6/templates/web/suspend/index.html diff --git a/install/rhel/6/templates/web/webalizer/webalizer.tpl b/install/rhel/6/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/rhel/6/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/rhel/6/vsftpd/vsftpd.conf b/install/rhel/6/vsftpd/vsftpd.conf new file mode 100644 index 000000000..7a986aff0 --- /dev/null +++ b/install/rhel/6/vsftpd/vsftpd.conf @@ -0,0 +1,21 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +dual_log_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=YES +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/rhel/6/wsgi/httpd.tar.gz b/install/rhel/6/wsgi/httpd.tar.gz new file mode 100644 index 000000000..b25acd68e Binary files /dev/null and b/install/rhel/6/wsgi/httpd.tar.gz differ diff --git a/install/rhel/6/wsgi/httpd/wsgi.sh b/install/rhel/6/wsgi/httpd/wsgi.sh new file mode 100755 index 000000000..cb98116cb --- /dev/null +++ b/install/rhel/6/wsgi/httpd/wsgi.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +echo "# Wsgi template +AddHandler wsgi-script .wsgi + +RewriteEngine On + +RewriteCond %{HTTP_HOST} ^www.$2\.ru\$ [NC] +RewriteRule ^(.*)\$ http://$2/\$1 [R=301,L] + +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^(.*)\$ /django.wsgi/\$1 [QSA,PT,L] +" > $docroot/.htaccess +chown $user:$user $docroot/.htaccess + + +echo "import os, sys +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/env/lib/python2.6/site-packages') +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/project/src/shared/') +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/project/src/') + +os.environ['DJANGO_SETTINGS_MODULE'] = 'main.settings' +import django.core.handlers.wsgi +application = django.core.handlers.wsgi.WSGIHandler()" > $docroot/django.wsgi +chown $user:$user $docroot/django.wsgi + +exit 0 diff --git a/install/rhel/6/wsgi/httpd/wsgi.stpl b/install/rhel/6/wsgi/httpd/wsgi.stpl new file mode 100755 index 000000000..e2fdd3f40 --- /dev/null +++ b/install/rhel/6/wsgi/httpd/wsgi.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + WSGIDaemonProcess apx-idea user=%user% group=%user% processes=1 threads=5 display-name=%{GROUP} python-path=%home%/%user%/web/%domain%/private/django/%domain%/env/lib/python2.6/site-packages + WSGIProcessGroup apx-idea + WSGIApplicationGroup %{GLOBAL} + + + + AllowOverride FileInfo + Options ExecCGI Indexes + MultiviewsMatch Handlers + Options +FollowSymLinks + Order allow,deny + Allow from all + + + Include %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/rhel/6/wsgi/httpd/wsgi.tpl b/install/rhel/6/wsgi/httpd/wsgi.tpl new file mode 100644 index 000000000..ad5d8a076 --- /dev/null +++ b/install/rhel/6/wsgi/httpd/wsgi.tpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + WSGIDaemonProcess apx-idea user=%user% group=%user% processes=1 threads=5 display-name=%{GROUP} python-path=%home%/%user%/web/%domain%/private/django/%domain%/env/lib/python2.6/site-packages + WSGIProcessGroup apx-idea + WSGIApplicationGroup %{GLOBAL} + + + + AllowOverride FileInfo + Options ExecCGI Indexes + MultiviewsMatch Handlers + Options +FollowSymLinks + Order allow,deny + Allow from all + + + Include %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/rhel/7/GPG.txt b/install/rhel/7/GPG.txt new file mode 100644 index 000000000..33bb1ff26 --- /dev/null +++ b/install/rhel/7/GPG.txt @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQGiBExUOVkRBACPJeB3bdrAggHlFpkaB1aRDXDz7clRg6jyEzdMYHhrniSyjhAH ++b53zE4iapCHFIamEG2Fa7zS2lSx7068AmqHsZK5jwmyhTVVYuTtbebj1C4Y5ToW +icHhy4ullB7qeDmAod6EY4YSx2kYO3dR/QLk5QM4lWuV/OLdXWTeoKiiYwCg0UAP +yUkBXgNcKXrFqoJelmG3JEMEAIYM7CGwVd47FsM1UCu56HNQPErxLoUPBUlAQFtx +OMOFDMEm7qH7ve8FgGGRL9oHF7mSJ3y7HgM1BF5MHkKz6FjDrT1U5+Lub6oI2e90 +gfCMGlQAzUm9o+fijfbhKoEQ/xQRkUoqWEaf9zlFx1/4+NH+Qz/L8ZDTHvSLvUgt +HyZlA/916St5suAUugXu9PeLRVqboiHjhz0JWKneQEQ2QcTu8lhHsu/mZTWL9FYn +XwtiCJLZT8bpBSfl8Oeqhof1+sPgnv7t/LuKQ6JJmyJ46Sa453wfrs+xs32hKAe+ +ZN0VGBmHe7NhuhW/LdM0KMMr/LHuJJJAgmt+XVHi2RFwsZvdMbQkVmVzdGEgUGFj +a2FnZXMgPGJ1aWxkZXJAdmVzdGFjcC5jb20+iGAEExECACAFAkxUOVkCGwMGCwkI +BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBbjeFzoXeCtp6dAKDQfeTPHi6hCgg4L+sx +LEjXvVdLOwCfe9yfr+en+uz6qst0QBT2cAwB+q+5Ag0ETFQ5bBAIAJYZa9pV9l/R +OUFgIvdJd1mvzJpRAXsRBBJc22WuOHp22Uj+lMKrJMTRQZvFBvk9s7Mb1/ACXrL4 +vIbsKqXNAlVFp9kF1tKV2ejZ1MrJaQ4819bIkyG0lJzjl6u9lzJopF7ie00YHKC6 +1rltLaevfFjUXq1DoYZBg42hT/SOj+3+2D0e9qcxeuxXbsjnvwtxxUkWcP/ftOSt +HsAAbM1YtwGl9+fZLWG9+WIKNOE9kp+h2ywZtFA4v/Ms2op7oZGAL7C95k1EgLrH +mOZ0B2oKOLctV1z9keWksPN/osyG7Mg8ljv8zF3XwQFqHOHRntDqSWoFBMvJBkNS +vtm6u5WyKd8ABAsH/0RbeWVA+JqpZ24Rl57XoDRPRzno0m0EnkJMXr22uBq1lPg8 +VkadrGOshFXpM3Rho57f3U7fwKmShQXGEV7RHsWcxcfwOSKVJtI468sDuYXc2l1f +5nFo+rCtVh3BBq+JtZFKX0x53BesCT/M7l33Dfm9MDi34tEdPTPjumBIH1dowYdv +9/2HPlPp4NZte7gOO/VIAiS+jJ30aBn09t8duW5md7/rkOPIM5It05LGCLjb9hVm +R9zTwzw30fIrkeyWZdAbk76lH8u8j6PX30U6RRzb33+XIFR4ab3nlyqOQOpoTqyG +cs7B02sgBbyC+RG1EYfcelSEvLXkR8mjcqjs+MCISQQYEQIACQUCTFQ5bAIbDAAK +CRBbjeFzoXeCtlpcAKDLh59svtq/Gn99O9ZZw0nBjWv6sACfffDxPhCP1F852Jab +d8P1WGhr2Q8= +=Z1Jj +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/rhel/7/clamav/clamd.conf b/install/rhel/7/clamav/clamd.conf new file mode 100644 index 000000000..c215bcb98 --- /dev/null +++ b/install/rhel/7/clamav/clamd.conf @@ -0,0 +1,502 @@ +## +## Example config file for the Clam AV daemon +## Please read the clamd.conf(5) manual before editing this file. +## + + +# Comment or remove the line below. +#Example + +# Uncomment this option to enable logging. +# LogFile must be writable for the user running daemon. +# A full path is required. +# Default: disabled +LogFile /var/log/clamav/clamd.log + +# By default the log file is locked for writing - the lock protects against +# running clamd multiple times (if want to run another clamd, please +# copy the configuration file, change the LogFile variable, and run +# the daemon with --config-file option). +# This option disables log file locking. +# Default: no +#LogFileUnlock yes + +# Maximum size of the log file. +# Value of 0 disables the limit. +# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) +# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size +# in bytes just don't use modifiers. +# Default: 1M +LogFileMaxSize 0 + +# Log time with each message. +# Default: no +LogTime yes + +# Also log clean files. Useful in debugging but drastically increases the +# log size. +# Default: no +#LogClean yes + +# Use system logger (can work together with LogFile). +# Default: no +LogSyslog yes + +# Specify the type of syslog messages - please refer to 'man syslog' +# for facility names. +# Default: LOG_LOCAL6 +#LogFacility LOG_MAIL + +# Enable verbose logging. +# Default: no +#LogVerbose yes + +# Log additional information about the infected file, such as its +# size and hash, together with the virus name. +#ExtendedDetectionInfo yes + +# This option allows you to save a process identifier of the listening +# daemon (main thread). +# Default: disabled +PidFile /var/run/clamav/clamd.pid + +# Optional path to the global temporary directory. +# Default: system specific (usually /tmp or /var/tmp). +TemporaryDirectory /var/tmp + +# Path to the database directory. +# Default: hardcoded (depends on installation options) +DatabaseDirectory /var/lib/clamav + +# Only load the official signatures published by the ClamAV project. +# Default: no +#OfficialDatabaseOnly no + +# The daemon can work in local mode, network mode or both. +# Due to security reasons we recommend the local mode. + +# Path to a local socket file the daemon will listen on. +# Default: disabled (must be specified by a user) +LocalSocket /var/run/clamav/clamd.sock + +# Sets the group ownership on the unix socket. +# Default: disabled (the primary group of the user running clamd) +#LocalSocketGroup virusgroup + +# Sets the permissions on the unix socket to the specified mode. +# Default: disabled (socket is world accessible) +#LocalSocketMode 660 + +# Remove stale socket after unclean shutdown. +# Default: yes +FixStaleSocket yes + +# TCP port address. +# Default: no +TCPSocket 3310 + +# TCP address. +# By default we bind to INADDR_ANY, probably not wise. +# Enable the following to provide some degree of protection +# from the outside world. +# Default: no +TCPAddr 127.0.0.1 + +# Maximum length the queue of pending connections may grow to. +# Default: 200 +MaxConnectionQueueLength 30 + +# Clamd uses FTP-like protocol to receive data from remote clients. +# If you are using clamav-milter to balance load between remote clamd daemons +# on firewall servers you may need to tune the options below. + +# Close the connection when the data size limit is exceeded. +# The value should match your MTA's limit for a maximum attachment size. +# Default: 25M +#StreamMaxLength 10M + +# Limit port range. +# Default: 1024 +#StreamMinPort 30000 +# Default: 2048 +#StreamMaxPort 32000 + +# Maximum number of threads running at the same time. +# Default: 10 +MaxThreads 50 + +# Waiting for data from a client socket will timeout after this time (seconds). +# Default: 120 +ReadTimeout 300 + +# This option specifies the time (in seconds) after which clamd should +# timeout if a client doesn't provide any initial command after connecting. +# Default: 5 +#CommandReadTimeout 5 + +# This option specifies how long to wait (in miliseconds) if the send buffer is full. +# Keep this value low to prevent clamd hanging +# +# Default: 500 +#SendBufTimeout 200 + +# Maximum number of queued items (including those being processed by MaxThreads threads) +# It is recommended to have this value at least twice MaxThreads if possible. +# WARNING: you shouldn't increase this too much to avoid running out of file descriptors, +# the following condition should hold: +# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) +# +# Default: 100 +#MaxQueue 200 + +# Waiting for a new job will timeout after this time (seconds). +# Default: 30 +#IdleTimeout 60 + +# Don't scan files and directories matching regex +# This directive can be used multiple times +# Default: scan all +#ExcludePath ^/proc/ +#ExcludePath ^/sys/ + +# Maximum depth directories are scanned at. +# Default: 15 +#MaxDirectoryRecursion 20 + +# Follow directory symlinks. +# Default: no +#FollowDirectorySymlinks yes + +# Follow regular file symlinks. +# Default: no +#FollowFileSymlinks yes + +# Scan files and directories on other filesystems. +# Default: yes +#CrossFilesystems yes + +# Perform a database check. +# Default: 600 (10 min) +#SelfCheck 600 + +# Execute a command when virus is found. In the command string %v will +# be replaced with the virus name. +# Default: no +#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" + +# Run as another user (clamd must be started by root for this option to work) +# Default: don't drop privileges +User clam + +# Initialize supplementary group access (clamd must be started by root). +# Default: no +AllowSupplementaryGroups yes + +# Stop daemon when libclamav reports out of memory condition. +#ExitOnOOM yes + +# Don't fork into background. +# Default: no +#Foreground yes + +# Enable debug messages in libclamav. +# Default: no +#Debug yes + +# Do not remove temporary files (for debug purposes). +# Default: no +#LeaveTemporaryFiles yes + +# Detect Possibly Unwanted Applications. +# Default: no +#DetectPUA yes + +# Exclude a specific PUA category. This directive can be used multiple times. +# See http://www.clamav.net/support/pua for the complete list of PUA +# categories. +# Default: Load all categories (if DetectPUA is activated) +#ExcludePUA NetTool +#ExcludePUA PWTool + +# Only include a specific PUA category. This directive can be used multiple +# times. +# Default: Load all categories (if DetectPUA is activated) +#IncludePUA Spy +#IncludePUA Scanner +#IncludePUA RAT + +# In some cases (eg. complex malware, exploits in graphic files, and others), +# ClamAV uses special algorithms to provide accurate detection. This option +# controls the algorithmic detection. +# Default: yes +#AlgorithmicDetection yes + + +## +## Executable files +## + +# PE stands for Portable Executable - it's an executable file format used +# in all 32 and 64-bit versions of Windows operating systems. This option allows +# ClamAV to perform a deeper analysis of executable files and it's also +# required for decompression of popular executable packers such as UPX, FSG, +# and Petite. If you turn off this option, the original files will still be +# scanned, but without additional processing. +# Default: yes +ScanPE yes + +# Executable and Linking Format is a standard format for UN*X executables. +# This option allows you to control the scanning of ELF files. +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +ScanELF yes + +# With this option clamav will try to detect broken executables (both PE and +# ELF) and mark them as Broken.Executable. +# Default: no +DetectBrokenExecutables yes + + +## +## Documents +## + +# This option enables scanning of OLE2 files, such as Microsoft Office +# documents and .msi files. +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +ScanOLE2 yes + + +# With this option enabled OLE2 files with VBA macros, which were not +# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". +# Default: no +#OLE2BlockMacros no + +# This option enables scanning within PDF files. +# If you turn off this option, the original files will still be scanned, but +# without decoding and additional processing. +# Default: yes +#ScanPDF yes + + +## +## Mail files +## + +# Enable internal e-mail scanner. +# If you turn off this option, the original files will still be scanned, but +# without parsing individual messages/attachments. +# Default: yes +ScanMail yes + +# Scan RFC1341 messages split over many emails. +# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. +# WARNING: This option may open your system to a DoS attack. +# Never use it on loaded servers. +# Default: no +#ScanPartialMessages yes + + +# With this option enabled ClamAV will try to detect phishing attempts by using +# signatures. +# Default: yes +#PhishingSignatures yes + +# Scan URLs found in mails for phishing attempts using heuristics. +# Default: yes +#PhishingScanURLs yes + +# Always block SSL mismatches in URLs, even if the URL isn't in the database. +# This can lead to false positives. +# +# Default: no +#PhishingAlwaysBlockSSLMismatch no + +# Always block cloaked URLs, even if URL isn't in database. +# This can lead to false positives. +# +# Default: no +#PhishingAlwaysBlockCloak no + +# Allow heuristic match to take precedence. +# When enabled, if a heuristic scan (such as phishingScan) detects +# a possible virus/phish it will stop scan immediately. Recommended, saves CPU +# scan-time. +# When disabled, virus/phish detected by heuristic scans will be reported only at +# the end of a scan. If an archive contains both a heuristically detected +# virus/phish, and a real malware, the real malware will be reported +# +# Keep this disabled if you intend to handle "*.Heuristics.*" viruses +# differently from "real" malware. +# If a non-heuristically-detected virus (signature-based) is found first, +# the scan is interrupted immediately, regardless of this config option. +# +# Default: no +#HeuristicScanPrecedence yes + +## +## Data Loss Prevention (DLP) +## + +# Enable the DLP module +# Default: No +#StructuredDataDetection yes + +# This option sets the lowest number of Credit Card numbers found in a file +# to generate a detect. +# Default: 3 +#StructuredMinCreditCardCount 5 + +# This option sets the lowest number of Social Security Numbers found +# in a file to generate a detect. +# Default: 3 +#StructuredMinSSNCount 5 + +# With this option enabled the DLP module will search for valid +# SSNs formatted as xxx-yy-zzzz +# Default: yes +#StructuredSSNFormatNormal yes + +# With this option enabled the DLP module will search for valid +# SSNs formatted as xxxyyzzzz +# Default: no +#StructuredSSNFormatStripped yes + + +## +## HTML +## + +# Perform HTML normalisation and decryption of MS Script Encoder code. +# Default: yes +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +#ScanHTML yes + + +## +## Archives +## + +# ClamAV can scan within archives and compressed files. +# If you turn off this option, the original files will still be scanned, but +# without unpacking and additional processing. +# Default: yes +ScanArchive yes + +# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). +# Default: no +ArchiveBlockEncrypted no + + +## +## Limits +## + +# The options below protect your system against Denial of Service attacks +# using archive bombs. + +# This option sets the maximum amount of data to be scanned for each input file. +# Archives and other containers are recursively extracted and scanned up to this +# value. +# Value of 0 disables the limit +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 100M +#MaxScanSize 150M + +# Files larger than this limit won't be scanned. Affects the input file itself +# as well as files contained inside it (when the input file is an archive, a +# document or some other kind of container). +# Value of 0 disables the limit. +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 25M +#MaxFileSize 30M + +# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR +# file, all files within it will also be scanned. This options specifies how +# deeply the process should be continued. +# Note: setting this limit too high may result in severe damage to the system. +# Default: 16 +#MaxRecursion 10 + +# Number of files to be scanned within an archive, a document, or any other +# container file. +# Value of 0 disables the limit. +# Note: disabling this limit or setting it too high may result in severe damage +# to the system. +# Default: 10000 +#MaxFiles 15000 + + +## +## Clamuko settings +## + +# Enable Clamuko. Dazuko must be configured and running. Clamuko supports +# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS +# is the preferred option. For more information please visit www.dazuko.org +# Default: no +#ClamukoScanOnAccess yes + +# The number of scanner threads that will be started (DazukoFS only). +# Having multiple scanner threads allows Clamuko to serve multiple +# processes simultaneously. This is particularly beneficial on SMP machines. +# Default: 3 +#ClamukoScannerCount 3 + +# Don't scan files larger than ClamukoMaxFileSize +# Value of 0 disables the limit. +# Default: 5M +#ClamukoMaxFileSize 10M + +# Set access mask for Clamuko (Dazuko only). +# Default: no +#ClamukoScanOnOpen yes +#ClamukoScanOnClose yes +#ClamukoScanOnExec yes + +# Set the include paths (all files inside them will be scanned). You can have +# multiple ClamukoIncludePath directives but each directory must be added +# in a seperate line. (Dazuko only) +# Default: disabled +#ClamukoIncludePath /home +#ClamukoIncludePath /students + +# Set the exclude paths. All subdirectories are also excluded. (Dazuko only) +# Default: disabled +#ClamukoExcludePath /home/bofh + +# With this option you can whitelist specific UIDs. Processes with these UIDs +# will be able to access all files. +# This option can be used multiple times (one per line). +# Default: disabled +#ClamukoExcludeUID 0 + +# With this option enabled ClamAV will load bytecode from the database. +# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. +# Default: yes +#Bytecode yes + +# Set bytecode security level. +# Possible values: +# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS +# This value is only available if clamav was built with --enable-debug! +# TrustSigned - trust bytecode loaded from signed .c[lv]d files, +# insert runtime safety checks for bytecode loaded from other sources +# Paranoid - don't trust any bytecode, insert runtime checks for all +# Recommended: TrustSigned, because bytecode in .cvd files already has these checks +# Note that by default only signed bytecode is loaded, currently you can only +# load unsigned bytecode in --enable-debug mode. +# +# Default: TrustSigned +#BytecodeSecurity TrustSigned + +# Set bytecode timeout in miliseconds. +# +# Default: 5000 +# BytecodeTimeout 1000 diff --git a/install/rhel/7/clamav/clamd.service b/install/rhel/7/clamav/clamd.service new file mode 100644 index 000000000..fdb3af7fd --- /dev/null +++ b/install/rhel/7/clamav/clamd.service @@ -0,0 +1,12 @@ +[Unit] +Description = clamd scanner (clamd) daemon +After = syslog.target nss-lookup.target network.target + +[Service] +Type = simple +ExecStart = /usr/sbin/clamd -c /etc/clamd.conf --nofork=yes +Restart = on-failure +PrivateTmp = true + +[Install] +WantedBy=multi-user.target diff --git a/install/rhel/7/clamav/freshclam.conf b/install/rhel/7/clamav/freshclam.conf new file mode 100644 index 000000000..61fb36465 --- /dev/null +++ b/install/rhel/7/clamav/freshclam.conf @@ -0,0 +1,6 @@ +DatabaseDirectory /var/lib/clamav +UpdateLogFile /var/log/clamav/freshclam.log +LogSyslog yes +DatabaseOwner clam +DatabaseMirror db.ca.clamav.net +DatabaseMirror db.local.clamav.net diff --git a/install/rhel/7/dovecot.tar.gz b/install/rhel/7/dovecot.tar.gz new file mode 100644 index 000000000..24182a6ad Binary files /dev/null and b/install/rhel/7/dovecot.tar.gz differ diff --git a/install/rhel/7/dovecot/conf.d/10-auth.conf b/install/rhel/7/dovecot/conf.d/10-auth.conf new file mode 100644 index 000000000..dfcc83110 --- /dev/null +++ b/install/rhel/7/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/rhel/7/dovecot/conf.d/10-logging.conf b/install/rhel/7/dovecot/conf.d/10-logging.conf new file mode 100644 index 000000000..a5f207d51 --- /dev/null +++ b/install/rhel/7/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/rhel/7/dovecot/conf.d/10-mail.conf b/install/rhel/7/dovecot/conf.d/10-mail.conf new file mode 100644 index 000000000..55313419e --- /dev/null +++ b/install/rhel/7/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/rhel/7/dovecot/conf.d/10-master.conf b/install/rhel/7/dovecot/conf.d/10-master.conf new file mode 100644 index 000000000..a75a9aaa4 --- /dev/null +++ b/install/rhel/7/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/rhel/7/dovecot/conf.d/10-ssl.conf b/install/rhel/7/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/rhel/7/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 3 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/rhel/7/dovecot/conf.d/auth-passwdfile.conf.ext b/install/rhel/7/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 000000000..69ab3a5d9 --- /dev/null +++ b/install/rhel/7/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim/domains/%d/passwd +} diff --git a/install/rhel/7/dovecot/dovecot.conf b/install/rhel/7/dovecot/dovecot.conf new file mode 100644 index 000000000..b44bd6a82 --- /dev/null +++ b/install/rhel/7/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = * +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/rhel/7/epel-release.rpm b/install/rhel/7/epel-release.rpm new file mode 100644 index 000000000..6c2a040be Binary files /dev/null and b/install/rhel/7/epel-release.rpm differ diff --git a/install/rhel/7/exim/dnsbl.conf b/install/rhel/7/exim/dnsbl.conf new file mode 100644 index 000000000..5166b255e --- /dev/null +++ b/install/rhel/7/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/rhel/7/exim/exim-smarthost.conf b/install/rhel/7/exim/exim-smarthost.conf new file mode 100644 index 000000000..086ca6507 --- /dev/null +++ b/install/rhel/7/exim/exim-smarthost.conf @@ -0,0 +1,384 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim/domains/ +domainlist relay_to_domains = dsearch;/etc/exim/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.sock +.endif + +tls_advertise_hosts = * +tls_certificate = /etc/pki/tls/certs/exim.pem +tls_privatekey = /etc/pki/tls/private/exim.pem + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +login: + driver = plaintext + public_name = LOGIN + client_send = ": user@smartrelay.vestacp.com : p4sw0rd" + server_set_id = $auth1 + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +smarthost: + driver = manualroute + domains = ! +local_domains + transport = remote_smtp_auth + route_list = * smartrelay.vestacp.com + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} + require_files = /etc/exim/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +remote_smtp_auth: + driver = smtp + hosts = smartrelay.vestacp.com + hosts_require_auth = smartrelay.vestacp.com + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/rhel/7/exim/exim.conf b/install/rhel/7/exim/exim.conf new file mode 100644 index 000000000..0f9830168 --- /dev/null +++ b/install/rhel/7/exim/exim.conf @@ -0,0 +1,376 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim/domains/ +domainlist relay_to_domains = dsearch;/etc/exim/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.sock +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} + require_files = /etc/exim/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/rhel/7/exim/spam-blocks.conf b/install/rhel/7/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/rhel/7/fail2ban.tar.gz b/install/rhel/7/fail2ban.tar.gz new file mode 100644 index 000000000..563451b41 Binary files /dev/null and b/install/rhel/7/fail2ban.tar.gz differ diff --git a/install/ubuntu/fail2ban.action.conf b/install/rhel/7/fail2ban/fail2ban.action.conf similarity index 100% rename from install/ubuntu/fail2ban.action.conf rename to install/rhel/7/fail2ban/fail2ban.action.conf diff --git a/install/rhel/7/fail2ban/fail2ban.filter.conf b/install/rhel/7/fail2ban/fail2ban.filter.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/rhel/7/fail2ban/fail2ban.filter.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/fail2ban.jail.conf b/install/rhel/7/fail2ban/fail2ban.jail.conf similarity index 100% rename from install/ubuntu/fail2ban.jail.conf rename to install/rhel/7/fail2ban/fail2ban.jail.conf diff --git a/install/rhel/7/firewall.tar.gz b/install/rhel/7/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/rhel/7/firewall.tar.gz differ diff --git a/install/rhel/7/firewall/ports.conf b/install/rhel/7/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/rhel/7/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/rhel/7/firewall/rules.conf b/install/rhel/7/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/rhel/7/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/rhel/7/httpd/httpd.conf b/install/rhel/7/httpd/httpd.conf new file mode 100644 index 000000000..40b034885 --- /dev/null +++ b/install/rhel/7/httpd/httpd.conf @@ -0,0 +1,58 @@ +ServerRoot "/etc/httpd" +Include conf.modules.d/*.conf +User apache +Group apache +ServerAdmin root@localhost + + + AllowOverride none + + +DocumentRoot "/var/www/html" + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +DirectoryIndex index.php index.html + + + Require all denied + + +ErrorLog "logs/error_log" +LogLevel warn + +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%b" bytes +CustomLog "logs/access_log" combined + +TypesConfig /etc/mime.types +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz +AddType text/html .shtml +AddOutputFilter INCLUDES .shtml +#AddHandler cgi-script .cgi + +AddDefaultCharset UTF-8 + + + MIMEMagicFile conf/magic + + +EnableSendfile on + + + RemoteIPHeader X-Real-IP + LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%a %l %u %t \"%r\" %>s %b" common + + +IncludeOptional conf.d/*.conf diff --git a/install/rhel/7/httpd/ruid2.conf b/install/rhel/7/httpd/ruid2.conf new file mode 100644 index 000000000..42f908a85 --- /dev/null +++ b/install/rhel/7/httpd/ruid2.conf @@ -0,0 +1,8 @@ +LoadModule ruid2_module modules/mod_ruid2.so + + + RMode config + RDefaultUidGid apache apache + RUidGid apache apache + RGroups apache + diff --git a/install/rhel/7/httpd/ssl.conf b/install/rhel/7/httpd/ssl.conf new file mode 100644 index 000000000..ccc067c19 --- /dev/null +++ b/install/rhel/7/httpd/ssl.conf @@ -0,0 +1,6 @@ +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +SSLCryptoDevice builtin diff --git a/install/rhel/7/httpd/status.conf b/install/rhel/7/httpd/status.conf new file mode 100644 index 000000000..f68f293dc --- /dev/null +++ b/install/rhel/7/httpd/status.conf @@ -0,0 +1,7 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + diff --git a/install/rhel/7/logrotate/httpd b/install/rhel/7/logrotate/httpd new file mode 100644 index 000000000..80dab8e29 --- /dev/null +++ b/install/rhel/7/logrotate/httpd @@ -0,0 +1,10 @@ +/var/log/httpd/*log /var/log/httpd/domains/*log { + missingok + notifempty + compress + sharedscripts + postrotate + /sbin/service httpd reload > /dev/null 2>/dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/rhel/7/logrotate/nginx b/install/rhel/7/logrotate/nginx new file mode 100644 index 000000000..b1da1bf16 --- /dev/null +++ b/install/rhel/7/logrotate/nginx @@ -0,0 +1,12 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + create 0644 nginx nginx + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/rhel/7/logrotate/vesta b/install/rhel/7/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/rhel/7/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/rhel/7/mariadb/my-large.cnf b/install/rhel/7/mariadb/my-large.cnf new file mode 100644 index 000000000..4e6c2225c --- /dev/null +++ b/install/rhel/7/mariadb/my-large.cnf @@ -0,0 +1,38 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/7/mariadb/my-medium.cnf b/install/rhel/7/mariadb/my-medium.cnf new file mode 100644 index 000000000..fa255ec52 --- /dev/null +++ b/install/rhel/7/mariadb/my-medium.cnf @@ -0,0 +1,37 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/7/mariadb/my-small.cnf b/install/rhel/7/mariadb/my-small.cnf new file mode 100644 index 000000000..933d4ae0b --- /dev/null +++ b/install/rhel/7/mariadb/my-small.cnf @@ -0,0 +1,35 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=50 +max_user_connections=25 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + +[mysqld_safe] +log-error=/var/log/mariadb/mariadb.log +pid-file=/var/run/mariadb/mariadb.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/7/monit/clamd.conf b/install/rhel/7/monit/clamd.conf new file mode 100644 index 000000000..a360b1097 --- /dev/null +++ b/install/rhel/7/monit/clamd.conf @@ -0,0 +1,3 @@ +check process clamd with pidfile /var/run/clamav/clamd.pid + start program = "/etc/init.d/clamd start" + stop program = "/etc/init.d/clamd stop" diff --git a/install/rhel/7/monit/dovecot.conf b/install/rhel/7/monit/dovecot.conf new file mode 100644 index 000000000..c78216565 --- /dev/null +++ b/install/rhel/7/monit/dovecot.conf @@ -0,0 +1,3 @@ +check process dovecot with pidfile /var/run/dovecot/master.pid + start program = "/etc/init.d/dovecot start" + stop program = "/etc/init.d/dovecot stop" diff --git a/install/rhel/7/monit/exim.conf b/install/rhel/7/monit/exim.conf new file mode 100644 index 000000000..e7988e47d --- /dev/null +++ b/install/rhel/7/monit/exim.conf @@ -0,0 +1,3 @@ +check process exim with pidfile /var/run/exim.pid + start program = "/etc/init.d/exim start" + stop program = "/etc/init.d/exim stop" diff --git a/install/rhel/7/monit/httpd.conf b/install/rhel/7/monit/httpd.conf new file mode 100644 index 000000000..1ce1a594d --- /dev/null +++ b/install/rhel/7/monit/httpd.conf @@ -0,0 +1,3 @@ +check process httpd with pidfile /var/run/httpd/httpd.pid + start program = "/etc/init.d/httpd start" + stop program = "/etc/init.d/httpd stop" diff --git a/install/rhel/7/monit/mysql.conf b/install/rhel/7/monit/mysql.conf new file mode 100644 index 000000000..aa413c438 --- /dev/null +++ b/install/rhel/7/monit/mysql.conf @@ -0,0 +1,3 @@ +check process mysql with pidfile /var/run/mysqld/mysqld.pid + start program = "/etc/init.d/mysqld start" + stop program = "/etc/init.d/mysqld stop" diff --git a/install/rhel/7/monit/nginx.conf b/install/rhel/7/monit/nginx.conf new file mode 100644 index 000000000..d29af043c --- /dev/null +++ b/install/rhel/7/monit/nginx.conf @@ -0,0 +1,3 @@ +check process nginx with pidfile /var/run/nginx.pid + start program = "/etc/init.d/nginx start" + stop program = "/etc/init.d/nginx stop" diff --git a/install/rhel/7/monit/spamassassin.conf b/install/rhel/7/monit/spamassassin.conf new file mode 100644 index 000000000..0c9729d51 --- /dev/null +++ b/install/rhel/7/monit/spamassassin.conf @@ -0,0 +1,3 @@ +check process spamassassin with pidfile /var/run/spamd.pid + start program = "/etc/init.d/spamassassin start" + stop program = "/etc/init.d/spamassassin stop" diff --git a/install/rhel/7/monit/sshd.conf b/install/rhel/7/monit/sshd.conf new file mode 100644 index 000000000..b28123129 --- /dev/null +++ b/install/rhel/7/monit/sshd.conf @@ -0,0 +1,3 @@ +check process sshd with pidfile /var/run/sshd.pid + start program = "/etc/init.d/sshd start" + stop program = "/etc/init.d/sshd stop" diff --git a/install/rhel/7/monit/vesta-nginx.conf b/install/rhel/7/monit/vesta-nginx.conf new file mode 100644 index 000000000..1a85cac3a --- /dev/null +++ b/install/rhel/7/monit/vesta-nginx.conf @@ -0,0 +1,3 @@ +check process vesta-nginx with pidfile /var/run/vesta-nginx.pid + start program = "/etc/init.d/vesta start" + stop program = "/etc/init.d/vesta stop" diff --git a/install/rhel/7/monit/vesta-php.conf b/install/rhel/7/monit/vesta-php.conf new file mode 100644 index 000000000..80731189f --- /dev/null +++ b/install/rhel/7/monit/vesta-php.conf @@ -0,0 +1,3 @@ +check process vesta-php with pidfile /var/run/vesta-php.pid + start program = "/etc/init.d/vesta start" + stop program = "/etc/init.d/vesta stop" diff --git a/install/rhel/7/mysqld/my-large.cnf b/install/rhel/7/mysqld/my-large.cnf new file mode 100644 index 000000000..b548eeb87 --- /dev/null +++ b/install/rhel/7/mysqld/my-large.cnf @@ -0,0 +1,38 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/7/mysqld/my-medium.cnf b/install/rhel/7/mysqld/my-medium.cnf new file mode 100644 index 000000000..e5f2677fc --- /dev/null +++ b/install/rhel/7/mysqld/my-medium.cnf @@ -0,0 +1,37 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/7/mysqld/my-small.cnf b/install/rhel/7/mysqld/my-small.cnf new file mode 100644 index 000000000..adc7cd1fb --- /dev/null +++ b/install/rhel/7/mysqld/my-small.cnf @@ -0,0 +1,35 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +#slow_query_log=1 +#slow_query_log_file=/var/log/mysql-slow-queries.log + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +# +# include all files from the config directory +# +!includedir /etc/my.cnf.d diff --git a/install/rhel/7/named/named.conf b/install/rhel/7/named/named.conf new file mode 100644 index 000000000..472bd829b --- /dev/null +++ b/install/rhel/7/named/named.conf @@ -0,0 +1,13 @@ +options { + directory "/var/named"; + dump-file "/var/named/data/cache_dump.db"; + pid-file "/var/run/named/named.pid"; + statistics-file "/var/named/data/named_stats.txt"; + version "get lost"; + allow-transfer {"none";}; + recursion no; + +}; + +include "/etc/rndc.key"; + diff --git a/install/rhel/7/nginx/nginx.conf b/install/rhel/7/nginx/nginx.conf new file mode 100644 index 000000000..0316de7ac --- /dev/null +++ b/install/rhel/7/nginx/nginx.conf @@ -0,0 +1,101 @@ +# Server globals +user nginx; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_temp_path /var/cache/nginx/temp; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/rhel/7/nginx/phpmyadmin.inc b/install/rhel/7/nginx/phpmyadmin.inc new file mode 100644 index 000000000..09da52076 --- /dev/null +++ b/install/rhel/7/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpMyAdmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpMyAdmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/7/nginx/phppgadmin.inc b/install/rhel/7/nginx/phppgadmin.inc new file mode 100644 index 000000000..333e560a2 --- /dev/null +++ b/install/rhel/7/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phpPgAdmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phpPgAdmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/7/nginx/status.conf b/install/rhel/7/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/rhel/7/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/rhel/7/nginx/webmail.inc b/install/rhel/7/nginx/webmail.inc new file mode 100644 index 000000000..2d0fbe293 --- /dev/null +++ b/install/rhel/7/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /usr/share/roundcubemail/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /usr/share/roundcubemail/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/rhel/7/packages.tar.gz b/install/rhel/7/packages.tar.gz new file mode 100644 index 000000000..b857a5099 Binary files /dev/null and b/install/rhel/7/packages.tar.gz differ diff --git a/install/rhel/7/packages/default.pkg b/install/rhel/7/packages/default.pkg new file mode 100644 index 000000000..3df21d3df --- /dev/null +++ b/install/rhel/7/packages/default.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2015-06-05' diff --git a/install/rhel/7/packages/gainsboro.pkg b/install/rhel/7/packages/gainsboro.pkg new file mode 100644 index 000000000..2b66b7d17 --- /dev/null +++ b/install/rhel/7/packages/gainsboro.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2015-06-05' diff --git a/install/rhel/7/packages/palegreen.pkg b/install/rhel/7/packages/palegreen.pkg new file mode 100644 index 000000000..b17e5e1b2 --- /dev/null +++ b/install/rhel/7/packages/palegreen.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='hosting' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2015-06-05' diff --git a/install/rhel/7/packages/slategrey.pkg b/install/rhel/7/packages/slategrey.pkg new file mode 100644 index 000000000..cc9ef423c --- /dev/null +++ b/install/rhel/7/packages/slategrey.pkg @@ -0,0 +1,19 @@ +WEB_TEMPLATE='default' +BACKEND_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2015-06-05' diff --git a/install/rhel/7/pga/config.inc.php b/install/rhel/7/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/rhel/7/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/rhel/7/pga/phpPgAdmin.conf b/install/rhel/7/pga/phpPgAdmin.conf new file mode 100644 index 000000000..4f6ea1b53 --- /dev/null +++ b/install/rhel/7/pga/phpPgAdmin.conf @@ -0,0 +1,14 @@ +# +# This configuration file maps the phpPgAdmin directory into the URL space. +# By default this application is only accessible from the local host. +# + +Alias /phpPgAdmin /usr/share/phpPgAdmin +Alias /phppgadmin /usr/share/phpPgAdmin + + + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/rhel/7/php-fpm/www.conf b/install/rhel/7/php-fpm/www.conf new file mode 100644 index 000000000..260109d8f --- /dev/null +++ b/install/rhel/7/php-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = apache +group = apache +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/rhel/7/pma/config.inc.conf b/install/rhel/7/pma/config.inc.conf new file mode 100644 index 000000000..47ae207e4 --- /dev/null +++ b/install/rhel/7/pma/config.inc.conf @@ -0,0 +1,143 @@ +. + * + * @package phpMyAdmin + */ + +/* + * This is needed for cookie based authentication to encrypt password in + * cookie + */ +$cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ + +/* + * Servers configuration + */ +$i = 0; + +/* + * First server + */ +$i++; +/* Authentication type */ +$cfg['Servers'][$i]['auth_type'] = 'cookie'; +/* Server parameters */ +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['connect_type'] = 'tcp'; +$cfg['Servers'][$i]['compress'] = false; +/* Select mysqli if your server has it */ +$cfg['Servers'][$i]['extension'] = 'mysql'; +$cfg['Servers'][$i]['AllowNoPassword'] = false; + +/* + * phpMyAdmin configuration storage settings. + */ + +/* User used to manipulate with storage */ +// $cfg['Servers'][$i]['controluser'] = 'pma'; +// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; + +/* Storage database and tables */ +// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; +// $cfg['Servers'][$i]['relation'] = 'pma_relation'; +// $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; +// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; +// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; +// $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; +// $cfg['Servers'][$i]['history'] = 'pma_history'; +// $cfg['Servers'][$i]['tracking'] = 'pma_tracking'; +// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; +// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig'; +/* Contrib / Swekey authentication */ +// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; + +/* + * End of servers configuration + */ + +/* + * Directories for saving/loading files from server + */ +$cfg['UploadDir'] = ''; +$cfg['SaveDir'] = ''; + +/** + * Defines whether a user should be displayed a "show all (records)" + * button in browse mode or not. + * default = false + */ +//$cfg['ShowAll'] = true; + +/** + * Number of rows displayed when browsing a result set. If the result + * set contains more rows, "Previous" and "Next". + * default = 30 + */ +//$cfg['MaxRows'] = 50; + +/** + * Use graphically less intense menu tabs + * default = false + */ +//$cfg['LightTabs'] = true; + +/** + * disallow editing of binary fields + * valid values are: + * false allow editing + * 'blob' allow editing except for BLOB fields + * 'all' disallow editing + * default = blob + */ +//$cfg['ProtectBinary'] = 'false'; + +/** + * Default language to use, if not browser-defined or user-defined + * (you find all languages in the locale folder) + * uncomment the desired line: + * default = 'en' + */ +//$cfg['DefaultLang'] = 'en'; +//$cfg['DefaultLang'] = 'de'; + +/** + * default display direction (horizontal|vertical|horizontalflipped) + */ +//$cfg['DefaultDisplay'] = 'vertical'; + + +/** + * How many columns should be used for table display of a database? + * (a value larger than 1 results in some information being hidden) + * default = 1 + */ +//$cfg['PropertiesNumColumns'] = 2; + +/** + * Set to true if you want DB-based query history.If false, this utilizes + * JS-routines to display query history (lost by window close) + * + * This requires configuration storage enabled, see above. + * default = false + */ +//$cfg['QueryHistoryDB'] = true; + +/** + * When using DB-based query history, how many entries should be kept? + * + * default = 25 + */ +//$cfg['QueryHistoryMax'] = 100; + +/* + * You can find more configuration options in Documentation.html + * or here: http://wiki.phpmyadmin.net/pma/Config + */ +?> diff --git a/install/rhel/7/pma/phpMyAdmin.conf b/install/rhel/7/pma/phpMyAdmin.conf new file mode 100644 index 000000000..0049ef2b7 --- /dev/null +++ b/install/rhel/7/pma/phpMyAdmin.conf @@ -0,0 +1,39 @@ +# phpMyAdmin - Web based MySQL browser written in php +# +# Allows only localhost by default +# +# But allowing phpMyAdmin to anyone other than localhost should be considered +# dangerous unless properly secured by SSL + +Alias /phpMyAdmin /usr/share/phpMyAdmin +Alias /phpmyadmin /usr/share/phpMyAdmin + + + Order Deny,Allow + Deny from All + Allow from All + + + + Order Deny,Allow + Deny from All + Allow from All + + +# This directory does not require access over HTTP - taken from the original +# phpMyAdmin upstream tarball +# + + Order Deny,Allow + Deny from All + Allow from None + + +# This configuration prevents mod_security at phpMyAdmin directories from +# filtering SQL etc. This may break your mod_security implementation. +# +# +# +# SecRuleInheritance Off +# +# diff --git a/install/rhel/7/postgresql/pg_hba.conf b/install/rhel/7/postgresql/pg_hba.conf new file mode 100644 index 000000000..1ba43941b --- /dev/null +++ b/install/rhel/7/postgresql/pg_hba.conf @@ -0,0 +1,11 @@ +# "local" is for Unix domain socket connections only +local all all ident + +# IPv4 local connections: +host all all 127.0.0.1/32 md5 + +# IPv6 local connections: +host all all ::1/128 md5 + +# Others +host all all 0.0.0.0/0 md5 diff --git a/install/rhel/7/proftpd/proftpd.conf b/install/rhel/7/proftpd/proftpd.conf new file mode 100644 index 000000000..a889ec82b --- /dev/null +++ b/install/rhel/7/proftpd/proftpd.conf @@ -0,0 +1,32 @@ +ServerName "FTP" +ServerIdent on "FTP Server ready." +ServerAdmin root@localhost +DefaultServer on +DefaultRoot ~ !adm + + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User nobody +Group nobody +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/rhel/7/remi-release.rpm b/install/rhel/7/remi-release.rpm new file mode 100644 index 000000000..7eea9560b Binary files /dev/null and b/install/rhel/7/remi-release.rpm differ diff --git a/install/rhel/7/roundcube/config.inc.php b/install/rhel/7/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/rhel/7/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/rhel/7/roundcube/main.inc.php b/install/rhel/7/roundcube/main.inc.php new file mode 100644 index 000000000..a27c306eb --- /dev/null +++ b/install/rhel/7/roundcube/main.inc.php @@ -0,0 +1,40 @@ + + Order Deny,Allow + Deny from all + Allow from all + diff --git a/install/rhel/7/roundcube/vesta.php b/install/rhel/7/roundcube/vesta.php new file mode 100644 index 000000000..b8695bd17 --- /dev/null +++ b/install/rhel/7/roundcube/vesta.php @@ -0,0 +1,59 @@ + + */ + +class rcube_vesta_password +{ + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/rhel/7/sudo/admin b/install/rhel/7/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/rhel/7/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/7/templates.tar.gz b/install/rhel/7/templates.tar.gz new file mode 100644 index 000000000..fd86c5069 Binary files /dev/null and b/install/rhel/7/templates.tar.gz differ diff --git a/install/rhel/7/templates/dns/child-ns.tpl b/install/rhel/7/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/rhel/7/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/templates/dns/default.tpl b/install/rhel/7/templates/dns/default.tpl similarity index 100% rename from install/rhel/templates/dns/default.tpl rename to install/rhel/7/templates/dns/default.tpl diff --git a/install/rhel/7/templates/dns/gmail.tpl b/install/rhel/7/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/rhel/7/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/rhel/7/templates/web/awstats/awstats.tpl b/install/rhel/7/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/rhel/7/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/rhel/7/templates/web/awstats/index.tpl b/install/rhel/7/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/rhel/7/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/rhel/7/templates/web/awstats/nav.tpl b/install/rhel/7/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/rhel/7/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/rhel/7/templates/web/httpd/basedir.stpl b/install/rhel/7/templates/web/httpd/basedir.stpl new file mode 100755 index 000000000..b90818f14 --- /dev/null +++ b/install/rhel/7/templates/web/httpd/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/basedir.tpl b/install/rhel/7/templates/web/httpd/basedir.tpl new file mode 100755 index 000000000..53188221e --- /dev/null +++ b/install/rhel/7/templates/web/httpd/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/default.stpl b/install/rhel/7/templates/web/httpd/default.stpl new file mode 100755 index 000000000..1134f39a8 --- /dev/null +++ b/install/rhel/7/templates/web/httpd/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/default.tpl b/install/rhel/7/templates/web/httpd/default.tpl new file mode 100755 index 000000000..78caf0b8c --- /dev/null +++ b/install/rhel/7/templates/web/httpd/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/hosting.stpl b/install/rhel/7/templates/web/httpd/hosting.stpl new file mode 100755 index 000000000..28ba49d59 --- /dev/null +++ b/install/rhel/7/templates/web/httpd/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/hosting.tpl b/install/rhel/7/templates/web/httpd/hosting.tpl new file mode 100755 index 000000000..3a9249701 --- /dev/null +++ b/install/rhel/7/templates/web/httpd/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/phpcgi.sh b/install/rhel/7/templates/web/httpd/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/rhel/7/templates/web/httpd/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/rhel/7/templates/web/httpd/phpcgi.stpl b/install/rhel/7/templates/web/httpd/phpcgi.stpl new file mode 100755 index 000000000..924e869ec --- /dev/null +++ b/install/rhel/7/templates/web/httpd/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/httpd/domains/%domain%.bytes bytes + CustomLog /var/log/httpd/domains/%domain%.log combined + ErrorLog /var/log/httpd/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/shttpd.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/phpcgi.tpl b/install/rhel/7/templates/web/httpd/phpcgi.tpl new file mode 100755 index 000000000..bcefbfc4a --- /dev/null +++ b/install/rhel/7/templates/web/httpd/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/httpd/domains/%domain%.bytes bytes + CustomLog /var/log/httpd/domains/%domain%.log combined + ErrorLog /var/log/httpd/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/httpd.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/phpfcgid.sh b/install/rhel/7/templates/web/httpd/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/rhel/7/templates/web/httpd/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/rhel/7/templates/web/httpd/phpfcgid.stpl b/install/rhel/7/templates/web/httpd/phpfcgid.stpl new file mode 100755 index 000000000..64bdb1b07 --- /dev/null +++ b/install/rhel/7/templates/web/httpd/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/httpd/domains/%domain%.bytes bytes + CustomLog /var/log/httpd/domains/%domain%.log combined + ErrorLog /var/log/httpd/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/shttpd.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/httpd/phpfcgid.tpl b/install/rhel/7/templates/web/httpd/phpfcgid.tpl new file mode 100755 index 000000000..d48da5eef --- /dev/null +++ b/install/rhel/7/templates/web/httpd/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/httpd/domains/%domain%.bytes bytes + CustomLog /var/log/httpd/domains/%domain%.log combined + ErrorLog /var/log/httpd/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/httpd.%domain%.conf* + + + diff --git a/install/rhel/7/templates/web/nginx/caching.sh b/install/rhel/7/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/rhel/7/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/rhel/7/templates/web/nginx/caching.stpl b/install/rhel/7/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..1109c924f --- /dev/null +++ b/install/rhel/7/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache %domain%; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/caching.tpl b/install/rhel/7/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..6d727c67f --- /dev/null +++ b/install/rhel/7/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache %domain%; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/default.stpl b/install/rhel/7/templates/web/nginx/default.stpl new file mode 100755 index 000000000..53ad8d1b8 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/rhel/7/templates/web/nginx/default.tpl b/install/rhel/7/templates/web/nginx/default.tpl new file mode 100755 index 000000000..c1fec114f --- /dev/null +++ b/install/rhel/7/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/rhel/7/templates/web/nginx/hosting.sh b/install/rhel/7/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/rhel/7/templates/web/nginx/hosting.stpl b/install/rhel/7/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..aca458a4b --- /dev/null +++ b/install/rhel/7/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/rhel/7/templates/web/nginx/hosting.tpl b/install/rhel/7/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..44d874962 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/rhel/7/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/rhel/7/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/rhel/7/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/rhel/7/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/rhel/7/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/rhel/7/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/rhel/7/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/rhel/7/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/rhel/7/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/default.stpl b/install/rhel/7/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/default.tpl b/install/rhel/7/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/rhel/7/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/rhel/7/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/joomla.stpl b/install/rhel/7/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/joomla.tpl b/install/rhel/7/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/owncloud.stpl b/install/rhel/7/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/owncloud.tpl b/install/rhel/7/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/piwik.stpl b/install/rhel/7/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/piwik.tpl b/install/rhel/7/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.stpl b/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.tpl b/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress.stpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress.tpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2.stpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2.tpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/proxy_ip.tpl b/install/rhel/7/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/rhel/7/templates/web/php-fpm/default.tpl b/install/rhel/7/templates/web/php-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/rhel/7/templates/web/php-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/rhel/7/templates/web/php-fpm/no-php.tpl b/install/rhel/7/templates/web/php-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/rhel/7/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/rhel/7/templates/web/php-fpm/socket.tpl b/install/rhel/7/templates/web/php-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/rhel/7/templates/web/php-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/templates/web/skel/document_errors/403.html b/install/rhel/7/templates/web/skel/document_errors/403.html similarity index 100% rename from install/ubuntu/templates/web/skel/document_errors/403.html rename to install/rhel/7/templates/web/skel/document_errors/403.html diff --git a/install/ubuntu/templates/web/skel/document_errors/404.html b/install/rhel/7/templates/web/skel/document_errors/404.html similarity index 100% rename from install/ubuntu/templates/web/skel/document_errors/404.html rename to install/rhel/7/templates/web/skel/document_errors/404.html diff --git a/install/ubuntu/templates/web/skel/document_errors/50x.html b/install/rhel/7/templates/web/skel/document_errors/50x.html similarity index 100% rename from install/ubuntu/templates/web/skel/document_errors/50x.html rename to install/rhel/7/templates/web/skel/document_errors/50x.html diff --git a/install/rhel/7/templates/web/skel/public_html/index.html b/install/rhel/7/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/rhel/7/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/rhel/7/templates/web/skel/public_html/robots.txt b/install/rhel/7/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/rhel/7/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/rhel/7/templates/web/skel/public_shtml/index.html b/install/rhel/7/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/rhel/7/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/rhel/7/templates/web/skel/public_shtml/robots.txt b/install/rhel/7/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/rhel/7/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/rhel/7/templates/web/suspend/.htaccess b/install/rhel/7/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/rhel/7/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/templates/web/suspend/index.html b/install/rhel/7/templates/web/suspend/index.html similarity index 100% rename from install/ubuntu/templates/web/suspend/index.html rename to install/rhel/7/templates/web/suspend/index.html diff --git a/install/rhel/7/templates/web/webalizer/webalizer.tpl b/install/rhel/7/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/rhel/7/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/rhel/7/vsftpd/vsftpd.conf b/install/rhel/7/vsftpd/vsftpd.conf new file mode 100644 index 000000000..4673c838d --- /dev/null +++ b/install/rhel/7/vsftpd/vsftpd.conf @@ -0,0 +1,22 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +dual_log_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +chroot_local_user=YES +allow_writeable_chroot=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=YES +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/rhel/7/wsgi/httpd.tar.gz b/install/rhel/7/wsgi/httpd.tar.gz new file mode 100644 index 000000000..b25acd68e Binary files /dev/null and b/install/rhel/7/wsgi/httpd.tar.gz differ diff --git a/install/rhel/7/wsgi/httpd/wsgi.sh b/install/rhel/7/wsgi/httpd/wsgi.sh new file mode 100755 index 000000000..cb98116cb --- /dev/null +++ b/install/rhel/7/wsgi/httpd/wsgi.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +echo "# Wsgi template +AddHandler wsgi-script .wsgi + +RewriteEngine On + +RewriteCond %{HTTP_HOST} ^www.$2\.ru\$ [NC] +RewriteRule ^(.*)\$ http://$2/\$1 [R=301,L] + +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^(.*)\$ /django.wsgi/\$1 [QSA,PT,L] +" > $docroot/.htaccess +chown $user:$user $docroot/.htaccess + + +echo "import os, sys +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/env/lib/python2.6/site-packages') +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/project/src/shared/') +sys.path.insert(0, '$home_dir/$user/web/$domain/private/django/$domain/project/src/') + +os.environ['DJANGO_SETTINGS_MODULE'] = 'main.settings' +import django.core.handlers.wsgi +application = django.core.handlers.wsgi.WSGIHandler()" > $docroot/django.wsgi +chown $user:$user $docroot/django.wsgi + +exit 0 diff --git a/install/rhel/7/wsgi/httpd/wsgi.stpl b/install/rhel/7/wsgi/httpd/wsgi.stpl new file mode 100755 index 000000000..e2fdd3f40 --- /dev/null +++ b/install/rhel/7/wsgi/httpd/wsgi.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + WSGIDaemonProcess apx-idea user=%user% group=%user% processes=1 threads=5 display-name=%{GROUP} python-path=%home%/%user%/web/%domain%/private/django/%domain%/env/lib/python2.6/site-packages + WSGIProcessGroup apx-idea + WSGIApplicationGroup %{GLOBAL} + + + + AllowOverride FileInfo + Options ExecCGI Indexes + MultiviewsMatch Handlers + Options +FollowSymLinks + Order allow,deny + Allow from all + + + Include %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/rhel/7/wsgi/httpd/wsgi.tpl b/install/rhel/7/wsgi/httpd/wsgi.tpl new file mode 100644 index 000000000..ad5d8a076 --- /dev/null +++ b/install/rhel/7/wsgi/httpd/wsgi.tpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups apache + + + AssignUserID %user% %group% + + + WSGIDaemonProcess apx-idea user=%user% group=%user% processes=1 threads=5 display-name=%{GROUP} python-path=%home%/%user%/web/%domain%/private/django/%domain%/env/lib/python2.6/site-packages + WSGIProcessGroup apx-idea + WSGIApplicationGroup %{GLOBAL} + + + + AllowOverride FileInfo + Options ExecCGI Indexes + MultiviewsMatch Handlers + Options +FollowSymLinks + Order allow,deny + Allow from all + + + Include %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/rhel/apc.ini b/install/rhel/apc.ini deleted file mode 100644 index b4e2d3493..000000000 --- a/install/rhel/apc.ini +++ /dev/null @@ -1,70 +0,0 @@ -; Enable apc extension module -extension = apc.so - -; Options for the APC module version >= 3.1.3 -; See http://www.php.net/manual/en/apc.configuration.php - -; This can be set to 0 to disable APC. -apc.enabled=1 -; The number of shared memory segments to allocate for the compiler cache. -apc.shm_segments=1 -; The size of each shared memory segment, with M/G suffix -apc.shm_size=128M -; A "hint" about the number of distinct source files that will be included or -; requested on your web server. Set to zero or omit if you are not sure; -apc.num_files_hint=1024 -; Just like num_files_hint, a "hint" about the number of distinct user cache -; variables to store. Set to zero or omit if you are not sure; -apc.user_entries_hint=4096 -; The number of seconds a cache entry is allowed to idle in a slot in case this -; cache entry slot is needed by another entry. -apc.ttl=0 -; use the SAPI request start time for TTL -apc.use_request_time=1 -; The number of seconds a user cache entry is allowed to idle in a slot in case -; this cache entry slot is needed by another entry. -apc.user_ttl=7200 -; The number of seconds that a cache entry may remain on the garbage-collection list. -apc.gc_ttl=3600 -; On by default, but can be set to off and used in conjunction with positive -; apc.filters so that files are only cached if matched by a positive filter. -apc.cache_by_default=1 -; A comma-separated list of POSIX extended regular expressions. -apc.filters -; The mktemp-style file_mask to pass to the mmap module -apc.mmap_file_mask=/tmp/apc.XXXXXX -; This file_update_protection setting puts a delay on caching brand new files. -apc.file_update_protection=2 -; Setting this enables APC for the CLI version of PHP (Mostly for testing and debugging). -apc.enable_cli=0 -; Prevents large files from being cached -apc.max_file_size=1M -; Whether to stat the main script file and the fullpath includes. -apc.stat=1 -; Vertification with ctime will avoid problems caused by programs such as svn or rsync by making -; sure inodes have not changed since the last stat. APC will normally only check mtime. -apc.stat_ctime=0 -; Whether to canonicalize paths in stat=0 mode or fall back to stat behaviour -apc.canonicalize=0 -; With write_lock enabled, only one process at a time will try to compile an -; uncached script while the other processes will run uncached -apc.write_lock=1 -; Logs any scripts that were automatically excluded from being cached due to early/late binding issues. -apc.report_autofilter=0 -; RFC1867 File Upload Progress hook handler -apc.rfc1867=0 -apc.rfc1867_prefix =upload_ -apc.rfc1867_name=APC_UPLOAD_PROGRESS -apc.rfc1867_freq=0 -apc.rfc1867_ttl=3600 -; Optimize include_once and require_once calls and avoid the expensive system calls used. -apc.include_once_override=0 -apc.lazy_classes=0 -apc.lazy_functions=0 -; Enables APC handling of signals, such as SIGSEGV, that write core files when signaled. -; APC will attempt to unmap the shared memory segment in order to exclude it from the core file -apc.coredump_unmap=0 -; Records a md5 hash of files. -apc.file_md5=0 -; not documented -apc.preload_path diff --git a/install/rhel/dovecot/conf.d/10-ssl.conf b/install/rhel/dovecot/conf.d/10-ssl.conf deleted file mode 100644 index aaf63255b..000000000 --- a/install/rhel/dovecot/conf.d/10-ssl.conf +++ /dev/null @@ -1,3 +0,0 @@ -ssl = yes -ssl_cert = ", because it will show the password in clear. -# You have to run "ssh -t hostname sudo ". -# -#Defaults requiretty - -Defaults env_reset -Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ - LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ - LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ - LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ - LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ - _XKB_CHARSET XAUTHORITY VESTA" - - -# Disable syslog loggging -Defaults !syslog - -## Next comes the main part: which users can run what software on -## which machines (the sudoers file can be shared between multiple -## systems). -## Syntax: -## -## user MACHINE=COMMANDS -## -## The COMMANDS section may have other options added to it. -## -## Allow root to run any commands anywhere -root ALL=(ALL) ALL - -## Allows members of the 'sys' group to run networking, software, -## service management apps and more. -# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS - -## Allows people in group wheel to run all commands -# %wheel ALL=(ALL) ALL - -## Same thing without a password -# %wheel ALL=(ALL) NOPASSWD: ALL - -## Allows members of the users group to mount and unmount the -## cdrom as root -# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom - -## Allows members of the users group to shutdown this system -# %users localhost=/sbin/shutdown -h now - -#includedir /etc/sudoers.d diff --git a/install/rhel/vesta.conf b/install/rhel/vesta.conf deleted file mode 100644 index eb2ae13fa..000000000 --- a/install/rhel/vesta.conf +++ /dev/null @@ -1,24 +0,0 @@ -WEB_SYSTEM='httpd' -WEB_RGROUPS='apache' -WEB_PORT='8080' -WEB_SSL='mod_ssl' -WEB_SSL_PORT='8443' -PROXY_SYSTEM='nginx' -PROXY_PORT='80' -PROXY_SSL_PORT='443' -FTP_SYSTEM='vsftpd' -MAIL_SYSTEM='exim' -IMAP_SYSTEM='dovecot' -ANTIVIRUS_SYSTEM='clamav' -ANTISPAM_SYSTEM='spamassassin' -DB_SYSTEM='mysql' -DNS_SYSTEM='named' -STATS_SYSTEM='webalizer,awstats' -BACKUP_SYSTEM='local' -CRON_SYSTEM='crond' -DISK_QUOTA='no' -FIREWALL_SYSTEM='iptables' -FIREWALL_EXTENSION='fail2ban' -REPOSITORY='cmmnt' -VERSION='0.9.8' -LANGUAGE='en' diff --git a/install/rhel/whmcs-module.php b/install/rhel/whmcs-module.php deleted file mode 100644 index 1cb250611..000000000 --- a/install/rhel/whmcs-module.php +++ /dev/null @@ -1,359 +0,0 @@ - array( "Type" => "text", "Default" => "default"), - "SSH Access" => array( "Type" => "yesno", "Description" => "Tick to grant access", ), - "IP Address (optional)" => array( "Type" => "text" ), - ); - return $configarray; - -} - -function vesta_CreateAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-add-user', - 'arg1' => $params["username"], - 'arg2' => $params["password"], - 'arg3' => $params["clientsdetails"]["email"], - 'arg4' => $params["configoption1"], - 'arg5' => $params["clientsdetails"]["firstname"], - 'arg6' => $params["clientsdetails"]["lastname"], - ); - $postdata = http_build_query($postvars); - - // Create user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_UserAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - // Enable ssh access - if(($answer == 'OK') && ($params["configoption2"] == 'on')) { - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-shell', - 'arg1' => $params["username"], - 'arg2' => 'bash' - ); - $postdata = http_build_query($postvars); - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_EnableSSH','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - } - - // Add domain - if(($answer == 'OK') && (!empty($params["domain"]))) { - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-add-domain', - 'arg1' => $params["username"], - 'arg2' => $params["domain"], - 'arg3' => $params["configoption3"], - ); - $postdata = http_build_query($postvars); - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_AddDomain','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - } - } - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_TerminateAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-delete-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Delete user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','TerminateAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_SuspendAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-suspend-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Susupend user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','SuspendAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_UnsuspendAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-unsuspend-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Unsusupend user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','UnsuspendAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ChangePassword($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-password', - 'arg1' => $params["username"], - 'arg2' => $params["password"] - ); - $postdata = http_build_query($postvars); - - // Change user package - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','ChangePassword','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ChangePackage($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-package', - 'arg1' => $params["username"], - 'arg2' => $params["configoption1"] - ); - $postdata = http_build_query($postvars); - - // Change user package - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','ChangePackage','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ClientArea($params) { - - $code = '
- - - - -
'; - return $code; - -} - -function vesta_AdminLink($params) { - - $code = '
- - - -
'; - return $code; - -} - -function vesta_LoginLink($params) { - - echo "control panel"; - -} - -function vesta_UsageUpdate($params) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-list-users', - 'arg1' => 'json' - ); - $postdata = http_build_query($postvars); - - // Get user stats - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - // Decode json data - $results = json_decode($answer, true); - - // Loop through results and update DB - foreach ($results AS $user=>$values) { - update_query("tblhosting",array( - "diskusage"=>$values['U_DISK'], - "disklimit"=>$values['DISK_QUOTA'], - "bwusage"=>$values['U_BANDWIDTH'], - "bwlimit"=>$values['BANDWIDTH'], - "lastupdate"=>"now()", - ),array("server"=>$params['serverid'], "username"=>$user)); - } - -} - -?> diff --git a/install/ubuntu/12.04/apache2/apache2.conf b/install/ubuntu/12.04/apache2/apache2.conf new file mode 100644 index 000000000..221780117 --- /dev/null +++ b/install/ubuntu/12.04/apache2/apache2.conf @@ -0,0 +1,86 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ diff --git a/install/ubuntu/12.04/apache2/status.conf b/install/ubuntu/12.04/apache2/status.conf new file mode 100644 index 000000000..da9d96333 --- /dev/null +++ b/install/ubuntu/12.04/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/12.04/bind/named.conf b/install/ubuntu/12.04/bind/named.conf new file mode 100644 index 000000000..ed6ece885 --- /dev/null +++ b/install/ubuntu/12.04/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/12.04/clamav/clamd.conf b/install/ubuntu/12.04/clamav/clamd.conf new file mode 100644 index 000000000..ea982697a --- /dev/null +++ b/install/ubuntu/12.04/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/12.04/deb_signing.key b/install/ubuntu/12.04/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/ubuntu/12.04/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/12.04/dovecot.tar.gz b/install/ubuntu/12.04/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/ubuntu/12.04/dovecot.tar.gz differ diff --git a/install/ubuntu/12.04/dovecot/conf.d/10-auth.conf b/install/ubuntu/12.04/dovecot/conf.d/10-auth.conf new file mode 100644 index 000000000..dfcc83110 --- /dev/null +++ b/install/ubuntu/12.04/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/12.04/dovecot/conf.d/10-logging.conf b/install/ubuntu/12.04/dovecot/conf.d/10-logging.conf new file mode 100644 index 000000000..a5f207d51 --- /dev/null +++ b/install/ubuntu/12.04/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/12.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/12.04/dovecot/conf.d/10-mail.conf new file mode 100644 index 000000000..55313419e --- /dev/null +++ b/install/ubuntu/12.04/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/12.04/dovecot/conf.d/10-master.conf b/install/ubuntu/12.04/dovecot/conf.d/10-master.conf new file mode 100644 index 000000000..a75a9aaa4 --- /dev/null +++ b/install/ubuntu/12.04/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/12.04/dovecot/conf.d/10-ssl.conf b/install/ubuntu/12.04/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/ubuntu/12.04/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/12.04/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/12.04/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 000000000..75e6e1152 --- /dev/null +++ b/install/ubuntu/12.04/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/12.04/dovecot/dovecot.conf b/install/ubuntu/12.04/dovecot/dovecot.conf new file mode 100644 index 000000000..0a8553510 --- /dev/null +++ b/install/ubuntu/12.04/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/12.04/exim/dnsbl.conf b/install/ubuntu/12.04/exim/dnsbl.conf new file mode 100644 index 000000000..5166b255e --- /dev/null +++ b/install/ubuntu/12.04/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/12.04/exim/exim4.conf.template b/install/ubuntu/12.04/exim/exim4.conf.template new file mode 100644 index 000000000..742f0409e --- /dev/null +++ b/install/ubuntu/12.04/exim/exim4.conf.template @@ -0,0 +1,377 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/12.04/exim/spam-blocks.conf b/install/ubuntu/12.04/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/ubuntu/12.04/fail2ban.tar.gz b/install/ubuntu/12.04/fail2ban.tar.gz new file mode 100644 index 000000000..628545b6b Binary files /dev/null and b/install/ubuntu/12.04/fail2ban.tar.gz differ diff --git a/install/ubuntu/12.04/fail2ban/action.d/vesta.conf b/install/ubuntu/12.04/fail2ban/action.d/vesta.conf new file mode 100644 index 000000000..0edfc3491 --- /dev/null +++ b/install/ubuntu/12.04/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/12.04/fail2ban/filter.d/vesta.conf b/install/ubuntu/12.04/fail2ban/filter.d/vesta.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/ubuntu/12.04/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/12.04/fail2ban/jail.local b/install/ubuntu/12.04/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/ubuntu/12.04/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/ubuntu/12.04/firewall.tar.gz b/install/ubuntu/12.04/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/ubuntu/12.04/firewall.tar.gz differ diff --git a/install/ubuntu/12.04/firewall/ports.conf b/install/ubuntu/12.04/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/ubuntu/12.04/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/12.04/firewall/rules.conf b/install/ubuntu/12.04/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/ubuntu/12.04/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/12.04/logrotate/apache2 b/install/ubuntu/12.04/logrotate/apache2 new file mode 100644 index 000000000..27629d0dd --- /dev/null +++ b/install/ubuntu/12.04/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/12.04/logrotate/nginx b/install/ubuntu/12.04/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/ubuntu/12.04/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/12.04/logrotate/vesta b/install/ubuntu/12.04/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/ubuntu/12.04/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/12.04/mysql/my-large.cnf b/install/ubuntu/12.04/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/ubuntu/12.04/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/12.04/mysql/my-medium.cnf b/install/ubuntu/12.04/mysql/my-medium.cnf new file mode 100644 index 000000000..1c10ab9a6 --- /dev/null +++ b/install/ubuntu/12.04/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/12.04/mysql/my-small.cnf b/install/ubuntu/12.04/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/ubuntu/12.04/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/nginx.conf b/install/ubuntu/12.04/nginx/nginx.conf similarity index 99% rename from install/ubuntu/nginx.conf rename to install/ubuntu/12.04/nginx/nginx.conf index 1e0d321b2..7937301c1 100644 --- a/install/ubuntu/nginx.conf +++ b/install/ubuntu/12.04/nginx/nginx.conf @@ -1,5 +1,5 @@ # Server globals -user nginx; +user www-data; worker_processes 2; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; diff --git a/install/ubuntu/12.04/nginx/phpmyadmin.inc b/install/ubuntu/12.04/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/ubuntu/12.04/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/12.04/nginx/phppgadmin.inc b/install/ubuntu/12.04/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/ubuntu/12.04/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/12.04/nginx/status.conf b/install/ubuntu/12.04/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/ubuntu/12.04/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/12.04/nginx/webmail.inc b/install/ubuntu/12.04/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/ubuntu/12.04/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/12.04/packages.tar.gz b/install/ubuntu/12.04/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/ubuntu/12.04/packages.tar.gz differ diff --git a/install/ubuntu/packages/default.pkg b/install/ubuntu/12.04/packages/default.pkg similarity index 100% rename from install/ubuntu/packages/default.pkg rename to install/ubuntu/12.04/packages/default.pkg diff --git a/install/ubuntu/packages/gainsboro.pkg b/install/ubuntu/12.04/packages/gainsboro.pkg similarity index 100% rename from install/ubuntu/packages/gainsboro.pkg rename to install/ubuntu/12.04/packages/gainsboro.pkg diff --git a/install/ubuntu/packages/palegreen.pkg b/install/ubuntu/12.04/packages/palegreen.pkg similarity index 100% rename from install/ubuntu/packages/palegreen.pkg rename to install/ubuntu/12.04/packages/palegreen.pkg diff --git a/install/ubuntu/packages/slategrey.pkg b/install/ubuntu/12.04/packages/slategrey.pkg similarity index 100% rename from install/ubuntu/packages/slategrey.pkg rename to install/ubuntu/12.04/packages/slategrey.pkg diff --git a/install/ubuntu/12.04/pga/config.inc.php b/install/ubuntu/12.04/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/ubuntu/12.04/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/12.04/pga/phppgadmin.conf b/install/ubuntu/12.04/pga/phppgadmin.conf new file mode 100644 index 000000000..f39247d6f --- /dev/null +++ b/install/ubuntu/12.04/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/12.04/php5-fpm/www.conf b/install/ubuntu/12.04/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/ubuntu/12.04/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/ubuntu/12.04/pma/apache.conf b/install/ubuntu/12.04/pma/apache.conf new file mode 100644 index 000000000..2a8f69e25 --- /dev/null +++ b/install/ubuntu/12.04/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/12.04/pma/config.inc.php b/install/ubuntu/12.04/pma/config.inc.php new file mode 100644 index 000000000..a643a065b --- /dev/null +++ b/install/ubuntu/12.04/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/12.04/roundcube/apache.conf b/install/ubuntu/12.04/roundcube/apache.conf new file mode 100644 index 000000000..a0c87bcc6 --- /dev/null +++ b/install/ubuntu/12.04/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/12.04/roundcube/config.inc.php b/install/ubuntu/12.04/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/ubuntu/12.04/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/roundcube-main.conf b/install/ubuntu/12.04/roundcube/main.inc.php similarity index 99% rename from install/ubuntu/roundcube-main.conf rename to install/ubuntu/12.04/roundcube/main.inc.php index a6e1fc2ee..97cdbf2df 100644 --- a/install/ubuntu/roundcube-main.conf +++ b/install/ubuntu/12.04/roundcube/main.inc.php @@ -175,6 +175,8 @@ $rcmail_config['smtp_timeout'] = 0; // ---------------------------------- // SYSTEM // ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + // THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. // ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! @@ -437,6 +439,7 @@ $rcmail_config['trash_mbox'] = 'Trash'; // these folders will also be displayed with localized names // NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) $rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); // automatically create the above listed default folders on first login $rcmail_config['create_default_folders'] = true; diff --git a/install/ubuntu/12.04/roundcube/vesta.php b/install/ubuntu/12.04/roundcube/vesta.php new file mode 100644 index 000000000..8fb202a44 --- /dev/null +++ b/install/ubuntu/12.04/roundcube/vesta.php @@ -0,0 +1,62 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/12.04/sudo/admin b/install/ubuntu/12.04/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/ubuntu/12.04/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/12.04/templates.tar.gz b/install/ubuntu/12.04/templates.tar.gz new file mode 100644 index 000000000..ce385d269 Binary files /dev/null and b/install/ubuntu/12.04/templates.tar.gz differ diff --git a/install/ubuntu/12.04/templates/dns/child-ns.tpl b/install/ubuntu/12.04/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/ubuntu/12.04/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.04/templates/dns/default.tpl b/install/ubuntu/12.04/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/ubuntu/12.04/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.04/templates/dns/gmail.tpl b/install/ubuntu/12.04/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/ubuntu/12.04/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.04/templates/web/apache2/basedir.stpl b/install/ubuntu/12.04/templates/web/apache2/basedir.stpl new file mode 100755 index 000000000..3f71e6999 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/basedir.tpl b/install/ubuntu/12.04/templates/web/apache2/basedir.tpl new file mode 100755 index 000000000..75daf0e10 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/default.stpl b/install/ubuntu/12.04/templates/web/apache2/default.stpl new file mode 100755 index 000000000..e884a95b9 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/default.tpl b/install/ubuntu/12.04/templates/web/apache2/default.tpl new file mode 100755 index 000000000..073724ce0 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/hosting.stpl b/install/ubuntu/12.04/templates/web/apache2/hosting.stpl new file mode 100755 index 000000000..7a5d7787f --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/hosting.tpl b/install/ubuntu/12.04/templates/web/apache2/hosting.tpl new file mode 100755 index 000000000..ab844dc74 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/phpcgi.sh b/install/ubuntu/12.04/templates/web/apache2/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl new file mode 100755 index 000000000..aa5137308 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/phpcgi.tpl b/install/ubuntu/12.04/templates/web/apache2/phpcgi.tpl new file mode 100755 index 000000000..a05ff252d --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/phpfcgid.sh b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl new file mode 100755 index 000000000..622495756 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.tpl new file mode 100755 index 000000000..5c1f16e20 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.04/templates/web/awstats/awstats.tpl b/install/ubuntu/12.04/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/12.04/templates/web/awstats/index.tpl b/install/ubuntu/12.04/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/ubuntu/12.04/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/12.04/templates/web/awstats/nav.tpl b/install/ubuntu/12.04/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/ubuntu/12.04/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/12.04/templates/web/nginx/caching.sh b/install/ubuntu/12.04/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/ubuntu/templates/web/nginx/caching.stpl b/install/ubuntu/12.04/templates/web/nginx/caching.stpl similarity index 100% rename from install/ubuntu/templates/web/nginx/caching.stpl rename to install/ubuntu/12.04/templates/web/nginx/caching.stpl diff --git a/install/ubuntu/templates/web/nginx/caching.tpl b/install/ubuntu/12.04/templates/web/nginx/caching.tpl similarity index 95% rename from install/ubuntu/templates/web/nginx/caching.tpl rename to install/ubuntu/12.04/templates/web/nginx/caching.tpl index 1462f9e1f..36761b65c 100755 --- a/install/ubuntu/templates/web/nginx/caching.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/caching.tpl @@ -37,5 +37,5 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - include %home%/%user%/web/conf/nginx.%domain%.conf*; + include %home%/%user%/conf/web/nginx.%domain%.conf*; } diff --git a/install/ubuntu/12.04/templates/web/nginx/default.stpl b/install/ubuntu/12.04/templates/web/nginx/default.stpl new file mode 100755 index 000000000..fa5380606 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/12.04/templates/web/nginx/default.tpl b/install/ubuntu/12.04/templates/web/nginx/default.tpl new file mode 100755 index 000000000..4d5c774bc --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/12.04/templates/web/nginx/hosting.sh b/install/ubuntu/12.04/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/12.04/templates/web/nginx/hosting.stpl b/install/ubuntu/12.04/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..d778d6333 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/12.04/templates/web/nginx/hosting.tpl b/install/ubuntu/12.04/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..15961c95c --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/default.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/default.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/joomla.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/joomla.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/piwik.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/piwik.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/12.04/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/12.04/templates/web/php5-fpm/default.tpl b/install/ubuntu/12.04/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/12.04/templates/web/php5-fpm/no-php.tpl b/install/ubuntu/12.04/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/ubuntu/12.04/templates/web/php5-fpm/socket.tpl b/install/ubuntu/12.04/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/ubuntu/12.04/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/12.04/templates/web/skel/document_errors/403.html b/install/ubuntu/12.04/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/ubuntu/12.04/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/12.04/templates/web/skel/document_errors/404.html b/install/ubuntu/12.04/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/12.04/templates/web/skel/document_errors/50x.html b/install/ubuntu/12.04/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/12.04/templates/web/skel/public_html/index.html b/install/ubuntu/12.04/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/12.04/templates/web/skel/public_html/robots.txt b/install/ubuntu/12.04/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/12.04/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/12.04/templates/web/skel/public_shtml/index.html b/install/ubuntu/12.04/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/12.04/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/12.04/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/12.04/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/12.04/templates/web/suspend/.htaccess b/install/ubuntu/12.04/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/ubuntu/12.04/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/12.04/templates/web/suspend/index.html b/install/ubuntu/12.04/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/ubuntu/12.04/templates/web/webalizer/webalizer.tpl b/install/ubuntu/12.04/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/12.04/vsftpd/vsftpd.conf b/install/ubuntu/12.04/vsftpd/vsftpd.conf new file mode 100644 index 000000000..0902899e7 --- /dev/null +++ b/install/ubuntu/12.04/vsftpd/vsftpd.conf @@ -0,0 +1,24 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/ubuntu/12.10/apache2/apache2.conf b/install/ubuntu/12.10/apache2/apache2.conf new file mode 100644 index 000000000..221780117 --- /dev/null +++ b/install/ubuntu/12.10/apache2/apache2.conf @@ -0,0 +1,86 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ diff --git a/install/ubuntu/12.10/apache2/status.conf b/install/ubuntu/12.10/apache2/status.conf new file mode 100644 index 000000000..da9d96333 --- /dev/null +++ b/install/ubuntu/12.10/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/12.10/bind/named.conf b/install/ubuntu/12.10/bind/named.conf new file mode 100644 index 000000000..ed6ece885 --- /dev/null +++ b/install/ubuntu/12.10/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/12.10/clamav/clamd.conf b/install/ubuntu/12.10/clamav/clamd.conf new file mode 100644 index 000000000..ea982697a --- /dev/null +++ b/install/ubuntu/12.10/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/12.10/deb_signing.key b/install/ubuntu/12.10/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/ubuntu/12.10/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/12.10/dovecot.tar.gz b/install/ubuntu/12.10/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/ubuntu/12.10/dovecot.tar.gz differ diff --git a/install/ubuntu/12.10/dovecot/conf.d/10-auth.conf b/install/ubuntu/12.10/dovecot/conf.d/10-auth.conf new file mode 100644 index 000000000..dfcc83110 --- /dev/null +++ b/install/ubuntu/12.10/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/12.10/dovecot/conf.d/10-logging.conf b/install/ubuntu/12.10/dovecot/conf.d/10-logging.conf new file mode 100644 index 000000000..a5f207d51 --- /dev/null +++ b/install/ubuntu/12.10/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/12.10/dovecot/conf.d/10-mail.conf b/install/ubuntu/12.10/dovecot/conf.d/10-mail.conf new file mode 100644 index 000000000..55313419e --- /dev/null +++ b/install/ubuntu/12.10/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/12.10/dovecot/conf.d/10-master.conf b/install/ubuntu/12.10/dovecot/conf.d/10-master.conf new file mode 100644 index 000000000..a75a9aaa4 --- /dev/null +++ b/install/ubuntu/12.10/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/12.10/dovecot/conf.d/10-ssl.conf b/install/ubuntu/12.10/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/ubuntu/12.10/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/12.10/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/12.10/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 000000000..75e6e1152 --- /dev/null +++ b/install/ubuntu/12.10/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/12.10/dovecot/dovecot.conf b/install/ubuntu/12.10/dovecot/dovecot.conf new file mode 100644 index 000000000..0a8553510 --- /dev/null +++ b/install/ubuntu/12.10/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/12.10/exim/dnsbl.conf b/install/ubuntu/12.10/exim/dnsbl.conf new file mode 100644 index 000000000..5166b255e --- /dev/null +++ b/install/ubuntu/12.10/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/12.10/exim/exim4.conf.template b/install/ubuntu/12.10/exim/exim4.conf.template new file mode 100644 index 000000000..742f0409e --- /dev/null +++ b/install/ubuntu/12.10/exim/exim4.conf.template @@ -0,0 +1,377 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/12.10/exim/spam-blocks.conf b/install/ubuntu/12.10/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/ubuntu/12.10/fail2ban.tar.gz b/install/ubuntu/12.10/fail2ban.tar.gz new file mode 100644 index 000000000..628545b6b Binary files /dev/null and b/install/ubuntu/12.10/fail2ban.tar.gz differ diff --git a/install/ubuntu/12.10/fail2ban/action.d/vesta.conf b/install/ubuntu/12.10/fail2ban/action.d/vesta.conf new file mode 100644 index 000000000..0edfc3491 --- /dev/null +++ b/install/ubuntu/12.10/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/12.10/fail2ban/filter.d/vesta.conf b/install/ubuntu/12.10/fail2ban/filter.d/vesta.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/ubuntu/12.10/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/12.10/fail2ban/jail.local b/install/ubuntu/12.10/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/ubuntu/12.10/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/ubuntu/12.10/firewall.tar.gz b/install/ubuntu/12.10/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/ubuntu/12.10/firewall.tar.gz differ diff --git a/install/ubuntu/12.10/firewall/ports.conf b/install/ubuntu/12.10/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/ubuntu/12.10/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/12.10/firewall/rules.conf b/install/ubuntu/12.10/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/ubuntu/12.10/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/12.10/logrotate/apache2 b/install/ubuntu/12.10/logrotate/apache2 new file mode 100644 index 000000000..27629d0dd --- /dev/null +++ b/install/ubuntu/12.10/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/12.10/logrotate/nginx b/install/ubuntu/12.10/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/ubuntu/12.10/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/12.10/logrotate/vesta b/install/ubuntu/12.10/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/ubuntu/12.10/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/12.10/mysql/my-large.cnf b/install/ubuntu/12.10/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/ubuntu/12.10/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/12.10/mysql/my-medium.cnf b/install/ubuntu/12.10/mysql/my-medium.cnf new file mode 100644 index 000000000..1c10ab9a6 --- /dev/null +++ b/install/ubuntu/12.10/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/12.10/mysql/my-small.cnf b/install/ubuntu/12.10/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/ubuntu/12.10/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/12.10/nginx/nginx.conf b/install/ubuntu/12.10/nginx/nginx.conf new file mode 100644 index 000000000..7937301c1 --- /dev/null +++ b/install/ubuntu/12.10/nginx/nginx.conf @@ -0,0 +1,124 @@ +# Server globals +user www-data; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 199.27.128.0/21; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 172.64.0.0/13; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/12.10/nginx/phpmyadmin.inc b/install/ubuntu/12.10/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/ubuntu/12.10/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/12.10/nginx/phppgadmin.inc b/install/ubuntu/12.10/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/ubuntu/12.10/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/12.10/nginx/status.conf b/install/ubuntu/12.10/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/ubuntu/12.10/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/12.10/nginx/webmail.inc b/install/ubuntu/12.10/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/ubuntu/12.10/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/12.10/packages.tar.gz b/install/ubuntu/12.10/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/ubuntu/12.10/packages.tar.gz differ diff --git a/install/ubuntu/12.10/packages/default.pkg b/install/ubuntu/12.10/packages/default.pkg new file mode 100644 index 000000000..29585bacb --- /dev/null +++ b/install/ubuntu/12.10/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2012-09-26' diff --git a/install/ubuntu/12.10/packages/gainsboro.pkg b/install/ubuntu/12.10/packages/gainsboro.pkg new file mode 100644 index 000000000..c3df50258 --- /dev/null +++ b/install/ubuntu/12.10/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2012-07-26' diff --git a/install/ubuntu/12.10/packages/palegreen.pkg b/install/ubuntu/12.10/packages/palegreen.pkg new file mode 100644 index 000000000..d08930f7b --- /dev/null +++ b/install/ubuntu/12.10/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2013-06-10' diff --git a/install/ubuntu/12.10/packages/slategrey.pkg b/install/ubuntu/12.10/packages/slategrey.pkg new file mode 100644 index 000000000..15a17dcd3 --- /dev/null +++ b/install/ubuntu/12.10/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2012-09-20' diff --git a/install/ubuntu/12.10/pga/config.inc.php b/install/ubuntu/12.10/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/ubuntu/12.10/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/12.10/pga/phppgadmin.conf b/install/ubuntu/12.10/pga/phppgadmin.conf new file mode 100644 index 000000000..f39247d6f --- /dev/null +++ b/install/ubuntu/12.10/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/12.10/php5-fpm/www.conf b/install/ubuntu/12.10/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/ubuntu/12.10/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/ubuntu/12.10/pma/apache.conf b/install/ubuntu/12.10/pma/apache.conf new file mode 100644 index 000000000..2a8f69e25 --- /dev/null +++ b/install/ubuntu/12.10/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/12.10/pma/config.inc.php b/install/ubuntu/12.10/pma/config.inc.php new file mode 100644 index 000000000..a643a065b --- /dev/null +++ b/install/ubuntu/12.10/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/12.10/roundcube/apache.conf b/install/ubuntu/12.10/roundcube/apache.conf new file mode 100644 index 000000000..a0c87bcc6 --- /dev/null +++ b/install/ubuntu/12.10/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/12.10/roundcube/config.inc.php b/install/ubuntu/12.10/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/ubuntu/12.10/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/12.10/roundcube/main.inc.php b/install/ubuntu/12.10/roundcube/main.inc.php new file mode 100644 index 000000000..97cdbf2df --- /dev/null +++ b/install/ubuntu/12.10/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/12.10/roundcube/vesta.php b/install/ubuntu/12.10/roundcube/vesta.php new file mode 100644 index 000000000..8fb202a44 --- /dev/null +++ b/install/ubuntu/12.10/roundcube/vesta.php @@ -0,0 +1,62 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/12.10/sudo/admin b/install/ubuntu/12.10/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/ubuntu/12.10/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/12.10/templates.tar.gz b/install/ubuntu/12.10/templates.tar.gz new file mode 100644 index 000000000..ce385d269 Binary files /dev/null and b/install/ubuntu/12.10/templates.tar.gz differ diff --git a/install/ubuntu/12.10/templates/dns/child-ns.tpl b/install/ubuntu/12.10/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/ubuntu/12.10/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.10/templates/dns/default.tpl b/install/ubuntu/12.10/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/ubuntu/12.10/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.10/templates/dns/gmail.tpl b/install/ubuntu/12.10/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/ubuntu/12.10/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/12.10/templates/web/apache2/basedir.stpl b/install/ubuntu/12.10/templates/web/apache2/basedir.stpl new file mode 100755 index 000000000..3f71e6999 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/basedir.tpl b/install/ubuntu/12.10/templates/web/apache2/basedir.tpl new file mode 100755 index 000000000..75daf0e10 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/default.stpl b/install/ubuntu/12.10/templates/web/apache2/default.stpl new file mode 100755 index 000000000..e884a95b9 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/default.tpl b/install/ubuntu/12.10/templates/web/apache2/default.tpl new file mode 100755 index 000000000..073724ce0 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/hosting.stpl b/install/ubuntu/12.10/templates/web/apache2/hosting.stpl new file mode 100755 index 000000000..7a5d7787f --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/hosting.tpl b/install/ubuntu/12.10/templates/web/apache2/hosting.tpl new file mode 100755 index 000000000..ab844dc74 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/phpcgi.sh b/install/ubuntu/12.10/templates/web/apache2/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl new file mode 100755 index 000000000..aa5137308 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/phpcgi.tpl b/install/ubuntu/12.10/templates/web/apache2/phpcgi.tpl new file mode 100755 index 000000000..a05ff252d --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/phpfcgid.sh b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl new file mode 100755 index 000000000..622495756 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.tpl new file mode 100755 index 000000000..5c1f16e20 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/12.10/templates/web/awstats/awstats.tpl b/install/ubuntu/12.10/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/12.10/templates/web/awstats/index.tpl b/install/ubuntu/12.10/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/ubuntu/12.10/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/12.10/templates/web/awstats/nav.tpl b/install/ubuntu/12.10/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/ubuntu/12.10/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/12.10/templates/web/nginx/caching.sh b/install/ubuntu/12.10/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/ubuntu/12.10/templates/web/nginx/caching.stpl b/install/ubuntu/12.10/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..ca6cffe32 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/caching.tpl b/install/ubuntu/12.10/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..36761b65c --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/default.stpl b/install/ubuntu/12.10/templates/web/nginx/default.stpl new file mode 100755 index 000000000..fa5380606 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/12.10/templates/web/nginx/default.tpl b/install/ubuntu/12.10/templates/web/nginx/default.tpl new file mode 100755 index 000000000..4d5c774bc --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/12.10/templates/web/nginx/hosting.sh b/install/ubuntu/12.10/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/12.10/templates/web/nginx/hosting.stpl b/install/ubuntu/12.10/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..d778d6333 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/12.10/templates/web/nginx/hosting.tpl b/install/ubuntu/12.10/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..15961c95c --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/default.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/default.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/joomla.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/joomla.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/piwik.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/piwik.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/12.10/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/12.10/templates/web/php5-fpm/default.tpl b/install/ubuntu/12.10/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/12.10/templates/web/php5-fpm/no-php.tpl b/install/ubuntu/12.10/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/ubuntu/12.10/templates/web/php5-fpm/socket.tpl b/install/ubuntu/12.10/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/ubuntu/12.10/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/12.10/templates/web/skel/document_errors/403.html b/install/ubuntu/12.10/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/ubuntu/12.10/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/12.10/templates/web/skel/document_errors/404.html b/install/ubuntu/12.10/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/12.10/templates/web/skel/document_errors/50x.html b/install/ubuntu/12.10/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/12.10/templates/web/skel/public_html/index.html b/install/ubuntu/12.10/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/12.10/templates/web/skel/public_html/robots.txt b/install/ubuntu/12.10/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/12.10/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/12.10/templates/web/skel/public_shtml/index.html b/install/ubuntu/12.10/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/12.10/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/12.10/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/12.10/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/12.10/templates/web/suspend/.htaccess b/install/ubuntu/12.10/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/ubuntu/12.10/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/12.10/templates/web/suspend/index.html b/install/ubuntu/12.10/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/ubuntu/12.10/templates/web/webalizer/webalizer.tpl b/install/ubuntu/12.10/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/12.10/vsftpd/vsftpd.conf b/install/ubuntu/12.10/vsftpd/vsftpd.conf new file mode 100644 index 000000000..0902899e7 --- /dev/null +++ b/install/ubuntu/12.10/vsftpd/vsftpd.conf @@ -0,0 +1,24 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/ubuntu/13.04/apache2/apache2.conf b/install/ubuntu/13.04/apache2/apache2.conf new file mode 100644 index 000000000..221780117 --- /dev/null +++ b/install/ubuntu/13.04/apache2/apache2.conf @@ -0,0 +1,86 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ diff --git a/install/ubuntu/13.04/apache2/status.conf b/install/ubuntu/13.04/apache2/status.conf new file mode 100644 index 000000000..da9d96333 --- /dev/null +++ b/install/ubuntu/13.04/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/13.04/bind/named.conf b/install/ubuntu/13.04/bind/named.conf new file mode 100644 index 000000000..ed6ece885 --- /dev/null +++ b/install/ubuntu/13.04/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/13.04/clamav/clamd.conf b/install/ubuntu/13.04/clamav/clamd.conf new file mode 100644 index 000000000..ea982697a --- /dev/null +++ b/install/ubuntu/13.04/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/13.04/deb_signing.key b/install/ubuntu/13.04/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/ubuntu/13.04/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/13.04/dovecot.tar.gz b/install/ubuntu/13.04/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/ubuntu/13.04/dovecot.tar.gz differ diff --git a/install/ubuntu/13.04/dovecot/conf.d/10-auth.conf b/install/ubuntu/13.04/dovecot/conf.d/10-auth.conf new file mode 100644 index 000000000..dfcc83110 --- /dev/null +++ b/install/ubuntu/13.04/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/13.04/dovecot/conf.d/10-logging.conf b/install/ubuntu/13.04/dovecot/conf.d/10-logging.conf new file mode 100644 index 000000000..a5f207d51 --- /dev/null +++ b/install/ubuntu/13.04/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/13.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/13.04/dovecot/conf.d/10-mail.conf new file mode 100644 index 000000000..55313419e --- /dev/null +++ b/install/ubuntu/13.04/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/13.04/dovecot/conf.d/10-master.conf b/install/ubuntu/13.04/dovecot/conf.d/10-master.conf new file mode 100644 index 000000000..a75a9aaa4 --- /dev/null +++ b/install/ubuntu/13.04/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/13.04/dovecot/conf.d/10-ssl.conf b/install/ubuntu/13.04/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/ubuntu/13.04/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/13.04/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/13.04/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 000000000..75e6e1152 --- /dev/null +++ b/install/ubuntu/13.04/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/13.04/dovecot/dovecot.conf b/install/ubuntu/13.04/dovecot/dovecot.conf new file mode 100644 index 000000000..0a8553510 --- /dev/null +++ b/install/ubuntu/13.04/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/13.04/exim/dnsbl.conf b/install/ubuntu/13.04/exim/dnsbl.conf new file mode 100644 index 000000000..5166b255e --- /dev/null +++ b/install/ubuntu/13.04/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/13.04/exim/exim4.conf.template b/install/ubuntu/13.04/exim/exim4.conf.template new file mode 100644 index 000000000..742f0409e --- /dev/null +++ b/install/ubuntu/13.04/exim/exim4.conf.template @@ -0,0 +1,377 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/13.04/exim/spam-blocks.conf b/install/ubuntu/13.04/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/ubuntu/13.04/fail2ban.tar.gz b/install/ubuntu/13.04/fail2ban.tar.gz new file mode 100644 index 000000000..628545b6b Binary files /dev/null and b/install/ubuntu/13.04/fail2ban.tar.gz differ diff --git a/install/ubuntu/13.04/fail2ban/action.d/vesta.conf b/install/ubuntu/13.04/fail2ban/action.d/vesta.conf new file mode 100644 index 000000000..0edfc3491 --- /dev/null +++ b/install/ubuntu/13.04/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/13.04/fail2ban/filter.d/vesta.conf b/install/ubuntu/13.04/fail2ban/filter.d/vesta.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/ubuntu/13.04/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/13.04/fail2ban/jail.local b/install/ubuntu/13.04/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/ubuntu/13.04/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/ubuntu/13.04/firewall.tar.gz b/install/ubuntu/13.04/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/ubuntu/13.04/firewall.tar.gz differ diff --git a/install/ubuntu/13.04/firewall/ports.conf b/install/ubuntu/13.04/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/ubuntu/13.04/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/13.04/firewall/rules.conf b/install/ubuntu/13.04/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/ubuntu/13.04/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/13.04/logrotate/apache2 b/install/ubuntu/13.04/logrotate/apache2 new file mode 100644 index 000000000..27629d0dd --- /dev/null +++ b/install/ubuntu/13.04/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/13.04/logrotate/nginx b/install/ubuntu/13.04/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/ubuntu/13.04/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/13.04/logrotate/vesta b/install/ubuntu/13.04/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/ubuntu/13.04/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/13.04/mysql/my-large.cnf b/install/ubuntu/13.04/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/ubuntu/13.04/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/13.04/mysql/my-medium.cnf b/install/ubuntu/13.04/mysql/my-medium.cnf new file mode 100644 index 000000000..1c10ab9a6 --- /dev/null +++ b/install/ubuntu/13.04/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/13.04/mysql/my-small.cnf b/install/ubuntu/13.04/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/ubuntu/13.04/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/13.04/nginx/nginx.conf b/install/ubuntu/13.04/nginx/nginx.conf new file mode 100644 index 000000000..7937301c1 --- /dev/null +++ b/install/ubuntu/13.04/nginx/nginx.conf @@ -0,0 +1,124 @@ +# Server globals +user www-data; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 199.27.128.0/21; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 172.64.0.0/13; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/13.04/nginx/phpmyadmin.inc b/install/ubuntu/13.04/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/ubuntu/13.04/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/13.04/nginx/phppgadmin.inc b/install/ubuntu/13.04/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/ubuntu/13.04/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/13.04/nginx/status.conf b/install/ubuntu/13.04/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/ubuntu/13.04/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/13.04/nginx/webmail.inc b/install/ubuntu/13.04/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/ubuntu/13.04/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/13.04/packages.tar.gz b/install/ubuntu/13.04/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/ubuntu/13.04/packages.tar.gz differ diff --git a/install/ubuntu/13.04/packages/default.pkg b/install/ubuntu/13.04/packages/default.pkg new file mode 100644 index 000000000..29585bacb --- /dev/null +++ b/install/ubuntu/13.04/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2012-09-26' diff --git a/install/ubuntu/13.04/packages/gainsboro.pkg b/install/ubuntu/13.04/packages/gainsboro.pkg new file mode 100644 index 000000000..c3df50258 --- /dev/null +++ b/install/ubuntu/13.04/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2012-07-26' diff --git a/install/ubuntu/13.04/packages/palegreen.pkg b/install/ubuntu/13.04/packages/palegreen.pkg new file mode 100644 index 000000000..d08930f7b --- /dev/null +++ b/install/ubuntu/13.04/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2013-06-10' diff --git a/install/ubuntu/13.04/packages/slategrey.pkg b/install/ubuntu/13.04/packages/slategrey.pkg new file mode 100644 index 000000000..15a17dcd3 --- /dev/null +++ b/install/ubuntu/13.04/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2012-09-20' diff --git a/install/ubuntu/13.04/pga/config.inc.php b/install/ubuntu/13.04/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/ubuntu/13.04/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/13.04/pga/phppgadmin.conf b/install/ubuntu/13.04/pga/phppgadmin.conf new file mode 100644 index 000000000..f39247d6f --- /dev/null +++ b/install/ubuntu/13.04/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/13.04/php5-fpm/www.conf b/install/ubuntu/13.04/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/ubuntu/13.04/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/ubuntu/13.04/pma/apache.conf b/install/ubuntu/13.04/pma/apache.conf new file mode 100644 index 000000000..2a8f69e25 --- /dev/null +++ b/install/ubuntu/13.04/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/13.04/pma/config.inc.php b/install/ubuntu/13.04/pma/config.inc.php new file mode 100644 index 000000000..a643a065b --- /dev/null +++ b/install/ubuntu/13.04/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/13.04/roundcube/apache.conf b/install/ubuntu/13.04/roundcube/apache.conf new file mode 100644 index 000000000..a0c87bcc6 --- /dev/null +++ b/install/ubuntu/13.04/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/13.04/roundcube/config.inc.php b/install/ubuntu/13.04/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/ubuntu/13.04/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/13.04/roundcube/main.inc.php b/install/ubuntu/13.04/roundcube/main.inc.php new file mode 100644 index 000000000..97cdbf2df --- /dev/null +++ b/install/ubuntu/13.04/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/13.04/roundcube/vesta.php b/install/ubuntu/13.04/roundcube/vesta.php new file mode 100644 index 000000000..8fb202a44 --- /dev/null +++ b/install/ubuntu/13.04/roundcube/vesta.php @@ -0,0 +1,62 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/13.04/sudo/admin b/install/ubuntu/13.04/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/ubuntu/13.04/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/13.04/templates.tar.gz b/install/ubuntu/13.04/templates.tar.gz new file mode 100644 index 000000000..ce385d269 Binary files /dev/null and b/install/ubuntu/13.04/templates.tar.gz differ diff --git a/install/ubuntu/13.04/templates/dns/child-ns.tpl b/install/ubuntu/13.04/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/ubuntu/13.04/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.04/templates/dns/default.tpl b/install/ubuntu/13.04/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/ubuntu/13.04/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.04/templates/dns/gmail.tpl b/install/ubuntu/13.04/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/ubuntu/13.04/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.04/templates/web/apache2/basedir.stpl b/install/ubuntu/13.04/templates/web/apache2/basedir.stpl new file mode 100755 index 000000000..3f71e6999 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/basedir.tpl b/install/ubuntu/13.04/templates/web/apache2/basedir.tpl new file mode 100755 index 000000000..75daf0e10 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/default.stpl b/install/ubuntu/13.04/templates/web/apache2/default.stpl new file mode 100755 index 000000000..e884a95b9 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/default.tpl b/install/ubuntu/13.04/templates/web/apache2/default.tpl new file mode 100755 index 000000000..073724ce0 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/hosting.stpl b/install/ubuntu/13.04/templates/web/apache2/hosting.stpl new file mode 100755 index 000000000..7a5d7787f --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/hosting.tpl b/install/ubuntu/13.04/templates/web/apache2/hosting.tpl new file mode 100755 index 000000000..ab844dc74 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/phpcgi.sh b/install/ubuntu/13.04/templates/web/apache2/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl new file mode 100755 index 000000000..aa5137308 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/phpcgi.tpl b/install/ubuntu/13.04/templates/web/apache2/phpcgi.tpl new file mode 100755 index 000000000..a05ff252d --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/phpfcgid.sh b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl new file mode 100755 index 000000000..622495756 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.tpl new file mode 100755 index 000000000..5c1f16e20 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.04/templates/web/awstats/awstats.tpl b/install/ubuntu/13.04/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/13.04/templates/web/awstats/index.tpl b/install/ubuntu/13.04/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/ubuntu/13.04/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/13.04/templates/web/awstats/nav.tpl b/install/ubuntu/13.04/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/ubuntu/13.04/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/13.04/templates/web/nginx/caching.sh b/install/ubuntu/13.04/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/ubuntu/13.04/templates/web/nginx/caching.stpl b/install/ubuntu/13.04/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..ca6cffe32 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/caching.tpl b/install/ubuntu/13.04/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..36761b65c --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/default.stpl b/install/ubuntu/13.04/templates/web/nginx/default.stpl new file mode 100755 index 000000000..fa5380606 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/13.04/templates/web/nginx/default.tpl b/install/ubuntu/13.04/templates/web/nginx/default.tpl new file mode 100755 index 000000000..4d5c774bc --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/13.04/templates/web/nginx/hosting.sh b/install/ubuntu/13.04/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/13.04/templates/web/nginx/hosting.stpl b/install/ubuntu/13.04/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..d778d6333 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/13.04/templates/web/nginx/hosting.tpl b/install/ubuntu/13.04/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..15961c95c --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/default.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/default.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/joomla.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/joomla.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/piwik.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/piwik.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/13.04/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/13.04/templates/web/php5-fpm/default.tpl b/install/ubuntu/13.04/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/13.04/templates/web/php5-fpm/no-php.tpl b/install/ubuntu/13.04/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/ubuntu/13.04/templates/web/php5-fpm/socket.tpl b/install/ubuntu/13.04/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/ubuntu/13.04/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/13.04/templates/web/skel/document_errors/403.html b/install/ubuntu/13.04/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/ubuntu/13.04/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/13.04/templates/web/skel/document_errors/404.html b/install/ubuntu/13.04/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/13.04/templates/web/skel/document_errors/50x.html b/install/ubuntu/13.04/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/13.04/templates/web/skel/public_html/index.html b/install/ubuntu/13.04/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/13.04/templates/web/skel/public_html/robots.txt b/install/ubuntu/13.04/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/13.04/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/13.04/templates/web/skel/public_shtml/index.html b/install/ubuntu/13.04/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/13.04/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/13.04/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/13.04/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/13.04/templates/web/suspend/.htaccess b/install/ubuntu/13.04/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/ubuntu/13.04/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/13.04/templates/web/suspend/index.html b/install/ubuntu/13.04/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/ubuntu/13.04/templates/web/webalizer/webalizer.tpl b/install/ubuntu/13.04/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/13.04/vsftpd/vsftpd.conf b/install/ubuntu/13.04/vsftpd/vsftpd.conf new file mode 100644 index 000000000..0902899e7 --- /dev/null +++ b/install/ubuntu/13.04/vsftpd/vsftpd.conf @@ -0,0 +1,24 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/ubuntu/13.10/apache2/apache2.conf b/install/ubuntu/13.10/apache2/apache2.conf new file mode 100644 index 000000000..221780117 --- /dev/null +++ b/install/ubuntu/13.10/apache2/apache2.conf @@ -0,0 +1,86 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ diff --git a/install/ubuntu/13.10/apache2/status.conf b/install/ubuntu/13.10/apache2/status.conf new file mode 100644 index 000000000..da9d96333 --- /dev/null +++ b/install/ubuntu/13.10/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/13.10/bind/named.conf b/install/ubuntu/13.10/bind/named.conf new file mode 100644 index 000000000..ed6ece885 --- /dev/null +++ b/install/ubuntu/13.10/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/13.10/clamav/clamd.conf b/install/ubuntu/13.10/clamav/clamd.conf new file mode 100644 index 000000000..ea982697a --- /dev/null +++ b/install/ubuntu/13.10/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/13.10/deb_signing.key b/install/ubuntu/13.10/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/ubuntu/13.10/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/13.10/dovecot.tar.gz b/install/ubuntu/13.10/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/ubuntu/13.10/dovecot.tar.gz differ diff --git a/install/ubuntu/13.10/dovecot/conf.d/10-auth.conf b/install/ubuntu/13.10/dovecot/conf.d/10-auth.conf new file mode 100644 index 000000000..dfcc83110 --- /dev/null +++ b/install/ubuntu/13.10/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/13.10/dovecot/conf.d/10-logging.conf b/install/ubuntu/13.10/dovecot/conf.d/10-logging.conf new file mode 100644 index 000000000..a5f207d51 --- /dev/null +++ b/install/ubuntu/13.10/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/13.10/dovecot/conf.d/10-mail.conf b/install/ubuntu/13.10/dovecot/conf.d/10-mail.conf new file mode 100644 index 000000000..55313419e --- /dev/null +++ b/install/ubuntu/13.10/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/13.10/dovecot/conf.d/10-master.conf b/install/ubuntu/13.10/dovecot/conf.d/10-master.conf new file mode 100644 index 000000000..a75a9aaa4 --- /dev/null +++ b/install/ubuntu/13.10/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/13.10/dovecot/conf.d/10-ssl.conf b/install/ubuntu/13.10/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/ubuntu/13.10/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/13.10/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/13.10/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 000000000..75e6e1152 --- /dev/null +++ b/install/ubuntu/13.10/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/13.10/dovecot/dovecot.conf b/install/ubuntu/13.10/dovecot/dovecot.conf new file mode 100644 index 000000000..0a8553510 --- /dev/null +++ b/install/ubuntu/13.10/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/13.10/exim/dnsbl.conf b/install/ubuntu/13.10/exim/dnsbl.conf new file mode 100644 index 000000000..5166b255e --- /dev/null +++ b/install/ubuntu/13.10/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/13.10/exim/exim4.conf.template b/install/ubuntu/13.10/exim/exim4.conf.template new file mode 100644 index 000000000..742f0409e --- /dev/null +++ b/install/ubuntu/13.10/exim/exim4.conf.template @@ -0,0 +1,377 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/13.10/exim/spam-blocks.conf b/install/ubuntu/13.10/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/ubuntu/13.10/fail2ban.tar.gz b/install/ubuntu/13.10/fail2ban.tar.gz new file mode 100644 index 000000000..628545b6b Binary files /dev/null and b/install/ubuntu/13.10/fail2ban.tar.gz differ diff --git a/install/ubuntu/13.10/fail2ban/action.d/vesta.conf b/install/ubuntu/13.10/fail2ban/action.d/vesta.conf new file mode 100644 index 000000000..0edfc3491 --- /dev/null +++ b/install/ubuntu/13.10/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/13.10/fail2ban/filter.d/vesta.conf b/install/ubuntu/13.10/fail2ban/filter.d/vesta.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/ubuntu/13.10/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/13.10/fail2ban/jail.local b/install/ubuntu/13.10/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/ubuntu/13.10/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/ubuntu/13.10/firewall.tar.gz b/install/ubuntu/13.10/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/ubuntu/13.10/firewall.tar.gz differ diff --git a/install/ubuntu/13.10/firewall/ports.conf b/install/ubuntu/13.10/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/ubuntu/13.10/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/13.10/firewall/rules.conf b/install/ubuntu/13.10/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/ubuntu/13.10/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/13.10/logrotate/apache2 b/install/ubuntu/13.10/logrotate/apache2 new file mode 100644 index 000000000..27629d0dd --- /dev/null +++ b/install/ubuntu/13.10/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/13.10/logrotate/nginx b/install/ubuntu/13.10/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/ubuntu/13.10/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/13.10/logrotate/vesta b/install/ubuntu/13.10/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/ubuntu/13.10/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/13.10/mysql/my-large.cnf b/install/ubuntu/13.10/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/ubuntu/13.10/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/13.10/mysql/my-medium.cnf b/install/ubuntu/13.10/mysql/my-medium.cnf new file mode 100644 index 000000000..1c10ab9a6 --- /dev/null +++ b/install/ubuntu/13.10/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/13.10/mysql/my-small.cnf b/install/ubuntu/13.10/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/ubuntu/13.10/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/13.10/nginx/nginx.conf b/install/ubuntu/13.10/nginx/nginx.conf new file mode 100644 index 000000000..7937301c1 --- /dev/null +++ b/install/ubuntu/13.10/nginx/nginx.conf @@ -0,0 +1,124 @@ +# Server globals +user www-data; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 199.27.128.0/21; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 172.64.0.0/13; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/13.10/nginx/phpmyadmin.inc b/install/ubuntu/13.10/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/ubuntu/13.10/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/13.10/nginx/phppgadmin.inc b/install/ubuntu/13.10/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/ubuntu/13.10/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/13.10/nginx/status.conf b/install/ubuntu/13.10/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/ubuntu/13.10/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/13.10/nginx/webmail.inc b/install/ubuntu/13.10/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/ubuntu/13.10/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/13.10/packages.tar.gz b/install/ubuntu/13.10/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/ubuntu/13.10/packages.tar.gz differ diff --git a/install/ubuntu/13.10/packages/default.pkg b/install/ubuntu/13.10/packages/default.pkg new file mode 100644 index 000000000..29585bacb --- /dev/null +++ b/install/ubuntu/13.10/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2012-09-26' diff --git a/install/ubuntu/13.10/packages/gainsboro.pkg b/install/ubuntu/13.10/packages/gainsboro.pkg new file mode 100644 index 000000000..c3df50258 --- /dev/null +++ b/install/ubuntu/13.10/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2012-07-26' diff --git a/install/ubuntu/13.10/packages/palegreen.pkg b/install/ubuntu/13.10/packages/palegreen.pkg new file mode 100644 index 000000000..d08930f7b --- /dev/null +++ b/install/ubuntu/13.10/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2013-06-10' diff --git a/install/ubuntu/13.10/packages/slategrey.pkg b/install/ubuntu/13.10/packages/slategrey.pkg new file mode 100644 index 000000000..15a17dcd3 --- /dev/null +++ b/install/ubuntu/13.10/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2012-09-20' diff --git a/install/ubuntu/13.10/pga/config.inc.php b/install/ubuntu/13.10/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/ubuntu/13.10/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/13.10/pga/phppgadmin.conf b/install/ubuntu/13.10/pga/phppgadmin.conf new file mode 100644 index 000000000..f39247d6f --- /dev/null +++ b/install/ubuntu/13.10/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/13.10/php5-fpm/www.conf b/install/ubuntu/13.10/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/ubuntu/13.10/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/ubuntu/13.10/pma/apache.conf b/install/ubuntu/13.10/pma/apache.conf new file mode 100644 index 000000000..2a8f69e25 --- /dev/null +++ b/install/ubuntu/13.10/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/13.10/pma/config.inc.php b/install/ubuntu/13.10/pma/config.inc.php new file mode 100644 index 000000000..a643a065b --- /dev/null +++ b/install/ubuntu/13.10/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/13.10/roundcube/apache.conf b/install/ubuntu/13.10/roundcube/apache.conf new file mode 100644 index 000000000..a0c87bcc6 --- /dev/null +++ b/install/ubuntu/13.10/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/13.10/roundcube/config.inc.php b/install/ubuntu/13.10/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/ubuntu/13.10/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/13.10/roundcube/main.inc.php b/install/ubuntu/13.10/roundcube/main.inc.php new file mode 100644 index 000000000..97cdbf2df --- /dev/null +++ b/install/ubuntu/13.10/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/13.10/roundcube/vesta.php b/install/ubuntu/13.10/roundcube/vesta.php new file mode 100644 index 000000000..8fb202a44 --- /dev/null +++ b/install/ubuntu/13.10/roundcube/vesta.php @@ -0,0 +1,62 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/13.10/sudo/admin b/install/ubuntu/13.10/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/ubuntu/13.10/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/13.10/templates.tar.gz b/install/ubuntu/13.10/templates.tar.gz new file mode 100644 index 000000000..ce385d269 Binary files /dev/null and b/install/ubuntu/13.10/templates.tar.gz differ diff --git a/install/ubuntu/13.10/templates/dns/child-ns.tpl b/install/ubuntu/13.10/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/ubuntu/13.10/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.10/templates/dns/default.tpl b/install/ubuntu/13.10/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/ubuntu/13.10/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.10/templates/dns/gmail.tpl b/install/ubuntu/13.10/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/ubuntu/13.10/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/13.10/templates/web/apache2/basedir.stpl b/install/ubuntu/13.10/templates/web/apache2/basedir.stpl new file mode 100755 index 000000000..3f71e6999 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/basedir.tpl b/install/ubuntu/13.10/templates/web/apache2/basedir.tpl new file mode 100755 index 000000000..75daf0e10 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/default.stpl b/install/ubuntu/13.10/templates/web/apache2/default.stpl new file mode 100755 index 000000000..e884a95b9 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/default.tpl b/install/ubuntu/13.10/templates/web/apache2/default.tpl new file mode 100755 index 000000000..073724ce0 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/hosting.stpl b/install/ubuntu/13.10/templates/web/apache2/hosting.stpl new file mode 100755 index 000000000..7a5d7787f --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/hosting.tpl b/install/ubuntu/13.10/templates/web/apache2/hosting.tpl new file mode 100755 index 000000000..ab844dc74 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/phpcgi.sh b/install/ubuntu/13.10/templates/web/apache2/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl new file mode 100755 index 000000000..aa5137308 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/phpcgi.tpl b/install/ubuntu/13.10/templates/web/apache2/phpcgi.tpl new file mode 100755 index 000000000..a05ff252d --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/phpfcgid.sh b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl new file mode 100755 index 000000000..622495756 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.tpl new file mode 100755 index 000000000..5c1f16e20 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/13.10/templates/web/awstats/awstats.tpl b/install/ubuntu/13.10/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/13.10/templates/web/awstats/index.tpl b/install/ubuntu/13.10/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/ubuntu/13.10/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/13.10/templates/web/awstats/nav.tpl b/install/ubuntu/13.10/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/ubuntu/13.10/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/13.10/templates/web/nginx/caching.sh b/install/ubuntu/13.10/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/ubuntu/13.10/templates/web/nginx/caching.stpl b/install/ubuntu/13.10/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..ca6cffe32 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/caching.tpl b/install/ubuntu/13.10/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..36761b65c --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/default.stpl b/install/ubuntu/13.10/templates/web/nginx/default.stpl new file mode 100755 index 000000000..fa5380606 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/13.10/templates/web/nginx/default.tpl b/install/ubuntu/13.10/templates/web/nginx/default.tpl new file mode 100755 index 000000000..4d5c774bc --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/13.10/templates/web/nginx/hosting.sh b/install/ubuntu/13.10/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/13.10/templates/web/nginx/hosting.stpl b/install/ubuntu/13.10/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..d778d6333 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/13.10/templates/web/nginx/hosting.tpl b/install/ubuntu/13.10/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..15961c95c --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/default.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/default.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/joomla.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/joomla.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/piwik.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/piwik.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/13.10/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/13.10/templates/web/php5-fpm/default.tpl b/install/ubuntu/13.10/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/13.10/templates/web/php5-fpm/no-php.tpl b/install/ubuntu/13.10/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/ubuntu/13.10/templates/web/php5-fpm/socket.tpl b/install/ubuntu/13.10/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/ubuntu/13.10/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/13.10/templates/web/skel/document_errors/403.html b/install/ubuntu/13.10/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/ubuntu/13.10/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/13.10/templates/web/skel/document_errors/404.html b/install/ubuntu/13.10/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/13.10/templates/web/skel/document_errors/50x.html b/install/ubuntu/13.10/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/13.10/templates/web/skel/public_html/index.html b/install/ubuntu/13.10/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/13.10/templates/web/skel/public_html/robots.txt b/install/ubuntu/13.10/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/13.10/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/13.10/templates/web/skel/public_shtml/index.html b/install/ubuntu/13.10/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/13.10/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/13.10/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/13.10/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/13.10/templates/web/suspend/.htaccess b/install/ubuntu/13.10/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/ubuntu/13.10/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/13.10/templates/web/suspend/index.html b/install/ubuntu/13.10/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/ubuntu/13.10/templates/web/webalizer/webalizer.tpl b/install/ubuntu/13.10/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/13.10/vsftpd/vsftpd.conf b/install/ubuntu/13.10/vsftpd/vsftpd.conf new file mode 100644 index 000000000..0902899e7 --- /dev/null +++ b/install/ubuntu/13.10/vsftpd/vsftpd.conf @@ -0,0 +1,24 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/ubuntu/14.04/apache2/apache2.conf b/install/ubuntu/14.04/apache2/apache2.conf new file mode 100644 index 000000000..221780117 --- /dev/null +++ b/install/ubuntu/14.04/apache2/apache2.conf @@ -0,0 +1,86 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ diff --git a/install/ubuntu/14.04/apache2/status.conf b/install/ubuntu/14.04/apache2/status.conf new file mode 100644 index 000000000..da9d96333 --- /dev/null +++ b/install/ubuntu/14.04/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/14.04/bind/named.conf b/install/ubuntu/14.04/bind/named.conf new file mode 100644 index 000000000..ed6ece885 --- /dev/null +++ b/install/ubuntu/14.04/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/14.04/clamav/clamd.conf b/install/ubuntu/14.04/clamav/clamd.conf new file mode 100644 index 000000000..ea982697a --- /dev/null +++ b/install/ubuntu/14.04/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/14.04/deb_signing.key b/install/ubuntu/14.04/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/ubuntu/14.04/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/14.04/dovecot.tar.gz b/install/ubuntu/14.04/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/ubuntu/14.04/dovecot.tar.gz differ diff --git a/install/ubuntu/14.04/dovecot/conf.d/10-auth.conf b/install/ubuntu/14.04/dovecot/conf.d/10-auth.conf new file mode 100644 index 000000000..dfcc83110 --- /dev/null +++ b/install/ubuntu/14.04/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/14.04/dovecot/conf.d/10-logging.conf b/install/ubuntu/14.04/dovecot/conf.d/10-logging.conf new file mode 100644 index 000000000..a5f207d51 --- /dev/null +++ b/install/ubuntu/14.04/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/14.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/14.04/dovecot/conf.d/10-mail.conf new file mode 100644 index 000000000..55313419e --- /dev/null +++ b/install/ubuntu/14.04/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/14.04/dovecot/conf.d/10-master.conf b/install/ubuntu/14.04/dovecot/conf.d/10-master.conf new file mode 100644 index 000000000..a75a9aaa4 --- /dev/null +++ b/install/ubuntu/14.04/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/14.04/dovecot/conf.d/10-ssl.conf b/install/ubuntu/14.04/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/ubuntu/14.04/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/14.04/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/14.04/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 000000000..75e6e1152 --- /dev/null +++ b/install/ubuntu/14.04/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/14.04/dovecot/dovecot.conf b/install/ubuntu/14.04/dovecot/dovecot.conf new file mode 100644 index 000000000..0a8553510 --- /dev/null +++ b/install/ubuntu/14.04/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/14.04/exim/dnsbl.conf b/install/ubuntu/14.04/exim/dnsbl.conf new file mode 100644 index 000000000..5166b255e --- /dev/null +++ b/install/ubuntu/14.04/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/14.04/exim/exim4.conf.template b/install/ubuntu/14.04/exim/exim4.conf.template new file mode 100644 index 000000000..742f0409e --- /dev/null +++ b/install/ubuntu/14.04/exim/exim4.conf.template @@ -0,0 +1,377 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/14.04/exim/spam-blocks.conf b/install/ubuntu/14.04/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/ubuntu/14.04/fail2ban.tar.gz b/install/ubuntu/14.04/fail2ban.tar.gz new file mode 100644 index 000000000..628545b6b Binary files /dev/null and b/install/ubuntu/14.04/fail2ban.tar.gz differ diff --git a/install/ubuntu/14.04/fail2ban/action.d/vesta.conf b/install/ubuntu/14.04/fail2ban/action.d/vesta.conf new file mode 100644 index 000000000..0edfc3491 --- /dev/null +++ b/install/ubuntu/14.04/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/14.04/fail2ban/filter.d/vesta.conf b/install/ubuntu/14.04/fail2ban/filter.d/vesta.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/ubuntu/14.04/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/14.04/fail2ban/jail.local b/install/ubuntu/14.04/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/ubuntu/14.04/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/ubuntu/14.04/firewall.tar.gz b/install/ubuntu/14.04/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/ubuntu/14.04/firewall.tar.gz differ diff --git a/install/ubuntu/14.04/firewall/ports.conf b/install/ubuntu/14.04/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/ubuntu/14.04/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/14.04/firewall/rules.conf b/install/ubuntu/14.04/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/ubuntu/14.04/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/14.04/logrotate/apache2 b/install/ubuntu/14.04/logrotate/apache2 new file mode 100644 index 000000000..27629d0dd --- /dev/null +++ b/install/ubuntu/14.04/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/14.04/logrotate/nginx b/install/ubuntu/14.04/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/ubuntu/14.04/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/14.04/logrotate/vesta b/install/ubuntu/14.04/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/ubuntu/14.04/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/14.04/mysql/my-large.cnf b/install/ubuntu/14.04/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/ubuntu/14.04/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/14.04/mysql/my-medium.cnf b/install/ubuntu/14.04/mysql/my-medium.cnf new file mode 100644 index 000000000..1c10ab9a6 --- /dev/null +++ b/install/ubuntu/14.04/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/14.04/mysql/my-small.cnf b/install/ubuntu/14.04/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/ubuntu/14.04/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/14.04/nginx/nginx.conf b/install/ubuntu/14.04/nginx/nginx.conf new file mode 100644 index 000000000..7937301c1 --- /dev/null +++ b/install/ubuntu/14.04/nginx/nginx.conf @@ -0,0 +1,124 @@ +# Server globals +user www-data; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 199.27.128.0/21; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 172.64.0.0/13; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/14.04/nginx/phpmyadmin.inc b/install/ubuntu/14.04/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/ubuntu/14.04/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/14.04/nginx/phppgadmin.inc b/install/ubuntu/14.04/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/ubuntu/14.04/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/14.04/nginx/status.conf b/install/ubuntu/14.04/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/ubuntu/14.04/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/14.04/nginx/webmail.inc b/install/ubuntu/14.04/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/ubuntu/14.04/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/14.04/packages.tar.gz b/install/ubuntu/14.04/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/ubuntu/14.04/packages.tar.gz differ diff --git a/install/ubuntu/14.04/packages/default.pkg b/install/ubuntu/14.04/packages/default.pkg new file mode 100644 index 000000000..29585bacb --- /dev/null +++ b/install/ubuntu/14.04/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2012-09-26' diff --git a/install/ubuntu/14.04/packages/gainsboro.pkg b/install/ubuntu/14.04/packages/gainsboro.pkg new file mode 100644 index 000000000..c3df50258 --- /dev/null +++ b/install/ubuntu/14.04/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2012-07-26' diff --git a/install/ubuntu/14.04/packages/palegreen.pkg b/install/ubuntu/14.04/packages/palegreen.pkg new file mode 100644 index 000000000..d08930f7b --- /dev/null +++ b/install/ubuntu/14.04/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2013-06-10' diff --git a/install/ubuntu/14.04/packages/slategrey.pkg b/install/ubuntu/14.04/packages/slategrey.pkg new file mode 100644 index 000000000..15a17dcd3 --- /dev/null +++ b/install/ubuntu/14.04/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2012-09-20' diff --git a/install/ubuntu/14.04/pga/config.inc.php b/install/ubuntu/14.04/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/ubuntu/14.04/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/14.04/pga/phppgadmin.conf b/install/ubuntu/14.04/pga/phppgadmin.conf new file mode 100644 index 000000000..f39247d6f --- /dev/null +++ b/install/ubuntu/14.04/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/14.04/php5-fpm/www.conf b/install/ubuntu/14.04/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/ubuntu/14.04/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/ubuntu/14.04/pma/apache.conf b/install/ubuntu/14.04/pma/apache.conf new file mode 100644 index 000000000..2a8f69e25 --- /dev/null +++ b/install/ubuntu/14.04/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/14.04/pma/config.inc.php b/install/ubuntu/14.04/pma/config.inc.php new file mode 100644 index 000000000..a643a065b --- /dev/null +++ b/install/ubuntu/14.04/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/14.04/roundcube/apache.conf b/install/ubuntu/14.04/roundcube/apache.conf new file mode 100644 index 000000000..a0c87bcc6 --- /dev/null +++ b/install/ubuntu/14.04/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/14.04/roundcube/config.inc.php b/install/ubuntu/14.04/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/ubuntu/14.04/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/14.04/roundcube/main.inc.php b/install/ubuntu/14.04/roundcube/main.inc.php new file mode 100644 index 000000000..97cdbf2df --- /dev/null +++ b/install/ubuntu/14.04/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/14.04/roundcube/vesta.php b/install/ubuntu/14.04/roundcube/vesta.php new file mode 100644 index 000000000..8fb202a44 --- /dev/null +++ b/install/ubuntu/14.04/roundcube/vesta.php @@ -0,0 +1,62 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/14.04/sudo/admin b/install/ubuntu/14.04/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/ubuntu/14.04/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/14.04/templates.tar.gz b/install/ubuntu/14.04/templates.tar.gz new file mode 100644 index 000000000..ce385d269 Binary files /dev/null and b/install/ubuntu/14.04/templates.tar.gz differ diff --git a/install/ubuntu/14.04/templates/dns/child-ns.tpl b/install/ubuntu/14.04/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/ubuntu/14.04/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.04/templates/dns/default.tpl b/install/ubuntu/14.04/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/ubuntu/14.04/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.04/templates/dns/gmail.tpl b/install/ubuntu/14.04/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/ubuntu/14.04/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.04/templates/web/apache2/basedir.stpl b/install/ubuntu/14.04/templates/web/apache2/basedir.stpl new file mode 100755 index 000000000..3f71e6999 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/basedir.tpl b/install/ubuntu/14.04/templates/web/apache2/basedir.tpl new file mode 100755 index 000000000..75daf0e10 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/default.stpl b/install/ubuntu/14.04/templates/web/apache2/default.stpl new file mode 100755 index 000000000..e884a95b9 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/default.tpl b/install/ubuntu/14.04/templates/web/apache2/default.tpl new file mode 100755 index 000000000..073724ce0 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/hosting.stpl b/install/ubuntu/14.04/templates/web/apache2/hosting.stpl new file mode 100755 index 000000000..7a5d7787f --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/hosting.tpl b/install/ubuntu/14.04/templates/web/apache2/hosting.tpl new file mode 100755 index 000000000..ab844dc74 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/phpcgi.sh b/install/ubuntu/14.04/templates/web/apache2/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl new file mode 100755 index 000000000..aa5137308 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/phpcgi.tpl b/install/ubuntu/14.04/templates/web/apache2/phpcgi.tpl new file mode 100755 index 000000000..a05ff252d --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/phpfcgid.sh b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl new file mode 100755 index 000000000..622495756 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.tpl new file mode 100755 index 000000000..5c1f16e20 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.04/templates/web/awstats/awstats.tpl b/install/ubuntu/14.04/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/14.04/templates/web/awstats/index.tpl b/install/ubuntu/14.04/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/ubuntu/14.04/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/14.04/templates/web/awstats/nav.tpl b/install/ubuntu/14.04/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/ubuntu/14.04/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/14.04/templates/web/nginx/caching.sh b/install/ubuntu/14.04/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/ubuntu/14.04/templates/web/nginx/caching.stpl b/install/ubuntu/14.04/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..ca6cffe32 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/caching.tpl b/install/ubuntu/14.04/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..36761b65c --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/default.stpl b/install/ubuntu/14.04/templates/web/nginx/default.stpl new file mode 100755 index 000000000..fa5380606 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/14.04/templates/web/nginx/default.tpl b/install/ubuntu/14.04/templates/web/nginx/default.tpl new file mode 100755 index 000000000..4d5c774bc --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/14.04/templates/web/nginx/hosting.sh b/install/ubuntu/14.04/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/14.04/templates/web/nginx/hosting.stpl b/install/ubuntu/14.04/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..d778d6333 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/14.04/templates/web/nginx/hosting.tpl b/install/ubuntu/14.04/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..15961c95c --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/default.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/default.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/joomla.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/joomla.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/piwik.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/piwik.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/14.04/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/14.04/templates/web/php5-fpm/default.tpl b/install/ubuntu/14.04/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/14.04/templates/web/php5-fpm/no-php.tpl b/install/ubuntu/14.04/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/ubuntu/14.04/templates/web/php5-fpm/socket.tpl b/install/ubuntu/14.04/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/ubuntu/14.04/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/14.04/templates/web/skel/document_errors/403.html b/install/ubuntu/14.04/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/ubuntu/14.04/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/14.04/templates/web/skel/document_errors/404.html b/install/ubuntu/14.04/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/14.04/templates/web/skel/document_errors/50x.html b/install/ubuntu/14.04/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/14.04/templates/web/skel/public_html/index.html b/install/ubuntu/14.04/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/14.04/templates/web/skel/public_html/robots.txt b/install/ubuntu/14.04/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/14.04/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/14.04/templates/web/skel/public_shtml/index.html b/install/ubuntu/14.04/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/14.04/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/14.04/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/14.04/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/14.04/templates/web/suspend/.htaccess b/install/ubuntu/14.04/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/ubuntu/14.04/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/14.04/templates/web/suspend/index.html b/install/ubuntu/14.04/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/ubuntu/14.04/templates/web/webalizer/webalizer.tpl b/install/ubuntu/14.04/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/14.04/vsftpd/vsftpd.conf b/install/ubuntu/14.04/vsftpd/vsftpd.conf new file mode 100644 index 000000000..0902899e7 --- /dev/null +++ b/install/ubuntu/14.04/vsftpd/vsftpd.conf @@ -0,0 +1,24 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/ubuntu/14.10/apache2/apache2.conf b/install/ubuntu/14.10/apache2/apache2.conf new file mode 100644 index 000000000..221780117 --- /dev/null +++ b/install/ubuntu/14.10/apache2/apache2.conf @@ -0,0 +1,86 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ diff --git a/install/ubuntu/14.10/apache2/status.conf b/install/ubuntu/14.10/apache2/status.conf new file mode 100644 index 000000000..da9d96333 --- /dev/null +++ b/install/ubuntu/14.10/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/14.10/bind/named.conf b/install/ubuntu/14.10/bind/named.conf new file mode 100644 index 000000000..ed6ece885 --- /dev/null +++ b/install/ubuntu/14.10/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/14.10/clamav/clamd.conf b/install/ubuntu/14.10/clamav/clamd.conf new file mode 100644 index 000000000..ea982697a --- /dev/null +++ b/install/ubuntu/14.10/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/14.10/deb_signing.key b/install/ubuntu/14.10/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/ubuntu/14.10/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/14.10/dovecot.tar.gz b/install/ubuntu/14.10/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/ubuntu/14.10/dovecot.tar.gz differ diff --git a/install/ubuntu/14.10/dovecot/conf.d/10-auth.conf b/install/ubuntu/14.10/dovecot/conf.d/10-auth.conf new file mode 100644 index 000000000..dfcc83110 --- /dev/null +++ b/install/ubuntu/14.10/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/14.10/dovecot/conf.d/10-logging.conf b/install/ubuntu/14.10/dovecot/conf.d/10-logging.conf new file mode 100644 index 000000000..a5f207d51 --- /dev/null +++ b/install/ubuntu/14.10/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/14.10/dovecot/conf.d/10-mail.conf b/install/ubuntu/14.10/dovecot/conf.d/10-mail.conf new file mode 100644 index 000000000..55313419e --- /dev/null +++ b/install/ubuntu/14.10/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/14.10/dovecot/conf.d/10-master.conf b/install/ubuntu/14.10/dovecot/conf.d/10-master.conf new file mode 100644 index 000000000..a75a9aaa4 --- /dev/null +++ b/install/ubuntu/14.10/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/14.10/dovecot/conf.d/10-ssl.conf b/install/ubuntu/14.10/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/ubuntu/14.10/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/14.10/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/14.10/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 000000000..75e6e1152 --- /dev/null +++ b/install/ubuntu/14.10/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/14.10/dovecot/dovecot.conf b/install/ubuntu/14.10/dovecot/dovecot.conf new file mode 100644 index 000000000..0a8553510 --- /dev/null +++ b/install/ubuntu/14.10/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/14.10/exim/dnsbl.conf b/install/ubuntu/14.10/exim/dnsbl.conf new file mode 100644 index 000000000..5166b255e --- /dev/null +++ b/install/ubuntu/14.10/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/14.10/exim/exim4.conf.template b/install/ubuntu/14.10/exim/exim4.conf.template new file mode 100644 index 000000000..742f0409e --- /dev/null +++ b/install/ubuntu/14.10/exim/exim4.conf.template @@ -0,0 +1,377 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/14.10/exim/spam-blocks.conf b/install/ubuntu/14.10/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/ubuntu/14.10/fail2ban.tar.gz b/install/ubuntu/14.10/fail2ban.tar.gz new file mode 100644 index 000000000..628545b6b Binary files /dev/null and b/install/ubuntu/14.10/fail2ban.tar.gz differ diff --git a/install/ubuntu/14.10/fail2ban/action.d/vesta.conf b/install/ubuntu/14.10/fail2ban/action.d/vesta.conf new file mode 100644 index 000000000..0edfc3491 --- /dev/null +++ b/install/ubuntu/14.10/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/14.10/fail2ban/filter.d/vesta.conf b/install/ubuntu/14.10/fail2ban/filter.d/vesta.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/ubuntu/14.10/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/14.10/fail2ban/jail.local b/install/ubuntu/14.10/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/ubuntu/14.10/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/ubuntu/14.10/firewall.tar.gz b/install/ubuntu/14.10/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/ubuntu/14.10/firewall.tar.gz differ diff --git a/install/ubuntu/14.10/firewall/ports.conf b/install/ubuntu/14.10/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/ubuntu/14.10/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/14.10/firewall/rules.conf b/install/ubuntu/14.10/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/ubuntu/14.10/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/14.10/logrotate/apache2 b/install/ubuntu/14.10/logrotate/apache2 new file mode 100644 index 000000000..27629d0dd --- /dev/null +++ b/install/ubuntu/14.10/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/14.10/logrotate/nginx b/install/ubuntu/14.10/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/ubuntu/14.10/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/14.10/logrotate/vesta b/install/ubuntu/14.10/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/ubuntu/14.10/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/14.10/mysql/my-large.cnf b/install/ubuntu/14.10/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/ubuntu/14.10/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/14.10/mysql/my-medium.cnf b/install/ubuntu/14.10/mysql/my-medium.cnf new file mode 100644 index 000000000..1c10ab9a6 --- /dev/null +++ b/install/ubuntu/14.10/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/14.10/mysql/my-small.cnf b/install/ubuntu/14.10/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/ubuntu/14.10/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/14.10/nginx/nginx.conf b/install/ubuntu/14.10/nginx/nginx.conf new file mode 100644 index 000000000..7937301c1 --- /dev/null +++ b/install/ubuntu/14.10/nginx/nginx.conf @@ -0,0 +1,124 @@ +# Server globals +user www-data; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 199.27.128.0/21; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 172.64.0.0/13; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/14.10/nginx/phpmyadmin.inc b/install/ubuntu/14.10/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/ubuntu/14.10/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/14.10/nginx/phppgadmin.inc b/install/ubuntu/14.10/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/ubuntu/14.10/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/14.10/nginx/status.conf b/install/ubuntu/14.10/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/ubuntu/14.10/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/14.10/nginx/webmail.inc b/install/ubuntu/14.10/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/ubuntu/14.10/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/14.10/packages.tar.gz b/install/ubuntu/14.10/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/ubuntu/14.10/packages.tar.gz differ diff --git a/install/ubuntu/14.10/packages/default.pkg b/install/ubuntu/14.10/packages/default.pkg new file mode 100644 index 000000000..29585bacb --- /dev/null +++ b/install/ubuntu/14.10/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2012-09-26' diff --git a/install/ubuntu/14.10/packages/gainsboro.pkg b/install/ubuntu/14.10/packages/gainsboro.pkg new file mode 100644 index 000000000..c3df50258 --- /dev/null +++ b/install/ubuntu/14.10/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2012-07-26' diff --git a/install/ubuntu/14.10/packages/palegreen.pkg b/install/ubuntu/14.10/packages/palegreen.pkg new file mode 100644 index 000000000..d08930f7b --- /dev/null +++ b/install/ubuntu/14.10/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2013-06-10' diff --git a/install/ubuntu/14.10/packages/slategrey.pkg b/install/ubuntu/14.10/packages/slategrey.pkg new file mode 100644 index 000000000..15a17dcd3 --- /dev/null +++ b/install/ubuntu/14.10/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2012-09-20' diff --git a/install/ubuntu/14.10/pga/config.inc.php b/install/ubuntu/14.10/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/ubuntu/14.10/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/14.10/pga/phppgadmin.conf b/install/ubuntu/14.10/pga/phppgadmin.conf new file mode 100644 index 000000000..f39247d6f --- /dev/null +++ b/install/ubuntu/14.10/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/14.10/php5-fpm/www.conf b/install/ubuntu/14.10/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/ubuntu/14.10/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/ubuntu/14.10/pma/apache.conf b/install/ubuntu/14.10/pma/apache.conf new file mode 100644 index 000000000..2a8f69e25 --- /dev/null +++ b/install/ubuntu/14.10/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/14.10/pma/config.inc.php b/install/ubuntu/14.10/pma/config.inc.php new file mode 100644 index 000000000..a643a065b --- /dev/null +++ b/install/ubuntu/14.10/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/14.10/roundcube/apache.conf b/install/ubuntu/14.10/roundcube/apache.conf new file mode 100644 index 000000000..a0c87bcc6 --- /dev/null +++ b/install/ubuntu/14.10/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/14.10/roundcube/config.inc.php b/install/ubuntu/14.10/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/ubuntu/14.10/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/14.10/roundcube/main.inc.php b/install/ubuntu/14.10/roundcube/main.inc.php new file mode 100644 index 000000000..97cdbf2df --- /dev/null +++ b/install/ubuntu/14.10/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/14.10/roundcube/vesta.php b/install/ubuntu/14.10/roundcube/vesta.php new file mode 100644 index 000000000..8fb202a44 --- /dev/null +++ b/install/ubuntu/14.10/roundcube/vesta.php @@ -0,0 +1,62 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/14.10/sudo/admin b/install/ubuntu/14.10/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/ubuntu/14.10/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/14.10/templates.tar.gz b/install/ubuntu/14.10/templates.tar.gz new file mode 100644 index 000000000..ce385d269 Binary files /dev/null and b/install/ubuntu/14.10/templates.tar.gz differ diff --git a/install/ubuntu/14.10/templates/dns/child-ns.tpl b/install/ubuntu/14.10/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/ubuntu/14.10/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.10/templates/dns/default.tpl b/install/ubuntu/14.10/templates/dns/default.tpl new file mode 100755 index 000000000..38f963006 --- /dev/null +++ b/install/ubuntu/14.10/templates/dns/default.tpl @@ -0,0 +1,9 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.10/templates/dns/gmail.tpl b/install/ubuntu/14.10/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/ubuntu/14.10/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/14.10/templates/web/apache2/basedir.stpl b/install/ubuntu/14.10/templates/web/apache2/basedir.stpl new file mode 100755 index 000000000..3f71e6999 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/basedir.tpl b/install/ubuntu/14.10/templates/web/apache2/basedir.tpl new file mode 100755 index 000000000..75daf0e10 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/default.stpl b/install/ubuntu/14.10/templates/web/apache2/default.stpl new file mode 100755 index 000000000..e884a95b9 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/default.tpl b/install/ubuntu/14.10/templates/web/apache2/default.tpl new file mode 100755 index 000000000..073724ce0 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/hosting.stpl b/install/ubuntu/14.10/templates/web/apache2/hosting.stpl new file mode 100755 index 000000000..7a5d7787f --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/hosting.tpl b/install/ubuntu/14.10/templates/web/apache2/hosting.tpl new file mode 100755 index 000000000..ab844dc74 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/phpcgi.sh b/install/ubuntu/14.10/templates/web/apache2/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl new file mode 100755 index 000000000..aa5137308 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/phpcgi.tpl b/install/ubuntu/14.10/templates/web/apache2/phpcgi.tpl new file mode 100755 index 000000000..a05ff252d --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/phpfcgid.sh b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl new file mode 100755 index 000000000..622495756 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.tpl new file mode 100755 index 000000000..5c1f16e20 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/14.10/templates/web/awstats/awstats.tpl b/install/ubuntu/14.10/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/14.10/templates/web/awstats/index.tpl b/install/ubuntu/14.10/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/ubuntu/14.10/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/14.10/templates/web/awstats/nav.tpl b/install/ubuntu/14.10/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/ubuntu/14.10/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/14.10/templates/web/nginx/caching.sh b/install/ubuntu/14.10/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/ubuntu/14.10/templates/web/nginx/caching.stpl b/install/ubuntu/14.10/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..ca6cffe32 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/caching.tpl b/install/ubuntu/14.10/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..36761b65c --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/default.stpl b/install/ubuntu/14.10/templates/web/nginx/default.stpl new file mode 100755 index 000000000..fa5380606 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/14.10/templates/web/nginx/default.tpl b/install/ubuntu/14.10/templates/web/nginx/default.tpl new file mode 100755 index 000000000..4d5c774bc --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/14.10/templates/web/nginx/hosting.sh b/install/ubuntu/14.10/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/14.10/templates/web/nginx/hosting.stpl b/install/ubuntu/14.10/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..d778d6333 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/14.10/templates/web/nginx/hosting.tpl b/install/ubuntu/14.10/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..15961c95c --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/default.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/default.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/joomla.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/joomla.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/piwik.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/piwik.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/14.10/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/14.10/templates/web/php5-fpm/default.tpl b/install/ubuntu/14.10/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/14.10/templates/web/php5-fpm/no-php.tpl b/install/ubuntu/14.10/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/ubuntu/14.10/templates/web/php5-fpm/socket.tpl b/install/ubuntu/14.10/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/ubuntu/14.10/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/14.10/templates/web/skel/document_errors/403.html b/install/ubuntu/14.10/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/ubuntu/14.10/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/14.10/templates/web/skel/document_errors/404.html b/install/ubuntu/14.10/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/14.10/templates/web/skel/document_errors/50x.html b/install/ubuntu/14.10/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/14.10/templates/web/skel/public_html/index.html b/install/ubuntu/14.10/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/14.10/templates/web/skel/public_html/robots.txt b/install/ubuntu/14.10/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/14.10/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/14.10/templates/web/skel/public_shtml/index.html b/install/ubuntu/14.10/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/14.10/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/14.10/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/14.10/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/14.10/templates/web/suspend/.htaccess b/install/ubuntu/14.10/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/ubuntu/14.10/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/14.10/templates/web/suspend/index.html b/install/ubuntu/14.10/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/ubuntu/14.10/templates/web/webalizer/webalizer.tpl b/install/ubuntu/14.10/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/14.10/vsftpd/vsftpd.conf b/install/ubuntu/14.10/vsftpd/vsftpd.conf new file mode 100644 index 000000000..0902899e7 --- /dev/null +++ b/install/ubuntu/14.10/vsftpd/vsftpd.conf @@ -0,0 +1,24 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/ubuntu/15.04/apache2/apache2.conf b/install/ubuntu/15.04/apache2/apache2.conf new file mode 100644 index 000000000..221780117 --- /dev/null +++ b/install/ubuntu/15.04/apache2/apache2.conf @@ -0,0 +1,86 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ diff --git a/install/ubuntu/15.04/apache2/status.conf b/install/ubuntu/15.04/apache2/status.conf new file mode 100644 index 000000000..da9d96333 --- /dev/null +++ b/install/ubuntu/15.04/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/15.04/bind/named.conf b/install/ubuntu/15.04/bind/named.conf new file mode 100644 index 000000000..ed6ece885 --- /dev/null +++ b/install/ubuntu/15.04/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/15.04/clamav/clamd.conf b/install/ubuntu/15.04/clamav/clamd.conf new file mode 100644 index 000000000..ea982697a --- /dev/null +++ b/install/ubuntu/15.04/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/15.04/deb_signing.key b/install/ubuntu/15.04/deb_signing.key new file mode 100644 index 000000000..2ad2db8bc --- /dev/null +++ b/install/ubuntu/15.04/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/15.04/dovecot.tar.gz b/install/ubuntu/15.04/dovecot.tar.gz new file mode 100644 index 000000000..bfabaa030 Binary files /dev/null and b/install/ubuntu/15.04/dovecot.tar.gz differ diff --git a/install/ubuntu/15.04/dovecot/conf.d/10-auth.conf b/install/ubuntu/15.04/dovecot/conf.d/10-auth.conf new file mode 100644 index 000000000..dfcc83110 --- /dev/null +++ b/install/ubuntu/15.04/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/15.04/dovecot/conf.d/10-logging.conf b/install/ubuntu/15.04/dovecot/conf.d/10-logging.conf new file mode 100644 index 000000000..a5f207d51 --- /dev/null +++ b/install/ubuntu/15.04/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/15.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/15.04/dovecot/conf.d/10-mail.conf new file mode 100644 index 000000000..55313419e --- /dev/null +++ b/install/ubuntu/15.04/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/15.04/dovecot/conf.d/10-master.conf b/install/ubuntu/15.04/dovecot/conf.d/10-master.conf new file mode 100644 index 000000000..a75a9aaa4 --- /dev/null +++ b/install/ubuntu/15.04/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/15.04/dovecot/conf.d/10-ssl.conf b/install/ubuntu/15.04/dovecot/conf.d/10-ssl.conf new file mode 100644 index 000000000..3aaff6eec --- /dev/null +++ b/install/ubuntu/15.04/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/15.04/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/15.04/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 000000000..75e6e1152 --- /dev/null +++ b/install/ubuntu/15.04/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/15.04/dovecot/dovecot.conf b/install/ubuntu/15.04/dovecot/dovecot.conf new file mode 100644 index 000000000..0a8553510 --- /dev/null +++ b/install/ubuntu/15.04/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/15.04/exim/dnsbl.conf b/install/ubuntu/15.04/exim/dnsbl.conf new file mode 100644 index 000000000..5166b255e --- /dev/null +++ b/install/ubuntu/15.04/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/15.04/exim/exim4.conf.template b/install/ubuntu/15.04/exim/exim4.conf.template new file mode 100644 index 000000000..742f0409e --- /dev/null +++ b/install/ubuntu/15.04/exim/exim4.conf.template @@ -0,0 +1,377 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{100K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/15.04/exim/spam-blocks.conf b/install/ubuntu/15.04/exim/spam-blocks.conf new file mode 100644 index 000000000..e69de29bb diff --git a/install/ubuntu/15.04/fail2ban.tar.gz b/install/ubuntu/15.04/fail2ban.tar.gz new file mode 100644 index 000000000..628545b6b Binary files /dev/null and b/install/ubuntu/15.04/fail2ban.tar.gz differ diff --git a/install/ubuntu/15.04/fail2ban/action.d/vesta.conf b/install/ubuntu/15.04/fail2ban/action.d/vesta.conf new file mode 100644 index 000000000..0edfc3491 --- /dev/null +++ b/install/ubuntu/15.04/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/15.04/fail2ban/filter.d/vesta.conf b/install/ubuntu/15.04/fail2ban/filter.d/vesta.conf new file mode 100644 index 000000000..69670a56e --- /dev/null +++ b/install/ubuntu/15.04/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/15.04/fail2ban/jail.local b/install/ubuntu/15.04/fail2ban/jail.local new file mode 100644 index 000000000..eccea0685 --- /dev/null +++ b/install/ubuntu/15.04/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/ubuntu/15.04/firewall.tar.gz b/install/ubuntu/15.04/firewall.tar.gz new file mode 100644 index 000000000..e85560080 Binary files /dev/null and b/install/ubuntu/15.04/firewall.tar.gz differ diff --git a/install/ubuntu/15.04/firewall/ports.conf b/install/ubuntu/15.04/firewall/ports.conf new file mode 100644 index 000000000..a6ef4dae5 --- /dev/null +++ b/install/ubuntu/15.04/firewall/ports.conf @@ -0,0 +1,16 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/15.04/firewall/rules.conf b/install/ubuntu/15.04/firewall/rules.conf new file mode 100644 index 000000000..956c2e1d9 --- /dev/null +++ b/install/ubuntu/15.04/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/15.04/logrotate/apache2 b/install/ubuntu/15.04/logrotate/apache2 new file mode 100644 index 000000000..27629d0dd --- /dev/null +++ b/install/ubuntu/15.04/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/15.04/logrotate/nginx b/install/ubuntu/15.04/logrotate/nginx new file mode 100644 index 000000000..d667f2135 --- /dev/null +++ b/install/ubuntu/15.04/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/15.04/logrotate/vesta b/install/ubuntu/15.04/logrotate/vesta new file mode 100644 index 000000000..027a34396 --- /dev/null +++ b/install/ubuntu/15.04/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/15.04/mysql/my-large.cnf b/install/ubuntu/15.04/mysql/my-large.cnf new file mode 100644 index 000000000..d0bab3907 --- /dev/null +++ b/install/ubuntu/15.04/mysql/my-large.cnf @@ -0,0 +1,42 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/15.04/mysql/my-medium.cnf b/install/ubuntu/15.04/mysql/my-medium.cnf new file mode 100644 index 000000000..1c10ab9a6 --- /dev/null +++ b/install/ubuntu/15.04/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/15.04/mysql/my-small.cnf b/install/ubuntu/15.04/mysql/my-small.cnf new file mode 100644 index 000000000..26a804781 --- /dev/null +++ b/install/ubuntu/15.04/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/15.04/nginx/nginx.conf b/install/ubuntu/15.04/nginx/nginx.conf new file mode 100644 index 000000000..7937301c1 --- /dev/null +++ b/install/ubuntu/15.04/nginx/nginx.conf @@ -0,0 +1,124 @@ +# Server globals +user www-data; +worker_processes 2; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 100m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 199.27.128.0/21; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 172.64.0.0/13; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 3d; + + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/15.04/nginx/phpmyadmin.inc b/install/ubuntu/15.04/nginx/phpmyadmin.inc new file mode 100644 index 000000000..d70ca3e3c --- /dev/null +++ b/install/ubuntu/15.04/nginx/phpmyadmin.inc @@ -0,0 +1,15 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/15.04/nginx/phppgadmin.inc b/install/ubuntu/15.04/nginx/phppgadmin.inc new file mode 100644 index 000000000..cd1e5806b --- /dev/null +++ b/install/ubuntu/15.04/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/15.04/nginx/status.conf b/install/ubuntu/15.04/nginx/status.conf new file mode 100644 index 000000000..c0bcd0691 --- /dev/null +++ b/install/ubuntu/15.04/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/15.04/nginx/webmail.inc b/install/ubuntu/15.04/nginx/webmail.inc new file mode 100644 index 000000000..ad66895bc --- /dev/null +++ b/install/ubuntu/15.04/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/15.04/packages.tar.gz b/install/ubuntu/15.04/packages.tar.gz new file mode 100644 index 000000000..4b778dadc Binary files /dev/null and b/install/ubuntu/15.04/packages.tar.gz differ diff --git a/install/ubuntu/15.04/packages/default.pkg b/install/ubuntu/15.04/packages/default.pkg new file mode 100644 index 000000000..29585bacb --- /dev/null +++ b/install/ubuntu/15.04/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='11:46:50' +DATE='2012-09-26' diff --git a/install/ubuntu/15.04/packages/gainsboro.pkg b/install/ubuntu/15.04/packages/gainsboro.pkg new file mode 100644 index 000000000..c3df50258 --- /dev/null +++ b/install/ubuntu/15.04/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='1' +TIME='11:31:30' +DATE='2012-07-26' diff --git a/install/ubuntu/15.04/packages/palegreen.pkg b/install/ubuntu/15.04/packages/palegreen.pkg new file mode 100644 index 000000000..d08930f7b --- /dev/null +++ b/install/ubuntu/15.04/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='5' +TIME='07:49:47' +DATE='2013-06-10' diff --git a/install/ubuntu/15.04/packages/slategrey.pkg b/install/ubuntu/15.04/packages/slategrey.pkg new file mode 100644 index 000000000..15a17dcd3 --- /dev/null +++ b/install/ubuntu/15.04/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.localhost.ltd,ns2.localhost.ltd' +SHELL='nologin' +BACKUPS='3' +TIME='12:39:13' +DATE='2012-09-20' diff --git a/install/ubuntu/15.04/pga/config.inc.php b/install/ubuntu/15.04/pga/config.inc.php new file mode 100644 index 000000000..1eec9776c --- /dev/null +++ b/install/ubuntu/15.04/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/15.04/pga/phppgadmin.conf b/install/ubuntu/15.04/pga/phppgadmin.conf new file mode 100644 index 000000000..f39247d6f --- /dev/null +++ b/install/ubuntu/15.04/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/15.04/php5-fpm/www.conf b/install/ubuntu/15.04/php5-fpm/www.conf new file mode 100644 index 000000000..d046bceef --- /dev/null +++ b/install/ubuntu/15.04/php5-fpm/www.conf @@ -0,0 +1,10 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = www-data +group = www-data +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 35 diff --git a/install/ubuntu/15.04/pma/apache.conf b/install/ubuntu/15.04/pma/apache.conf new file mode 100644 index 000000000..2a8f69e25 --- /dev/null +++ b/install/ubuntu/15.04/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/15.04/pma/config.inc.php b/install/ubuntu/15.04/pma/config.inc.php new file mode 100644 index 000000000..a643a065b --- /dev/null +++ b/install/ubuntu/15.04/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/15.04/roundcube/apache.conf b/install/ubuntu/15.04/roundcube/apache.conf new file mode 100644 index 000000000..a0c87bcc6 --- /dev/null +++ b/install/ubuntu/15.04/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/15.04/roundcube/config.inc.php b/install/ubuntu/15.04/roundcube/config.inc.php new file mode 100644 index 000000000..0c82b1bc1 --- /dev/null +++ b/install/ubuntu/15.04/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/15.04/roundcube/main.inc.php b/install/ubuntu/15.04/roundcube/main.inc.php new file mode 100644 index 000000000..97cdbf2df --- /dev/null +++ b/install/ubuntu/15.04/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/15.04/roundcube/vesta.php b/install/ubuntu/15.04/roundcube/vesta.php new file mode 100644 index 000000000..8fb202a44 --- /dev/null +++ b/install/ubuntu/15.04/roundcube/vesta.php @@ -0,0 +1,62 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + $fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/15.04/sudo/admin b/install/ubuntu/15.04/sudo/admin new file mode 100644 index 000000000..47e16098c --- /dev/null +++ b/install/ubuntu/15.04/sudo/admin @@ -0,0 +1,7 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/15.04/templates.tar.gz b/install/ubuntu/15.04/templates.tar.gz new file mode 100644 index 000000000..ce385d269 Binary files /dev/null and b/install/ubuntu/15.04/templates.tar.gz differ diff --git a/install/ubuntu/15.04/templates/dns/child-ns.tpl b/install/ubuntu/15.04/templates/dns/child-ns.tpl new file mode 100755 index 000000000..27f9b825b --- /dev/null +++ b/install/ubuntu/15.04/templates/dns/child-ns.tpl @@ -0,0 +1,11 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/templates/dns/default.tpl b/install/ubuntu/15.04/templates/dns/default.tpl similarity index 100% rename from install/ubuntu/templates/dns/default.tpl rename to install/ubuntu/15.04/templates/dns/default.tpl diff --git a/install/ubuntu/15.04/templates/dns/gmail.tpl b/install/ubuntu/15.04/templates/dns/gmail.tpl new file mode 100755 index 000000000..950cfa456 --- /dev/null +++ b/install/ubuntu/15.04/templates/dns/gmail.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='ghs.google.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX2.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ASPMX3.GOOGLEMAIL.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/15.04/templates/web/apache2/basedir.stpl b/install/ubuntu/15.04/templates/web/apache2/basedir.stpl new file mode 100755 index 000000000..3f71e6999 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/basedir.stpl @@ -0,0 +1,41 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/basedir.tpl b/install/ubuntu/15.04/templates/web/apache2/basedir.tpl new file mode 100755 index 000000000..75daf0e10 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/basedir.tpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot% + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/default.stpl b/install/ubuntu/15.04/templates/web/apache2/default.stpl new file mode 100755 index 000000000..e884a95b9 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/default.stpl @@ -0,0 +1,40 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/default.tpl b/install/ubuntu/15.04/templates/web/apache2/default.tpl new file mode 100755 index 000000000..073724ce0 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/default.tpl @@ -0,0 +1,34 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/hosting.stpl b/install/ubuntu/15.04/templates/web/apache2/hosting.stpl new file mode 100755 index 000000000..7a5d7787f --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/hosting.tpl b/install/ubuntu/15.04/templates/web/apache2/hosting.tpl new file mode 100755 index 000000000..ab844dc74 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f %email%' + + + AllowOverride All + + php_admin_value open_basedir %home%/%user%/web:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/phpcgi.sh b/install/ubuntu/15.04/templates/web/apache2/phpcgi.sh new file mode 100755 index 000000000..6565e103d --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl new file mode 100755 index 000000000..aa5137308 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,35 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/phpcgi.tpl b/install/ubuntu/15.04/templates/web/apache2/phpcgi.tpl new file mode 100755 index 000000000..a05ff252d --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/phpfcgid.sh b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.sh new file mode 100755 index 000000000..e80582492 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl new file mode 100755 index 000000000..622495756 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.tpl new file mode 100755 index 000000000..5c1f16e20 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,28 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/15.04/templates/web/awstats/awstats.tpl b/install/ubuntu/15.04/templates/web/awstats/awstats.tpl new file mode 100755 index 000000000..9a92e0fd4 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/15.04/templates/web/awstats/index.tpl b/install/ubuntu/15.04/templates/web/awstats/index.tpl new file mode 100755 index 000000000..9df9bb5cb --- /dev/null +++ b/install/ubuntu/15.04/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/15.04/templates/web/awstats/nav.tpl b/install/ubuntu/15.04/templates/web/awstats/nav.tpl new file mode 100755 index 000000000..f29bed68b --- /dev/null +++ b/install/ubuntu/15.04/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/15.04/templates/web/nginx/caching.sh b/install/ubuntu/15.04/templates/web/nginx/caching.sh new file mode 100755 index 000000000..6eb9126db --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/caching.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +echo "$str" >> /etc/nginx/conf.d/01_caching_pool.conf + diff --git a/install/ubuntu/15.04/templates/web/nginx/caching.stpl b/install/ubuntu/15.04/templates/web/nginx/caching.stpl new file mode 100755 index 000000000..ca6cffe32 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/caching.tpl b/install/ubuntu/15.04/templates/web/nginx/caching.tpl new file mode 100755 index 000000000..36761b65c --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/default.stpl b/install/ubuntu/15.04/templates/web/nginx/default.stpl new file mode 100755 index 000000000..fa5380606 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/15.04/templates/web/nginx/default.tpl b/install/ubuntu/15.04/templates/web/nginx/default.tpl new file mode 100755 index 000000000..4d5c774bc --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/15.04/templates/web/nginx/hosting.sh b/install/ubuntu/15.04/templates/web/nginx/hosting.sh new file mode 100755 index 000000000..eeed37ef9 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/15.04/templates/web/nginx/hosting.stpl b/install/ubuntu/15.04/templates/web/nginx/hosting.stpl new file mode 100755 index 000000000..d778d6333 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/15.04/templates/web/nginx/hosting.tpl b/install/ubuntu/15.04/templates/web/nginx/hosting.tpl new file mode 100755 index 000000000..15961c95c --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl new file mode 100644 index 000000000..01d82b603 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/cms_made_simple.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl new file mode 100644 index 000000000..af452d19f --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/cms_made_simple.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter2.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter2.stpl new file mode 100644 index 000000000..a592a652d --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter2.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter2.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter2.tpl new file mode 100644 index 000000000..9b955aa6a --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter2.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter3.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter3.stpl new file mode 100644 index 000000000..4d330d34f --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter3.stpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter3.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter3.tpl new file mode 100644 index 000000000..1f446e5d3 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/codeigniter3.tpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/datalife_engine.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/datalife_engine.stpl new file mode 100644 index 000000000..d1b5bcd24 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/datalife_engine.stpl @@ -0,0 +1,122 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/datalife_engine.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/datalife_engine.tpl new file mode 100644 index 000000000..ff33c2325 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/datalife_engine.tpl @@ -0,0 +1,118 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/default.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/default.stpl new file mode 100644 index 000000000..a68c99861 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/default.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/default.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/default.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/default.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/dokuwiki.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/dokuwiki.stpl new file mode 100644 index 000000000..27483cd8c --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/dokuwiki.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/dokuwiki.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/dokuwiki.tpl new file mode 100644 index 000000000..31647c9ff --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/dokuwiki.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ^~ /lib/ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.stpl new file mode 100644 index 000000000..9a5484396 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.tpl new file mode 100644 index 000000000..417762c18 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/drupal.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/joomla.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/joomla.stpl new file mode 100644 index 000000000..235a01216 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/joomla.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/joomla.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/joomla.tpl new file mode 100644 index 000000000..997c268de --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/joomla.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.stpl new file mode 100644 index 000000000..8311ca43f --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.stpl @@ -0,0 +1,80 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.tpl new file mode 100644 index 000000000..57cac2f85 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/owncloud.tpl @@ -0,0 +1,76 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/piwik.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/piwik.stpl new file mode 100644 index 000000000..c53af4011 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/piwik.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/piwik.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/piwik.tpl new file mode 100644 index 000000000..6b4a94a68 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/piwik.tpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/pyrocms.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/pyrocms.stpl new file mode 100644 index 000000000..a6fc67556 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/pyrocms.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/pyrocms.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/pyrocms.tpl new file mode 100644 index 000000000..68b378efd --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/pyrocms.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress.stpl new file mode 100644 index 000000000..910c28b69 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress.stpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress.tpl new file mode 100644 index 000000000..b143e53ba --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress.tpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress2.stpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress2.stpl new file mode 100644 index 000000000..2822f8754 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress2.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress2.tpl b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress2.tpl new file mode 100644 index 000000000..37b8be305 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php5-fpm/wordpress2.tpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/15.04/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 000000000..ae1956173 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/15.04/templates/web/php5-fpm/default.tpl b/install/ubuntu/15.04/templates/web/php5-fpm/default.tpl new file mode 100644 index 000000000..44ccf7a42 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/php5-fpm/default.tpl @@ -0,0 +1,18 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/15.04/templates/web/php5-fpm/no-php.tpl b/install/ubuntu/15.04/templates/web/php5-fpm/no-php.tpl new file mode 100644 index 000000000..89487d5f5 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/php5-fpm/no-php.tpl @@ -0,0 +1,13 @@ +#[%backend%] +#user = %user% +#group = %user% +#listen = /dev/null + +#listen.owner = %user% +#listen.group = nginx + +#pm = dynamic +#pm.max_children = 50 +#pm.start_servers = 3 +#pm.min_spare_servers = 2 +#pm.max_spare_servers = 10 diff --git a/install/ubuntu/15.04/templates/web/php5-fpm/socket.tpl b/install/ubuntu/15.04/templates/web/php5-fpm/socket.tpl new file mode 100644 index 000000000..f0513da3e --- /dev/null +++ b/install/ubuntu/15.04/templates/web/php5-fpm/socket.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = /var/run/php5-%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = nginx + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 10 + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/install/ubuntu/15.04/templates/web/skel/document_errors/403.html b/install/ubuntu/15.04/templates/web/skel/document_errors/403.html new file mode 100755 index 000000000..9c3f6baab --- /dev/null +++ b/install/ubuntu/15.04/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/15.04/templates/web/skel/document_errors/404.html b/install/ubuntu/15.04/templates/web/skel/document_errors/404.html new file mode 100755 index 000000000..2cee77084 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/15.04/templates/web/skel/document_errors/50x.html b/install/ubuntu/15.04/templates/web/skel/document_errors/50x.html new file mode 100755 index 000000000..85ba648b7 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/15.04/templates/web/skel/public_html/index.html b/install/ubuntu/15.04/templates/web/skel/public_html/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/15.04/templates/web/skel/public_html/robots.txt b/install/ubuntu/15.04/templates/web/skel/public_html/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/15.04/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/15.04/templates/web/skel/public_shtml/index.html b/install/ubuntu/15.04/templates/web/skel/public_shtml/index.html new file mode 100755 index 000000000..4f5bb7244 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/15.04/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/15.04/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 000000000..00ee83dcf --- /dev/null +++ b/install/ubuntu/15.04/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/15.04/templates/web/suspend/.htaccess b/install/ubuntu/15.04/templates/web/suspend/.htaccess new file mode 100755 index 000000000..5a6df83fb --- /dev/null +++ b/install/ubuntu/15.04/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/15.04/templates/web/suspend/index.html b/install/ubuntu/15.04/templates/web/suspend/index.html new file mode 100755 index 000000000..9d4fa67b3 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/suspend/index.html @@ -0,0 +1,27 @@ + + + SUSPEND + + + + + + +

SUSPEND

+

This site has been suspended

+
+ Please contact technical support departament. +
+ + + diff --git a/install/ubuntu/15.04/templates/web/webalizer/webalizer.tpl b/install/ubuntu/15.04/templates/web/webalizer/webalizer.tpl new file mode 100755 index 000000000..068adcfb9 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/15.04/vsftpd/vsftpd.conf b/install/ubuntu/15.04/vsftpd/vsftpd.conf new file mode 100644 index 000000000..0902899e7 --- /dev/null +++ b/install/ubuntu/15.04/vsftpd/vsftpd.conf @@ -0,0 +1,24 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=002 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 diff --git a/install/ubuntu/apache2.readme.txt b/install/ubuntu/apache2.readme.txt deleted file mode 100644 index b8d05cbe1..000000000 --- a/install/ubuntu/apache2.readme.txt +++ /dev/null @@ -1,11 +0,0 @@ -# -# _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| -# _| _| _| _| _| _| _| -# _| _| _|_|_| _|_| _| _|_|_|_| -# _| _| _| _| _| _| _| -# _| _|_|_|_| _|_|_| _| _| _| -# -# -# Server is manager by Vesta Control Panel. -# See /etc/apache2/conf.d/vesta.conf to get a full list of running vhosts. -# diff --git a/install/ubuntu/certificate.crt b/install/ubuntu/certificate.crt deleted file mode 100644 index 4a3230ac2..000000000 --- a/install/ubuntu/certificate.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqjCCApICCQCBAQdAxoNnAjANBgkqhkiG9w0BAQUFADCBljELMAkGA1UEBhMC -VVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEzARBgNVBAcMClN3YW1wc2NvdHQx -EDAOBgNVBAoMB1Zlc3RhQ1AxCzAJBgNVBAsMAklUMRowGAYDVQQDDBFwYW5lbC52 -ZXN0YWNwLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B2ZXN0YWNwLmNvbTAeFw0x -MzA5MjMwNzA0NDVaFw0xNDA5MjMwNzA0NDVaMIGWMQswCQYDVQQGEwJVUzEWMBQG -A1UECAwNTWFzc2FjaHVzZXR0czETMBEGA1UEBwwKU3dhbXBzY290dDEQMA4GA1UE -CgwHVmVzdGFDUDELMAkGA1UECwwCSVQxGjAYBgNVBAMMEXBhbmVsLnZlc3RhY3Au -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHZlc3RhY3AuY29tMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu84meigHrwPmzEbFpKe/o8FTKwO5w1VL0HU -ILVW5EBGT76VEBqpWC+x0QrChHit14FV7m+hZRvhhkulXrknChTTNA500EVNZ5Wb -UpDWezZDivTKAHzzq0aUwKB230Tz+k3j+duBcbzwFwirnDXb5dE5RqzBOhiIvDw9 -mjP66UyH8RxFF+pTAPlcF18zWak7KnaDreyGknzy7m+Zqs07uLnb0wTgcwIcqREP -eqgw0E8xrEdjz1N9HIvxi+glfnjNgHja3cCYhe9ZCpDDr9ERXrEcULrqRuch6Zfv -QKoscG4dankbq0V4DfpMBYMTvFvFLLp/uWvwLjunzfu37XmBLQIDAQABMA0GCSqG -SIb3DQEBBQUAA4IBAQBl+GF4Ii+7cW0tWVTsDh0Kw+rjc9bEA0eF4p3LBLEsFRkP -Yeqp2t0g8RTAAiq3OyUWYISzOX8xu0i56/3jUFazABBjz0P0w2A0BfRZS5TAEwxJ -TS9zAgobBuLtTh3FDJJIRXLJOKLJZVUmi6D+8QIQVOox0925tMIxGc9CxLK05bIc -HUYdHsn1gDwmTWem/XED559eWV/vGnvf3Ea0EHU76kTQaLPkul2y8BTbbLaHSw96 -1xFc8x9gqxWTT70YmBpZIApmSzvOGVXqTduMY/CeEbmigo1/1i2YMVjePFEDYnmE -/f6rNQrtM9kgtE+glWdA7zHlaigKl3SVof1ETStB ------END CERTIFICATE----- diff --git a/install/ubuntu/certificate.key b/install/ubuntu/certificate.key deleted file mode 100644 index eb913d684..000000000 --- a/install/ubuntu/certificate.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvu84meigHrwPmzEbFpKe/o8FTKwO5w1VL0HUILVW5EBGT76V -EBqpWC+x0QrChHit14FV7m+hZRvhhkulXrknChTTNA500EVNZ5WbUpDWezZDivTK -AHzzq0aUwKB230Tz+k3j+duBcbzwFwirnDXb5dE5RqzBOhiIvDw9mjP66UyH8RxF -F+pTAPlcF18zWak7KnaDreyGknzy7m+Zqs07uLnb0wTgcwIcqREPeqgw0E8xrEdj -z1N9HIvxi+glfnjNgHja3cCYhe9ZCpDDr9ERXrEcULrqRuch6ZfvQKoscG4dankb -q0V4DfpMBYMTvFvFLLp/uWvwLjunzfu37XmBLQIDAQABAoIBAF59YsSAJCWxqgOC -dMZh/z85JkVAbQuZRIvjhwg81eiVinZSedCDcUUMLXKnYYZPdrDM9+rM4dF4z843 -R3quJIzPq4n6kYK0mU7m8fwVY5+MRjbRV9qP+8LKZjlB8DIkHJ3FyEnRgKj5+NNd -Xhgra0y7kx3Pxrxqgdit80qJ6OVlN2gsMjUcDBhqQev9Xs8cKYjYc1uPtFw14B2G -5fsNE8cHJA+hH/aym7xTaEQlz/JOKn2GsH/dOhm3RM2QygdyrVOBBj6rKSi03LMb -7QOkDvZ3nBltxQKOqs2PkYyEAdqR4dMZIPNxye/k21iVovLeMVe4lG7BmNOD6XwB -+TOhYh0CgYEA9WyUeSNPP309Br65wg61GdapWmQIaj7HSZE06BWhp82PPwHaF1yY -p9hWgo6fDxwHiTSLeUqEPXJMaPG+RxvYFc7Lc3JjOKU4ezR9fqz01LLtWXHVVT/x -RZuogMyaDhIjhwMyu4mybpUMkBQ/B3DFufrzTv0y8ljAc0nlFsuXaPMCgYEAxymI -btxZFGES6UNG7ldEaihll9MpP22/VghUeAaia0qgnXlYkbngIIhGpGJUkvZ2pduE -tfw2S20k38qvrWXx/NhLxmiVSIvq5TFi/22dfT20kfrdCcnkrp/tRpeR72IrQ6Kx -+6l7QHV5Gjcc4rvNc8mw7itVu+StgCYx+koD9V8CgYA8sThaaLf9XGxOEbaAXgC9 -Pg+tcdV+6L2B3O33gvnyNGx7SWr0ogqCX4atTLXbF7RpYtwnB52CUJTC0x2aGjGq -2vQHPb95z6oTFdz/CaiWPRVjLDp0lZaF/0OBbpeeaS/uAIV4SUod/LAZpVgc7++F -2aB35TfHJNma6ShFJd3wrwKBgBH444DtjXRTVjuKgKodYeUahCBxQ7Wfl7aRxd2W -66027MuJGb78wQbuhUFsRimE6CwLZSxu+A9SaBNx3OyO2Ilyk1PyOBZ12dqY3FAk -eiPFH7hUpQGvIF3JvMW0A81QVIsj8V++aYrljuoYsxiaze128+pqKrBr8GQyDiyB -5V2NAoGBAIPWovM20cbx6LpEuFN5Pmkl500F6sTc8F3DQVRe3JhwVhqHQXv7tUE1 -VHMqpMybUQin8q/RXvJ0vr2sQEe2fVC2a0FWJTqww1eMwu1V9ppUJAfXfaYWY+XJ -4d3myajakr0Eh3ia+IrSBcMRJ2sD3sL5KQC6jbD0R8odex4syiu2 ------END RSA PRIVATE KEY----- diff --git a/install/ubuntu/freshclam.conf b/install/ubuntu/freshclam.conf deleted file mode 100644 index 5e6ca56c1..000000000 --- a/install/ubuntu/freshclam.conf +++ /dev/null @@ -1,27 +0,0 @@ -# Automatically created by the clamav-freshclam postinst -# Comments will get lost when you reconfigure the clamav-freshclam package - -DatabaseOwner clamav -UpdateLogFile /var/log/clamav/freshclam.log -LogVerbose false -LogSyslog false -LogFacility LOG_LOCAL6 -LogFileMaxSize 0 -LogTime true -Foreground false -Debug false -MaxAttempts 5 -DatabaseDirectory /var/lib/clamav -DNSDatabaseInfo current.cvd.clamav.net -AllowSupplementaryGroups false -PidFile /var/run/clamav/freshclam.pid -ConnectTimeout 30 -ReceiveTimeout 30 -TestDatabases yes -ScriptedUpdates yes -CompressLocalDatabase no -Bytecode true -# Check for new database 24 times a day -Checks 24 -DatabaseMirror db.local.clamav.net -DatabaseMirror database.clamav.net diff --git a/install/ubuntu/nginx.readme.txt b/install/ubuntu/nginx.readme.txt deleted file mode 100644 index e5db79e79..000000000 --- a/install/ubuntu/nginx.readme.txt +++ /dev/null @@ -1,11 +0,0 @@ -# -# _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| -# _| _| _| _| _| _| _| -# _| _| _|_|_| _|_| _| _|_|_|_| -# _| _| _| _| _| _| _| -# _| _|_|_|_| _|_|_| _| _| _| -# -# -# Server is manager by Vesta Control Panel. -# See /etc/nginx/conf.d/vesta.conf to get a full list of running vhosts. -# diff --git a/install/ubuntu/sudoers.vestacp.conf b/install/ubuntu/sudoers.vestacp.conf deleted file mode 100644 index fc1782282..000000000 --- a/install/ubuntu/sudoers.vestacp.conf +++ /dev/null @@ -1 +0,0 @@ -Defaults env_keep="VESTA" diff --git a/install/ubuntu/vesta.conf b/install/ubuntu/vesta.conf deleted file mode 100644 index 6c148bd17..000000000 --- a/install/ubuntu/vesta.conf +++ /dev/null @@ -1,24 +0,0 @@ -WEB_SYSTEM='apache2' -WEB_RGROUPS='www-data' -WEB_PORT='8080' -WEB_SSL='mod_ssl' -WEB_SSL_PORT='8443' -PROXY_SYSTEM='nginx' -PROXY_PORT='80' -PROXY_SSL_PORT='443' -FTP_SYSTEM='vsftpd' -MAIL_SYSTEM='exim4' -IMAP_SYSTEM='dovecot' -ANTIVIRUS_SYSTEM='clamav-daemon' -ANTISPAM_SYSTEM='spamassassin' -DB_SYSTEM='mysql' -DNS_SYSTEM='bind9' -STATS_SYSTEM='webalizer,awstats' -BACKUP_SYSTEM='local' -CRON_SYSTEM='cron' -DISK_QUOTA='no' -FIREWALL_SYSTEM='iptables' -FIREWALL_EXTENSION='fail2ban' -REPOSITORY='cmmnt' -VERSION='0.9.8' -LANGUAGE='en' diff --git a/install/ubuntu/whmcs-module.php b/install/ubuntu/whmcs-module.php deleted file mode 100644 index 1cb250611..000000000 --- a/install/ubuntu/whmcs-module.php +++ /dev/null @@ -1,359 +0,0 @@ - array( "Type" => "text", "Default" => "default"), - "SSH Access" => array( "Type" => "yesno", "Description" => "Tick to grant access", ), - "IP Address (optional)" => array( "Type" => "text" ), - ); - return $configarray; - -} - -function vesta_CreateAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-add-user', - 'arg1' => $params["username"], - 'arg2' => $params["password"], - 'arg3' => $params["clientsdetails"]["email"], - 'arg4' => $params["configoption1"], - 'arg5' => $params["clientsdetails"]["firstname"], - 'arg6' => $params["clientsdetails"]["lastname"], - ); - $postdata = http_build_query($postvars); - - // Create user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_UserAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - // Enable ssh access - if(($answer == 'OK') && ($params["configoption2"] == 'on')) { - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-shell', - 'arg1' => $params["username"], - 'arg2' => 'bash' - ); - $postdata = http_build_query($postvars); - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_EnableSSH','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - } - - // Add domain - if(($answer == 'OK') && (!empty($params["domain"]))) { - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-add-domain', - 'arg1' => $params["username"], - 'arg2' => $params["domain"], - 'arg3' => $params["configoption3"], - ); - $postdata = http_build_query($postvars); - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - logModuleCall('vesta','CreateAccount_AddDomain','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - } - } - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_TerminateAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-delete-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Delete user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','TerminateAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_SuspendAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-suspend-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Susupend user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','SuspendAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_UnsuspendAccount($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-unsuspend-user', - 'arg1' => $params["username"] - ); - $postdata = http_build_query($postvars); - - // Unsusupend user account - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','UnsuspendAccount','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ChangePassword($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-password', - 'arg1' => $params["username"], - 'arg2' => $params["password"] - ); - $postdata = http_build_query($postvars); - - // Change user package - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','ChangePassword','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ChangePackage($params) { - - // Execute only if there is assigned server - if ($params["server"] == 1) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-change-user-package', - 'arg1' => $params["username"], - 'arg2' => $params["configoption1"] - ); - $postdata = http_build_query($postvars); - - // Change user package - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - } - - logModuleCall('vesta','ChangePackage','https://'.$params["serverhostname"].':8083/api/'.$postdata,$answer); - - if($answer == 'OK') { - $result = "success"; - } else { - $result = $answer; - } - - return $result; -} - -function vesta_ClientArea($params) { - - $code = '
- - - - -
'; - return $code; - -} - -function vesta_AdminLink($params) { - - $code = '
- - - -
'; - return $code; - -} - -function vesta_LoginLink($params) { - - echo "control panel"; - -} - -function vesta_UsageUpdate($params) { - - // Prepare variables - $postvars = array( - 'user' => $params["serverusername"], - 'password' => $params["serverpassword"], - 'hash' => $params["serveraccesshash"], - 'cmd' => 'v-list-users', - 'arg1' => 'json' - ); - $postdata = http_build_query($postvars); - - // Get user stats - $curl = curl_init(); - curl_setopt($curl, CURLOPT_URL, 'https://' . $params["serverhostname"] . ':8083/api/'); - curl_setopt($curl, CURLOPT_RETURNTRANSFER,true); - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($curl, CURLOPT_POST, true); - curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); - $answer = curl_exec($curl); - - // Decode json data - $results = json_decode($answer, true); - - // Loop through results and update DB - foreach ($results AS $user=>$values) { - update_query("tblhosting",array( - "diskusage"=>$values['U_DISK'], - "disklimit"=>$values['DISK_QUOTA'], - "bwusage"=>$values['U_BANDWIDTH'], - "bwlimit"=>$values['BANDWIDTH'], - "lastupdate"=>"now()", - ),array("server"=>$params['serverid'], "username"=>$user)); - } - -} - -?> diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh old mode 100644 new mode 100755 index c8afb93ff..103a4cf19 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Vesta Debian installer v.04 +# Vesta Debian installer v.05 #----------------------------------------------------------# # Variables&Functions # @@ -10,32 +10,72 @@ export DEBIAN_FRONTEND=noninteractive RHOST='apt.vestacp.com' CHOST='c.vestacp.com' VERSION='0.9.8/debian' -software="nginx apache2 apache2-utils apache2.2-common bsdutils e2fsprogs - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf - libapache2-mod-fcgid bind9 idn mysql-server mysql-common - mysql-client php5-common php5-cgi php5-mysql php5-curl - libapache2-mod-php5 vsftpd mc exim4 exim4-daemon-heavy clamav-daemon - flex dovecot-imapd dovecot-pop3d phpMyAdmin awstats webalizer - jwhois rssh git spamassassin roundcube roundcube-mysql - roundcube-plugins sudo bc ftp lsof ntpdate rrdtool quota e2fslibs - fail2ban dnsutils vesta vesta-nginx vesta-php" +memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) +arch=$(uname -i) +os='debian' +release=$(cat /etc/issue|grep -o [0-9]|head -n1) +codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" +vestacp="http://$CHOST/$VERSION/$release" +if [ "$release" -eq 8 ]; then + software="nginx apache2 apache2-utils apache2.2-common + apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf + libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi + php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd + proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon + spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mysql-server mysql-common + mysql-client postgresql postgresql-contrib phppgadmin phpMyAdmin mc + flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils vesta vesta-nginx vesta-php" +else + software="nginx apache2 apache2-utils apache2.2-common + apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf + libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi + php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd + proftpd-basic proftpd-mod-vroot bind9 exim4 exim4-daemon-heavy + clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mysql-server mysql-common + mysql-client postgresql postgresql-contrib phppgadmin phpMyAdmin mc + flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils vesta vesta-nginx vesta-php" +fi + +# Defining help function help() { - echo "usage: $0 [OPTIONS] - -h, --help Print this help and exit - -f, --force Force installation - -i, --disable-iptables Disable iptables support - -b, --disable-fail2ban Disable fail2ban protection - -n, --noupdate Do not run apt-get upgrade command - -s, --hostname Set server hostname - -e, --email Set email address - -p, --password Set admin password instead of generating it - -m, --mysql-password Set MySQL password instead of generating it - -q, --quota Enable File System Quota" + echo "Usage: $0 [OPTIONS] + -a, --apache Install Apache [yes|no] default: yes + -n, --nginx Install Nginx [yes|no] default: yes + -w, --phpfpm Install PHP-FPM [yes|no] default: no + -v, --vsftpd Install Vsftpd [yes|no] default: yes + -j, --proftpd Install ProFTPD [yes|no] default: no + -k, --named Install Bind [yes|no] default: yes + -m, --mysql Install MySQL [yes|no] default: yes + -g, --postgresql Install PostgreSQL [yes|no] default: no + -d, --mongodb Install MongoDB [yes|no] unsupported + -x, --exim Install Exim [yes|no] default: yes + -z, --dovecot Install Dovecot [yes|no] default: yes + -c, --clamav Install ClamAV [yes|no] default: yes + -t, --spamassassin Install SpamAssassin [yes|no] default: yes + -i, --iptables Install Iptables [yes|no] default: yes + -b, --fail2ban Install Fail2ban [yes|no] default: yes + -q, --quota Filesystem Quota [yes|no] default: no + -l, --lang Default language default: en + -y, --interactive Interactive install [yes|no] default: yes + -s, --hostname Set hostname + -e, --email Set admin email + -p, --password Set admin password + -f, --force Force installation + -h, --help Print this help + + Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" exit 1 } -# Password generator + +# Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' LENGTH=10 @@ -46,111 +86,159 @@ gen_pass() { echo "$PASS" } +# Defning return code check function +check_result() { + if [ $1 -ne 0 ]; then + echo "Error: $2" + exit $1 + fi +} + +# Defining function to set default value +set_default_value() { + eval variable=\$$1 + if [ -z "$variable" ]; then + eval $1=$2 + fi + if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then + eval $1=$2 + fi +} #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# +# Creating temporary file +tmpfile=$(mktemp -p /tmp) + # Translating argument to --gnu-long-options for arg; do delim="" case "$arg" in - --help) args="${args}-h " ;; - --force) args="${args}-f " ;; - --disable-fail2ban) args="${args}-b " ;; - --disable-iptables) args="${args}-i " ;; - --noupdate) args="${args}-n " ;; + --apache) args="${args}-a " ;; + --nginx) args="${args}-n " ;; + --phpfpm) args="${args}-w " ;; + --vsftpd) args="${args}-v " ;; + --proftpd) args="${args}-j " ;; + --named) args="${args}-k " ;; + --mysql) args="${args}-m " ;; + --postgresql) args="${args}-g " ;; + --mongodb) args="${args}-d " ;; + --exim) args="${args}-x " ;; + --dovecot) args="${args}-z " ;; + --clamav) args="${args}-c " ;; + --spamassassin) args="${args}-t " ;; + --iptables) args="${args}-i " ;; + --fail2ban) args="${args}-b " ;; + --quota) args="${args}-q " ;; + --lang) args="${args}-l " ;; + --interactive) args="${args}-y " ;; --hostname) args="${args}-s " ;; --email) args="${args}-e " ;; --password) args="${args}-p " ;; - --mysql-password) args="${args}-m " ;; - --quota) args="${args}-q " ;; - *) [[ "${arg:0:1}" == "-" ]] || delim="\"" - args="${args}${delim}${arg}${delim} ";; + --force) args="${args}-f " ;; + --help) args="${args}-h " ;; + *) [[ "${arg:0:1}" == "-" ]] || delim="\"" + args="${args}${delim}${arg}${delim} ";; esac done eval set -- "$args" -# Getopt -while getopts "hfibdnqe:m:p:s:" Option; do +# Parsing arguments +while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:q:l:y:s:e:p:fh" Option; do case $Option in - h) help ;; # Help - f) force='yes' ;; # Force install - i) disable_iptables='yes' ;; # Disable iptables - b) disable_fail2ban='yes' ;; # Disable fail2ban - n) noupdate='yes' ;; # Disable apt-get upgrade - s) servername=$OPTARG ;; # Server hostname - e) email=$OPTARG ;; # Set email - p) vpass=$OPTARG ;; # Admin password - m) mpass=$OPTARG ;; # MySQL pasword - q) quota='yes' ;; # Enable quota - *) help ;; # Default + a) apache=$OPTARG ;; # Apache + n) nginx=$OPTARG ;; # Nginx + w) phpfpm=$OPTARG ;; # PHP-FPM + v) vsftpd=$OPTARG ;; # Vsftpd + j) proftpd=$OPTARG ;; # Proftpd + k) named=$OPTARG ;; # Named + m) mysql=$OPTARG ;; # MySQL + g) postgresql=$OPTARG ;; # PostgreSQL + d) mongodb=$OPTARG ;; # MongoDB (unsupported) + x) exim=$OPTARG ;; # Exim + z) dovecot=$OPTARG ;; # Dovecot + c) clamd=$OPTARG ;; # ClamAV + t) spamd=$OPTARG ;; # SpamAssassin + i) iptables=$OPTARG ;; # Iptables + b) fail2ban=$OPTARG ;; # Fail2ban + q) quota=$OPTARG ;; # FS Quota + l) lang=$OPTARG ;; # Language + y) interactive=$OPTARG ;; # Interactive install + s) servername=$OPTARG ;; # Hostname + e) email=$OPTARG ;; # Admin email + p) vpass=$OPTARG ;; # Admin password + f) force='yes' ;; # Force install + h) help ;; # Help + *) help ;; # Print help (default) esac done -# Am I root? -if [ "x$(id -u)" != 'x0' ]; then - echo 'Error: this script can only be executed by root' - exit 1 -fi - -# Check supported version -if [ -e '/etc/redhat-release' ] || [ "$(lsb_release -si)" == "Ubuntu" ]; then - echo 'Error: sorry, this installer works only on Debian 7' - exit 1 -fi - -# Check supported OS -if [ "$(arch)" != 'x86_64' ]; then - arch='i386' +# Defining default software stack +set_default_value 'nginx' 'yes' +set_default_value 'apache' 'yes' +set_default_value 'phpfpm' 'no' +set_default_value 'vsftpd' 'yes' +set_default_value 'proftpd' 'no' +set_default_value 'named' 'yes' +set_default_value 'mysql' 'yes' +set_default_value 'postgresql' 'no' +set_default_value 'mongodb' 'no' +set_default_value 'exim' 'yes' +set_default_value 'dovecot' 'yes' +if [ $memory -lt 1500000 ]; then + set_default_value 'clamd' 'no' + set_default_value 'spamd' 'no' else - arch="amd64" + set_default_value 'clamd' 'yes' + set_default_value 'spamd' 'yes' fi -os=$(head -n1 /etc/issue | cut -f 1 -d ' ') -if [[ "$(cut -f 1 -d . /etc/debian_version)" -eq '7' ]]; then - release="7" - codename="wheezy" +set_default_value 'iptables' 'yes' +set_default_value 'fail2ban' 'yes' +set_default_value 'quota' 'no' +set_default_value 'lang' 'en' +set_default_value 'interactive' 'yes' + +# Checking software conflicts +if [ "$phpfpm" = 'yes' ]; then + apache='no' + nginx='yes' fi -if [ $codename != 'wheezy' ]; then - echo 'Error: only Debian 7 is supported' - exit 1 +if [ "$proftpd" = 'yes' ]; then + vsftpd='no' +fi +if [ "$exim" = 'no' ]; then + clamd='no' + spamd='no' + dovecot='no' +fi +if [ "$iptables" = 'no' ]; then + fail2ban='no' fi -# Check admin user account -if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" != 'yes' ]; then - echo "Error: user admin exists" - echo +# Checking root permissions +if [ "x$(id -u)" != 'x0' ]; then + check_error 1 "Script can be run executed only by root" +fi + +# Checking admin user account +if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' - echo "Example: bash $0 --force" - exit 1 + echo -e "Example: bash $0 --force\n" + check_result 1 "User admin exists" fi -# Check admin group -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" != 'yes' ]; then - echo "Error: group admin exists" - echo - echo 'Please remove admin group before proceeding.' - echo 'If you want to do it automatically run installer with -f option:' - echo "Example: bash $0 --force" - exit 1 -fi - -# Check wget +# Checking wget if [ ! -e '/usr/bin/wget' ]; then apt-get -y install wget - if [ $? -ne 0 ]; then - echo "Error: can't install wget" - exit 1 - fi + check_result $? "Can't install wget" fi -# Check repo availability -wget -q "$CHOST/$VERSION/vesta.conf" -O /dev/null -if [ $? -ne 0 ]; then - echo "Error: no access to repository" - exit 1 -fi +# Checking repository availability +wget -q "$vestacp/deb_signing.key" -O /dev/null +check_result $? "No access to Vesta repository" # Check installed packages tmpfile=$(mktemp -p /tmp) @@ -173,211 +261,306 @@ if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo - exit 1 + check_result 1 "Control Panel should be installed on clean server." fi -# Check server type -memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) -if [ "$memory" -lt '350000' ] && [ -z "$force" ]; then - echo "Error: not enough memory to install Vesta Control Panel." - echo -e "\nMinimum RAM required: 350Mb" - echo 'If you want to force installation run this script with -f option:' - echo "Example: bash $0 --force" - exit 1 -fi -srv_type='micro' -if [ "$memory" -gt '1000000' ]; then - srv_type='small' +#----------------------------------------------------------# +# Brief Info # +#----------------------------------------------------------# + +# Printing nice ascii aslogo +clear +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _| _|_|_| _|_| _| _|_|_|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _|_|_|_| _|_|_| _| _| _|' +echo +echo ' Vesta Control Panel' +echo -e "\n\n" + +echo 'Following software will be installed on your system:' + +# Web stack +if [ "$nginx" = 'yes' ]; then + echo ' - Nginx Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo ' - Apache Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo ' - Apache Web Server (as backend)' +fi +if [ "$phpfpm" = 'yes' ]; then + echo ' - PHP-FPM Application Server' fi -if [ "$memory" -gt '3000000' ]; then - srv_type='medium' +# DNS stack +if [ "$named" = 'yes' ]; then + echo ' - Bind DNS Server' fi -if [ "$memory" -gt '7000000' ]; then - srv_type='large' -fi - -# Are you sure ? -if [ -z $email ]; then - clear - echo - echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' - echo ' _| _| _| _| _| _| _| ' - echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' - echo ' _| _| _| _| _| _| _| ' - echo ' _| _|_|_|_| _|_|_| _| _| _| ' - echo - echo ' Vesta Control Panel' - echo - echo - echo 'Following software will be installed on your system:' - echo ' - Nginx frontend web server' - echo ' - Apache application web server' - echo ' - Bind DNS server' - echo ' - Exim mail server' - echo ' - Dovecot IMAP and POP3 server' - if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - echo ' - Clam mail antivirus' - echo ' - SpamAssassin antispam' +# Mail Stack +if [ "$exim" = 'yes' ]; then + echo -n ' - Exim mail server' + if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then + echo -n ' + ' + if [ "$clamd" = 'yes' ]; then + echo -n 'Antivirus ' + fi + if [ "$spamd" = 'yes' ]; then + echo -n 'Antispam' + fi fi - echo ' - MySQL database server' - echo ' - Vsftpd FTP server' - echo - echo + echo + if [ "$dovecot" = 'yes' ]; then + echo ' - Dovecot POP3/IMAP Server' + fi +fi - read -p 'Do you want to proceed? [y/n]): ' answer +# DB stack +if [ "$mysql" = 'yes' ]; then + echo ' - MySQL Database Server' +fi +if [ "$postgresql" = 'yes' ]; then + echo ' - PostgreSQL Database Server' +fi +if [ "$mongodb" = 'yes' ]; then + echo ' - MongoDB Database Server' +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo ' - Vsftpd FTP Server' +fi +if [ "$proftpd" = 'yes' ]; then + echo ' - ProFTPD FTP Server' +fi + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo -n ' - Iptables Firewall' +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo -n ' + Fail2Ban' +fi +echo -e "\n\n" + +# Asking for confirmation to proceed +if [ "$interactive" = 'yes' ]; then + read -p 'Would you like to continue [y/n]: ' answer if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then echo 'Goodbye' exit 1 fi - # Check email - read -p 'Please enter valid email address: ' email + # Asking for contact email + if [ -z "$email" ]; then + read -p 'Please enter admin email address: ' email + fi - # Define server hostname + # Asking to set FQDN hostname if [ -z "$servername" ]; then - read -p "Please enter hostname [$(hostname)]: " servername + read -p "Please enter FQDN hostname [$(hostname)]: " servername fi fi -# Validate email -local_part=$(echo $email | cut -s -f1 -d\@) -remote_host=$(echo $email | cut -s -f2 -d\@) -mx_failed=1 -if [ ! -z "$remote_host" ] && [ ! -z "$local_part" ]; then - /usr/bin/host -t mx "$remote_host" > /dev/null 2>&1 - mx_failed="$?" +# Generating admin password if it wasn't set +if [ -z "$vpass" ]; then + vpass=$(gen_pass) fi -if [ "$mx_failed" -eq 1 ]; then - echo "Error: email $email is not valid" - exit 1 +# Set hostname if it wasn't set +if [ -z "$servername" ]; then + servername=$(hostname -f) +fi + +# Set email if it wasn't set +if [ -z "$email" ]; then + email="admin@$servername" +fi + +# Defining backup directory +vst_backups="/root/vst_install_backups/$(date +%s)" +echo "Installation backup directory: $vst_backups" + +# Printing start message and sleeping for 5 seconds +echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" +sleep 5 + + +#----------------------------------------------------------# +# Checking swap # +#----------------------------------------------------------# + +# Checking swap on small instances +if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then + fallocate -l 1G /swapfile + chmod 600 /swapfile + mkswap /swapfile + swapon /swapfile + echo "/swapfile none swap sw 0 0" >> /etc/fstab fi #----------------------------------------------------------# # Install repository # #----------------------------------------------------------# -# Let's start -echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" -sleep 5 -# Update system -if [ -z "$noupdate" ]; then - apt-get -y upgrade - if [ $? -ne 0 ]; then - echo 'Error: apt-get upgrade failed' - exit 1 - fi -fi +# Updating system +apt-get -y upgrade +check_result $? 'apt-get upgrade failed' -# Install nginx repo +# Installing nginx repo apt=/etc/apt/sources.list.d echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key apt-key add /tmp/nginx_signing.key -# Install vesta repo +# Installing vesta repo echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list wget $CHOST/deb_signing.key -O deb_signing.key apt-key add deb_signing.key #----------------------------------------------------------# -# Backups # +# Backup # #----------------------------------------------------------# -# Prepare backup tree -vst_backups="/root/vst_install_backups/$(date +%s)" -mkdir -p $vst_backups/nginx -mkdir -p $vst_backups/apache2 -mkdir -p $vst_backups/mysql -mkdir -p $vst_backups/exim4 -mkdir -p $vst_backups/dovecot -mkdir -p $vst_backups/clamav -mkdir -p $vst_backups/spamassassin -mkdir -p $vst_backups/vsftpd -mkdir -p $vst_backups/bind -mkdir -p $vst_backups/vesta -mkdir -p $vst_backups/home +# Creating backup directory tree +mkdir -p $vst_backups +cd $vst_backups +mkdir nginx apache2 php5 php5-fpm vsftpd proftpd bind exim4 dovecot clamd +mkdir spamassassin mysql postgresql mongodb vesta -# Backup sudoers -if [ -e '/etc/sudoers' ]; then - cp /etc/sudoers $vst_backups/ -fi - -# Backup nginx +# Backing up Nginx configuration service nginx stop > /dev/null 2>&1 -if [ -e '/etc/nginx/nginx.conf' ]; then - cp -r /etc/nginx/* $vst_backups/nginx/ -fi +cp -r /etc/nginx/* $vst_backups/nginx >/dev/null 2>&1 -# Backup apache2 +# Backing up Apache configuration service apache2 stop > /dev/null 2>&1 -if [ -e '/etc/apache2/apache2.conf' ]; then - cp -r /etc/apache2/* $vst_backups/apache2/ -fi +cp -r /etc/apache2/* $vst_backups/apache2 > /dev/null 2>&1 +rm -f /etc/apache2/conf.d/* > /dev/null 2>&1 -# Backup bind9 +# Backing up PHP configuration +cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 +cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 + +# Backing up PHP configuration +service php5-fpm stop >/dev/null 2>&1 +cp /etc/php5/* $vst_backups/php5 > /dev/null 2>&1 +rm -f /etc/php5/fpm/pool.d/* >/dev/null 2>&1 + +# Backing up Bind configuration service bind9 stop > /dev/null 2>&1 -if [ -e '/etc/bind/named.conf' ]; then - cp -r /etc/bind/* $vst_backups/bind/ -fi +cp -r /etc/bind/* $vst_backups/bind > /dev/null 2>&1 -# Backup vsftpd +# Backing up Vsftpd configuration service vsftpd stop > /dev/null 2>&1 -if [ -e '/etc/vsftpd.conf' ]; then - cp /etc/vsftpd.conf $vst_backups/vsftpd/ -fi +cp /etc/vsftpd.conf $vst_backups/vsftpd > /dev/null 2>&1 -# Backup exim4 +# Backing up ProFTPD configuration +service proftpd stop > /dev/null 2>&1 +cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 + +# Backing up Exim configuration service exim4 stop > /dev/null 2>&1 -if [ -e '/etc/exim4/exim4.conf.template' ]; then - cp -r /etc/exim4/* $vst_backups/exim4/ -fi +cp -r /etc/exim4/* $vst_backups/exim4 > /dev/null 2>&1 -# Backup clamav +# Backing up ClamAV configuration service clamav-daemon stop > /dev/null 2>&1 -if [ -e '/etc/clamav/clamd.conf' ]; then - cp -r /etc/clamav/* $vst_backups/clamav/ -fi +cp -r /etc/clamav/* $vst_backups/clamav > /dev/null 2>&1 -# Backup SpamAssassin +# Backing up SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 -if [ -e '/etc/spamassassin/local.cf' ]; then - cp -r /etc/spamassassin/* $vst_backups/spamassassin/ -fi +cp -r /etc/spamassassin/* $vst_backups/spamassassin > /dev/null 2>&1 -# Backup dovecot +# Backing up Dovecot configuration service dovecot stop > /dev/null 2>&1 -if [ -e '/etc/dovecot.conf' ]; then - cp /etc/dovecot.conf $vst_backups/dovecot/ -fi -if [ -e '/etc/dovecot' ]; then - cp -r /etc/dovecot/* $vst_backups/dovecot/ -fi +cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 +cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 -# Backup MySQL stuff +# Backing up MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 -if [ -e '/var/lib/mysql' ]; then - mv /var/lib/mysql $vst_backups/mysql/mysql_datadir -fi -if [ -e '/etc/mysql/my.cnf' ]; then - cp -r /etc/mysql/* $vst_backups/mysql/ -fi -if [ -e '/root/.my.cnf' ]; then - mv /root/.my.cnf $vst_backups/mysql/ -fi +killall -9 mysqld > /dev/null 2>&1 +mv /var/lib/mysql $vst_backups/mysql/mysql_datadir > /dev/null 2>&1 +cp -r /etc/mysql/* $vst_backups/mysql > /dev/null 2>&1 +mv -f /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 # Backup vesta service vesta stop > /dev/null 2>&1 -if [ -e '/usr/local/vesta' ]; then - cp -r /usr/local/vesta/* $vst_backups/vesta/ - apt-get -y remove vesta* - apt-get -y purge vesta* - rm -rf /usr/local/vesta +cp -r /usr/local/vesta/* $vst_backups/vesta > /dev/null 2>&1 +apt-get -y remove vesta vesta-nginx vesta-php > /dev/null 2>&1 +apt-get -y purge vesta vesta-nginx vesta-php > /dev/null 2>&1 +rm -rf /usr/local/vesta > /dev/null 2>&1 + + +#----------------------------------------------------------# +# Package Exludes # +#----------------------------------------------------------# + +# Excluding packages +if [ "$nginx" = 'no' ]; then + software=$(echo "$software" | sed -e "s/^nginx//") +fi +if [ "$apache" = 'no' ]; then + software=$(echo "$software" | sed -e "s/apache2 //") + software=$(echo "$software" | sed -e "s/apache2-utils//") + software=$(echo "$software" | sed -e "s/apache2-suexec-custom//") + software=$(echo "$software" | sed -e "s/apache2.2-common//") + software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//") + software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//") + software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//") + software=$(echo "$software" | sed -e "s/libapache2-mod-php5//") +fi +if [ "$phpfpm" = 'no' ]; then + software=$(echo "$software" | sed -e "s/php5-fpm//") +fi +if [ "$vsftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/vsftpd//") +fi +if [ "$proftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/proftpd-basic//") + software=$(echo "$software" | sed -e "s/proftpd-mod-vroot//") +fi +if [ "$named" = 'no' ]; then + software=$(echo "$software" | sed -e "s/bind9//") +fi +if [ "$exim" = 'no' ]; then + software=$(echo "$software" | sed -e "s/exim4 //") + software=$(echo "$software" | sed -e "s/exim4-daemon-heavy//") + software=$(echo "$software" | sed -e "s/dovecot-imapd//") + software=$(echo "$software" | sed -e "s/dovecot-pop3d//") + software=$(echo "$software" | sed -e "s/clamav-daemon//") + software=$(echo "$software" | sed -e "s/spamassassin//") +fi +if [ "$clamd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/clamav-daemon//") +fi +if [ "$spamd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/spamassassin//") +fi +if [ "$dovecot" = 'no' ]; then + software=$(echo "$software" | sed -e "s/dovecot-imapd//") + software=$(echo "$software" | sed -e "s/dovecot-pop3d//") +fi +if [ "$mysql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/mysql-server//') + software=$(echo "$software" | sed -e 's/mysql-client//') + software=$(echo "$software" | sed -e 's/mysql-common//') + software=$(echo "$software" | sed -e 's/php5-mysql//') + software=$(echo "$software" | sed -e 's/phpMyAdmin//') +fi +if [ "$postgresql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/postgresql-contrib//') + software=$(echo "$software" | sed -e 's/postgresql//') + software=$(echo "$software" | sed -e 's/php5-pgsql//') + software=$(echo "$software" | sed -e 's/phppgadmin//') +fi +if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then + software=$(echo "$software" | sed -e 's/fail2ban//') fi @@ -385,37 +568,16 @@ fi # Install packages # #----------------------------------------------------------# -# Exclude heavy packages -if [ "$srv_type" = 'micro' ]; then - software=$(echo "$software" | sed -e 's/libapache2-mod-fcgid//') - software=$(echo "$software" | sed -e 's/clamav-daemon//') - software=$(echo "$software" | sed -e 's/spamassassin//') -fi - -if [ "$srv_type" = 'small' ]; then - software=$(echo "$software" | sed -e 's/clamav-daemon//') - software=$(echo "$software" | sed -e 's/spamassassin//') -fi - -# Exclude fail2ban -if [ "$disable_fail2ban" = 'yes' ]; then - software=$(echo "$software" | sed -e 's/fail2ban//') -fi - # Update system packages apt-get update -# Disable daemon autostart -# For more details /usr/share/doc/sysv-rc/README.policy-rc.d.gz +# Disable daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d chmod a+x /usr/sbin/policy-rc.d -# Install Vesta packages +# Install apt packages apt-get -y install $software -if [ $? -ne 0 ]; then - echo 'Error: apt-get install failed' - exit 1 -fi +check_result $? "apt-get install failed" # Restore policy rm -f /usr/sbin/policy-rc.d @@ -425,93 +587,6 @@ rm -f /usr/sbin/policy-rc.d # Configure system # #----------------------------------------------------------# -# Set writable permission on tmp directory -chmod 777 /tmp - -# Vesta configuration -echo "export VESTA='/usr/local/vesta'" > /etc/profile.d/vesta.sh -chmod 755 /etc/profile.d/vesta.sh -source /etc/profile.d/vesta.sh -echo 'PATH=$PATH:/usr/local/vesta/bin' >> /root/.bash_profile -echo 'export PATH' >> /root/.bash_profile -source /root/.bash_profile -wget $CHOST/$VERSION/vesta.log -O /etc/logrotate.d/vesta - -# Directory tree -mkdir -p $VESTA/conf -mkdir -p $VESTA/log -mkdir -p $VESTA/ssl -mkdir -p $VESTA/data -mkdir -p $VESTA/data/ips -mkdir -p $VESTA/data/queue -mkdir -p $VESTA/data/users -mkdir -p $VESTA/data/firewall -touch $VESTA/data/queue/backup.pipe -touch $VESTA/data/queue/disk.pipe -touch $VESTA/data/queue/webstats.pipe -touch $VESTA/data/queue/restart.pipe -touch $VESTA/data/queue/traffic.pipe -chmod 750 $VESTA/conf -chmod 750 $VESTA/data/users -chmod 750 $VESTA/data/ips -chmod -R 750 $VESTA/data/queue -ln -s /usr/local/vesta/log /var/log/vesta -touch /var/log/vesta/system.log -touch /var/log/vesta/nginx-error.log -touch /var/log/vesta/auth.log -chmod 660 /var/log/vesta/* -adduser backup > /dev/null 2>&1 -mkdir -p /home/backup -chown backup:backup /home/backup -ln -s /home/backup /backup -chmod a+x /backup - -# vesta.conf -wget $CHOST/$VERSION/vesta.conf -O $VESTA/conf/vesta.conf -if [ "$srv_type" = 'micro' ] || [ "$srv_type" = 'small' ]; then - sed -i "s/clamav-daemon//g" $VESTA/conf/vesta.conf - sed -i "s/spamassassin//g" $VESTA/conf/vesta.conf -fi - -# Set server hostname -if [ -z "$servername" ]; then - servername=$(hostname) -fi -/usr/local/vesta/bin/v-change-sys-hostname $servername 2>/dev/null - -# Templates -cd /usr/local/vesta/data -wget $CHOST/$VERSION/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz -cd /usr/local/vesta/data -wget $CHOST/$VERSION/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz -chmod -R 755 /usr/local/vesta/data/templates -cp templates/web/skel/public_html/index.html /var/www/ -sed -i 's/%domain%/It worked!/g' /var/www/index.html -if [ "$srv_type" = 'micro' ]; then - rm -f /usr/local/vesta/data/templates/web/apache2/phpfcgid.* -fi - -# Generating SSL certificate -$VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ - 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem - -# Parsing merged certificate file -crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) - -# Adding SSL certificate -cd /usr/local/vesta/ssl -sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt -sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key -chown root:mail /usr/local/vesta/ssl/* -chmod 660 /usr/local/vesta/ssl/* -rm /tmp/vst.pem - # Enable SSH password auth sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config service ssh restart @@ -528,13 +603,6 @@ echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile # Register /sbin/nologin echo "/sbin/nologin" >> /etc/shells -# Sudo configuration -wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers -wget $CHOST/$VERSION/sudoers.admin.conf -O /etc/sudoers.d/admin -chmod 440 /etc/sudoers -chmod 440 /etc/sudoers.d/admin -echo 'Defaults:admin !syslog' >>/etc/sudoers.d/admin - # NTP Synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate @@ -550,279 +618,532 @@ sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf chmod 755 /usr/bin/rssh -# Nginx configuration -rm -f /etc/nginx/conf.d/*.conf -wget $CHOST/$VERSION/nginx.conf -O /etc/nginx/nginx.conf -wget $CHOST/$VERSION/nginx-status.conf -O /etc/nginx/conf.d/status.conf -touch /etc/nginx/conf.d/vesta.conf -update-rc.d nginx defaults -service nginx stop > /dev/null 2>&1 -service nginx start -if [ "$?" -ne 0 ]; then - echo "Error: nginx start failed" - exit 1 + +#----------------------------------------------------------# +# Configure VESTA # +#----------------------------------------------------------# + +# Downlading sudo configuration +mkdir -p /etc/sudoers.d +wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +chmod 440 /etc/sudoers.d/admin + +# Configuring system env +echo "export VESTA='/usr/local/vesta'" > /etc/profile.d/vesta.sh +chmod 755 /etc/profile.d/vesta.sh +source /etc/profile.d/vesta.sh +echo 'PATH=$PATH:/usr/local/vesta/bin' >> /root/.bash_profile +echo 'export PATH' >> /root/.bash_profile +source /root/.bash_profile + +# Configuring logrotate for vesta logs +wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta + +# Buidling directory tree and creating some blank files for vesta +mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ + $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall +touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ + $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ + $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ + $VESTA/log/nginx-error.log $VESTA/log/auth.log +chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log +chmod -R 750 $VESTA/data/queue +chmod 660 /var/log/vesta/* +rm -f /var/log/vesta +ln -s /usr/local/vesta/log /var/log/vesta + +# Generating vesta configuration +rm -f $VESTA/conf/vesta.conf 2>/dev/null +touch $VESTA/conf/vesta.conf +chmod 660 $VESTA/conf/vesta.conf + +# WEB stack +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf + echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then + echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf + if [ "$phpfpm" = 'yes' ]; then + echo "WEB_BACKEND='php5-fpm'" >> $VESTA/conf/vesta.conf + fi + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi -# Apache configuration -wget $CHOST/$VERSION/apache2.conf -O /etc/apache2/apache2.conf -wget $CHOST/$VERSION/apache2-status.conf \ - -O /etc/apache2/mods-enabled/status.conf -wget $CHOST/$VERSION/apache2.log -O /etc/logrotate.d/apache2 -rm -f /etc/apache2/conf.d/vesta.conf -echo > /etc/apache2/conf.d/vesta.conf -echo "# Powered by vesta" > /etc/apache2/sites-available/default -echo "# Powered by vesta" > /etc/apache2/sites-available/default-ssl -echo "# Powered by vesta" > /etc/apache2/ports.conf -touch /var/log/apache2/access.log -touch /var/log/apache2/error.log -mkdir -p /var/log/apache2/domains -chmod a+x /var/log/apache2 -chmod 640 /var/log/apache2/access.log -chmod 640 /var/log/apache2/error.log -chmod 751 /var/log/apache2/domains -a2enmod rewrite -a2enmod suexec -a2enmod ssl -a2enmod actions -a2enmod ruid2 -echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data -update-rc.d apache2 defaults -service apache2 stop > /dev/null 2>&1 -service apache2 start -if [ "$?" -ne 0 ]; then - echo "Error: apache2 start failed" - exit 1 +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf +fi +if [ "$proftpd" = 'yes' ]; then + echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf fi -# Vsftpd configuration -wget $CHOST/$VERSION/vsftpd.conf -O /etc/vsftpd.conf -update-rc.d vsftpd defaults -service vsftpd stop > /dev/null 2>&1 -service vsftpd start -if [ "$?" -ne 0 ]; then - echo "Error: vsftpd start failed" - exit 1 +# DNS stack +if [ "$named" = 'yes' ]; then + echo "DNS_SYSTEM='bind9'" >> $VESTA/conf/vesta.conf fi -# Generating MySQL password if it wasn't set -if [ -z "$mpass" ]; then - mpass=$(gen_pass) +# Mail stack +if [ "$exim" = 'yes' ]; then + echo "MAIL_SYSTEM='exim4'" >> $VESTA/conf/vesta.conf + if [ "$clamd" = 'yes' ]; then + echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $VESTA/conf/vesta.conf + fi + if [ "$spamd" = 'yes' ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + fi + if [ "$dovecot" = 'yes' ]; then + echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf + fi fi -# MySQL configuration -wget $CHOST/$VERSION/my.cnf -O /etc/mysql/my.cnf -mysql_install_db -update-rc.d mysql defaults -service mysql stop > /dev/null 2>&1 -service mysql start -if [ "$?" -ne 0 ]; then - echo "Error: mysql start failed" - exit 1 -fi -mysqladmin -u root password $mpass -echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf -chmod 600 /root/.my.cnf -mysql -e "DELETE FROM mysql.user WHERE User=''" -mysql -e "DROP DATABASE test" > /dev/null 2>&1 -mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" -mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" -mysql -e "FLUSH PRIVILEGES" +# CRON daemon +echo "CRON_SYSTEM='cron'" >> $VESTA/conf/vesta.conf -# Bind configuration -wget $CHOST/$VERSION/named.conf -O /etc/bind/named.conf -sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options -chown root:bind /etc/bind/named.conf -chmod 640 /etc/bind/named.conf -update-rc.d bind9 defaults -service bind9 stop > /dev/null 2>&1 -service bind9 start -if [ "$?" -ne 0 ]; then - echo "Error: bind9 start failed" - exit 1 +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf fi -# Exim -wget $CHOST/$VERSION/exim4.conf.template -O /etc/exim4/exim4.conf.template -if [ "$srv_type" != 'micro' ] && [ "$srv_type" != 'small' ]; then - sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template - sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template -fi -wget $CHOST/$VERSION/dnsbl.conf -O /etc/exim4/dnsbl.conf -wget $CHOST/$VERSION/spam-blocks.conf -O /etc/exim4/spam-blocks.conf -touch /etc/exim4/white-blocks.conf -rm -rf /etc/exim4/domains -mkdir -p /etc/exim4/domains -chmod 640 /etc/exim4/exim4.conf.template -gpasswd -a Debian-exim mail -if [ -e /etc/init.d/sendmail ]; then - update-rc.d -f sendmail remove - service sendmail stop -fi -if [ -e /etc/init.d/postfix ]; then - update-rc.d -f postfix remove - service postfix stop -fi -rm -f /etc/alternatives/mta -ln -s /usr/sbin/exim4 /etc/alternatives/mta -update-rc.d exim4 defaults -service exim4 stop > /dev/null 2>&1 -service exim4 start -if [ "$?" -ne 0 ]; then - echo "Error: exim start failed" - exit +# Disk quota +if [ "$quota" = 'yes' ]; then + echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf fi -# Dovecot configuration -wget $CHOST/$VERSION/dovecot.conf -O /etc/dovecot/dovecot.conf -cd /etc/dovecot/ -wget $CHOST/$VERSION/dovecot-conf.d.tar.gz -rm -rf conf.d *.ext README -tar -xzf dovecot-conf.d.tar.gz -rm -f dovecot-conf.d.tar.gz -chown -R root:root /etc/dovecot -gpasswd -a dovecot mail -update-rc.d dovecot defaults -service dovecot stop > /dev/null 2>&1 -service dovecot start -if [ "$?" -ne 0 ]; then - echo "Error: dovecot start failed" - exit 1 +# Backups +echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf + +# Language +echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf + +# Version +echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf + +# Downloading hosting packages +cd $VESTA/data +wget $vestacp/packages.tar.gz -O packages.tar.gz +tar -xzf packages.tar.gz +rm -f packages.tar.gz + +# Downloading templates +wget $vestacp/templates.tar.gz -O templates.tar.gz +tar -xzf templates.tar.gz +rm -f templates.tar.gz + +# Copying index.html to default documentroot +cp templates/web/skel/public_html/index.html /var/www/ +sed -i 's/%domain%/It worked!/g' /var/www/index.html + +# Downloading firewall rules +wget $vestacp/firewall.tar.gz -O firewall.tar.gz +tar -xzf firewall.tar.gz +rm -f firewall.tar.gz + +# Configuring server hostname +$VESTA/bin/v-change-sys-hostname $servername 2>/dev/null + +# Generating SSL certificate +$VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ + 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem + +# Parsing certificate file +crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) +key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) +key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) + +# Adding SSL certificate +cd $VESTA/ssl +sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt +sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key +chown root:mail $VESTA/ssl/* +chmod 660 $VESTA/ssl/* +rm /tmp/vst.pem + + +#----------------------------------------------------------# +# Configure Nginx # +#----------------------------------------------------------# + +if [ "$nginx" = 'yes' ]; then + rm -f /etc/nginx/conf.d/*.conf + wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf + wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf + wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc + wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc + wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc + wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + echo > /etc/nginx/conf.d/vesta.conf + mkdir -p /var/log/nginx/domains + update-rc.d nginx defaults + service nginx start + check_result $? "nginx start failed" fi -# ClamAV configuration -if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - wget $CHOST/$VERSION/clamd.conf -O /etc/clamav/clamd.conf + +#----------------------------------------------------------# +# Configure Apache # +#----------------------------------------------------------# + +if [ "$apache" = 'yes' ]; then + wget $vestacp/apache2/apache2.conf -O /etc/apache2/apache2.conf + wget $vestacp/apache2/status.conf -O /etc/apache2/mods-enabled/status.conf + wget $vestacp/logrotate/apache2 -O /etc/logrotate.d/apache2 + a2enmod rewrite + a2enmod suexec + a2enmod ssl + a2enmod actions + a2enmod ruid2 + mkdir -p /etc/apache2/conf.d + echo > /etc/apache2/conf.d/vesta.conf + echo "# Powered by vesta" > /etc/apache2/sites-available/default + echo "# Powered by vesta" > /etc/apache2/sites-available/default-ssl + echo "# Powered by vesta" > /etc/apache2/ports.conf + echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data + touch /var/log/apache2/access.log /var/log/apache2/error.log + mkdir -p /var/log/apache2/domains + chmod a+x /var/log/apache2 + chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log + chmod 751 /var/log/apache2/domains + update-rc.d apache2 defaults + service apache2 start + check_result $? "apache2 start failed" +fi + + +#----------------------------------------------------------# +# Configure PHP-FPM # +#----------------------------------------------------------# + +if [ "$phpfpm" = 'yes' ]; then + wget $vestacp/php5-fpm/www.conf -O /etc/php5/fpm/pool.d/www.conf + update-rc.d php5-fpm defaults + service php5-fpm start + check_result $? "php-fpm start failed" +fi + + +#----------------------------------------------------------# +# Configure PHP # +#----------------------------------------------------------# + +ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') +if [ -z "$ZONE" ]; then + ZONE='UTC' +fi +sed -i "s/;date.timezone =/date.timezone = $ZONE/g" /etc/php5/apache2/php.ini +sed -i "s/;date.timezone =/date.timezone = $ZONE/g" /etc/php5/cli/php.ini +sed -i 's%_open_tag = Off%_open_tag = On%g' /etc/php5/apache2/php.ini +sed -i 's%_open_tag = Off%_open_tag = On%g' /etc/php5/cli/php.ini + + +#----------------------------------------------------------# +# Configure VSFTPD # +#----------------------------------------------------------# + +if [ "$vsftpd" = 'yes' ]; then + wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd.conf + update-rc.d vsftpd defaults + service vsftpd start + check_result $? "vsftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure ProFTPD # +#----------------------------------------------------------# + +if [ "$proftpd" = 'yes' ]; then + echo "127.0.0.1 $servername" >> /etc/hosts + wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd/proftpd.conf + update-rc.d proftpd defaults + service proftpd start + check_result $? "proftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure MySQL/MariaDB # +#----------------------------------------------------------# + +if [ "$mysql" = 'yes' ]; then + mycnf="my-small.cnf" + if [ $memory -gt 1200000 ]; then + mycnf="my-medium.cnf" + fi + if [ $memory -gt 3900000 ]; then + mycnf="my-large.cnf" + fi + + # MySQL configuration + wget $vestacp/mysql/$mycnf -O /etc/mysql/my.cnf + mysql_install_db + update-rc.d mysql defaults + service mysql start + check_result $? "mysql start failed" + + # Securing MySQL installation + mysqladmin -u root password $vpass + echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysql -e "DELETE FROM mysql.user WHERE User=''" + mysql -e "DROP DATABASE test" >/dev/null 2>&1 + mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" + mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "FLUSH PRIVILEGES" + + # Configuring phpMyAdmin + if [ "$apache" = 'yes' ]; then + wget $vestacp/pma/apache.conf -O /etc/phpmyadmin/apache.conf + ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf + fi + wget $vestacp/pma/config.inc.php -O /etc/phpmyadmin/config.inc.php + chmod 777 /var/lib/phpmyadmin/tmp +fi + +#----------------------------------------------------------# +# Configure PostgreSQL # +#----------------------------------------------------------# + +if [ "$postgresql" = 'yes' ]; then + wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf + service postgresql restart + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" 2>/dev/null + + # Configuring phpPgAdmin + if [ "$apache" = 'yes' ]; then + wget $vestacp/pga/phppgadmin.conf -O /etc/apache2/conf.d/phppgadmin.conf + fi + wget $vestacp/pga/config.inc.php -O /etc/phppgadmin/config.inc.php +fi + + +#----------------------------------------------------------# +# Configure Bind # +#----------------------------------------------------------# + +if [ "$named" = 'yes' ]; then + wget $vestacp/bind/named.conf -O /etc/bind/named.conf + sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options + chown root:bind /etc/bind/named.conf + chmod 640 /etc/bind/named.conf + update-rc.d bind9 defaults + service bind9 start + check_result $? "bind9 start failed" +fi + +#----------------------------------------------------------# +# Configure Exim # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ]; then + gpasswd -a Debian-exim mail + wget $vestacp/exim/exim4.conf.template -O /etc/exim4/exim4.conf.template + wget $vestacp/exim/dnsbl.conf -O /etc/exim4/dnsbl.conf + wget $vestacp/exim/spam-blocks.conf -O /etc/exim4/spam-blocks.conf + touch /etc/exim4/white-blocks.conf + + if [ "$spamd" = 'yes' ]; then + sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template + fi + if [ "$clamd" = 'yes' ]; then + sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template + fi + + chmod 640 /etc/exim4/exim4.conf.template + rm -rf /etc/exim4/domains + mkdir -p /etc/exim4/domains + + rm -f /etc/alternatives/mta + ln -s /usr/sbin/exim4 /etc/alternatives/mta + update-rc.d -f sendmail remove > /dev/null 2>&1 + service sendmail stop > /dev/null 2>&1 + update-rc.d -f postfix remove > /dev/null 2>&1 + service postfix stop > /dev/null 2>&1 + + update-rc.d exim4 defaults + service exim4 start + check_result $? "exim4 start failed" +fi + + +#----------------------------------------------------------# +# Configure Dovecot # +#----------------------------------------------------------# + +if [ "$dovecot" = 'yes' ]; then + gpasswd -a dovecot mail + wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz + cd /etc + rm -rf dovecot dovecot.conf + tar -xzf dovecot.tar.gz + rm -f dovecot.tar.gz + chown -R root:root /etc/dovecot* + update-rc.d dovecot defaults + service dovecot start + check_result $? "dovecot start failed" +fi + + +#----------------------------------------------------------# +# Configure ClamAV # +#----------------------------------------------------------# + +if [ "$clamd" = 'yes' ]; then gpasswd -a clamav mail gpasswd -a clamav Debian-exim + wget $vestacp/clamav/clamd.conf -O /etc/clamav/clamd.conf /usr/bin/freshclam update-rc.d clamav-daemon defaults - service clamav-daemon stop > /dev/null 2>&1 service clamav-daemon start - if [ "$?" -ne 0 ]; then - echo "Error: clamav start failed" - exit 1 - fi + check_result $? "clamav-daeom start failed" fi -# SpamAssassin configuration -if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then + +#----------------------------------------------------------# +# Configure SpamAssassin # +#----------------------------------------------------------# + +if [ "$spamd" = 'yes' ]; then update-rc.d spamassassin defaults sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin - service spamassassin stop > /dev/null 2>&1 service spamassassin start - if [ "$?" -ne 0 ]; then - echo "Error: spamassassin start failed" - exit 1 + check_result $? "spamassassin start failed" +fi + + +#----------------------------------------------------------# +# Configure RoundCube # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then + if [ "$apache" = 'yes' ]; then + wget $vestacp/roundcube/apache.conf -O /etc/roundcube/apache.conf + ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf + fi + wget $vestacp/roundcube/main.inc.php -O /etc/roundcube/main.inc.php + wget $vestacp/roundcube/db.inc.php -O /etc/roundcube/db.inc.php + wget $vestacp/roundcube/vesta.php -O \ + /usr/share/roundcube/plugins/password/drivers/vesta.php + wget $vestacp/roundcube/config.inc.php -O \ + /etc/roundcube/plugins/password/config.inc.php + r="$(gen_pass)" + mysql -e "CREATE DATABASE roundcube" + mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" + sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php + mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql + chmod a+r /etc/roundcube/main.inc.php + if [ "$release" -eq 8 ]; then + mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php + mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php fi fi -# Fail2ban configuration -if [ -z "$disable_fail2ban" ]; then + +#----------------------------------------------------------# +# Configure Fail2Ban # +#----------------------------------------------------------# + +if [ "$fail2ban" = 'yes' ]; then cd /etc - wget $CHOST/$VERSION/fail2ban.tar.gz -O fail2ban.tar.gz + wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz tar -xzf fail2ban.tar.gz rm -f fail2ban.tar.gz - chkconfig fail2ban on + if [ "$dovecot" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) + fline=$(echo "$fline" |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + if [ "$exim" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) + fline=$(echo "$fline" |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + update-rc.d fail2ban defaults service fail2ban start -else - sed -i "s/fail2ban//" $VESTA/conf/vesta.conf + check_result $? "fail2ban start failed" fi -# php configuration -sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php5/apache2/php.ini -sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php5/cli/php.ini -# phpMyAdmin configuration -wget $CHOST/$VERSION/apache2-pma.conf -O /etc/phpmyadmin/apache.conf -wget $CHOST/$VERSION/pma.conf -O /etc/phpmyadmin/config.inc.php -ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf -mv -f /etc/phpmyadmin/config-db.php /etc/phpmyadmin/config-db.php_ -chmod 777 /var/lib/phpmyadmin/tmp -# Roundcube configuration -wget $CHOST/$VERSION/apache2-webmail.conf -O /etc/roundcube/apache.conf -wget $CHOST/$VERSION/roundcube-main.conf -O /etc/roundcube/main.inc.php -wget $CHOST/$VERSION/roundcube-db.conf -O /etc/roundcube/db.inc.php -wget $CHOST/$VERSION/roundcube-driver.php -O \ - /usr/share/roundcube/plugins/password/drivers/vesta.php -wget $CHOST/$VERSION/roundcube-pw.conf -O \ - /etc/roundcube/plugins/password/config.inc.php -r="$(gen_pass)" -mysql -e "DROP DATABASE roundcube" > /dev/null 2>&1 -mysql -e "CREATE DATABASE roundcube" -mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" -sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php -mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql -mkdir -p /var/log/roundcube/error -chmod -R 777 /var/log/roundcube +#----------------------------------------------------------# +# Configure Admin User # +#----------------------------------------------------------# -# Deleting old admin user account if exists +# Deleting old admin user if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then chattr -i /home/admin/conf > /dev/null 2>&1 - userdel -f admin - chattr -i /home/admin/conf - mv -f /home/admin $vst_backups/home/ - rm -f /tmp/sess_* + userdel -f admin >/dev/null 2>&1 + chattr -i /home/admin/conf >/dev/null 2>&1 + mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 + rm -f /tmp/sess_* >/dev/null 2>&1 fi -if [ ! -z "$(grep ^admin: /etc/group)" ]; then +if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then groupdel admin > /dev/null 2>&1 fi -# Generating admin password if it wasn't set -if [ -z "$vpass" ]; then - vpass=$(gen_pass) -fi - -# Adding admin account +# Adding vesta account $VESTA/bin/v-add-user admin $vpass $email default System Administrator -if [ $? -ne 0 ]; then - echo "Error: can't create admin user" - exit 1 -fi +check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash -$VESTA/bin/v-change-user-language admin en - -# Configure mysql host -$VESTA/bin/v-add-database-host mysql localhost root $mpass -$VESTA/bin/v-add-database admin default default $(gen_pass) mysql +$VESTA/bin/v-change-user-language admin $lang # Configuring system ips $VESTA/bin/v-update-sys-ip -# Firewall configuartion -cd $VESTA/data -wget $CHOST/$VERSION/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz -if [ "$disable_iptables" = 'yes' ]; then - sed -i "s/iptables//" $VESTA/conf/vesta.conf -else - /usr/local/vesta/bin/v-update-firewall -fi - # Get main ip -main_ip=$(ifconfig |grep 'inet addr:' |grep -v 127.0.0.1 |head -n1 | \ - cut -f2 -d: | cut -f1 -d ' ') +ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) -# Get remote ip -vst_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) -if [ ! -z "$vst_ip" ] && [ "$vst_ip" != "$main_ip" ]; then - # Set NAT association - $VESTA/bin/v-change-sys-ip-nat $main_ip $vst_ip +# Get public ip +pub_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) +if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip fi -if [ -z "$vst_ip" ]; then - vst_ip=$main_ip +if [ -z "$pub_ip" ]; then + ip=$main_ip fi -# Add default web domain -$VESTA/bin/v-add-web-domain admin default.domain $vst_ip +# Firewall configuration +if [ "$iptables" = 'yes' ]; then + $VESTA/bin/v-update-firewall +fi -# Add default dns domain -$VESTA/bin/v-add-dns-domain admin default.domain $vst_ip +# Configuring mysql host +if [ "$mysql" = 'yes' ]; then + $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database admin default default $(gen_pass) mysql +fi -# Add default mail domain -$VESTA/bin/v-add-mail-domain admin default.domain +# Configuring pgsql host +if [ "$postgresql" = 'yes' ]; then + $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql +fi -# Configuring cron jobs +# Adding default domain +$VESTA/bin/v-add-domain admin $servername +check_result $? "can't create $servername domain" + +# Adding cron jobs command='sudo /usr/local/vesta/bin/v-update-sys-queue disk' $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command='sudo /usr/local/vesta/bin/v-update-sys-queue traffic' @@ -837,35 +1158,42 @@ command='sudo /usr/local/vesta/bin/v-update-user-stats' $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command='sudo /usr/local/vesta/bin/v-update-sys-rrd' $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +service cron restart # Building inititall rrd images $VESTA/bin/v-update-sys-rrd -# Enable file system quota +# Enabling file system quota if [ "$quota" = 'yes' ]; then $VESTA/bin/v-add-sys-quota fi -# Start system service +# Starting vesta service update-rc.d vesta defaults -service vesta stop > /dev/null 2>&1 service vesta start -if [ "$?" -ne 0 ]; then - echo "Error: vesta start failed" - exit 1 +check_result $? "vesta start failed" + + +#----------------------------------------------------------# +# Vesta Access Info # +#----------------------------------------------------------# + +# Sending install notification to vestacp.com +wget vestacp.com/notify/?$codename -O /dev/null -q + +# Comparing hostname and ip +host_ip=$(host $servername| head -n 1 | awk '{print $NF}') +if [ "$host_ip" = "$ip" ]; then + ip="$servername" fi -# Send notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null - -# Send notification to admin email +# Sending notification to admin email echo -e "Congratulations, you have just successfully installed \ -the Vesta Control Panel +Vesta Control Panel -You can login in Vesta with following credentials: + https://$ip:8083 username: admin password: $vpass - https://$vst_ip:8083 We hope that you enjoy your installation of Vesta. Please \ feel free to contact us anytime if you have any questions. @@ -878,12 +1206,10 @@ vestacp.com team send_mail="$VESTA/web/inc/mail-wrapper.php" cat $tmpfile | $send_mail -s "Vesta Control Panel" $email -rm -f $tmpfile # Congrats echo '=======================================================' echo -echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' echo ' _| _| _| _| _| _| _| ' echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' @@ -891,20 +1217,7 @@ echo ' _| _| _| _| _| _| _| ' echo ' _| _|_|_|_| _|_|_| _| _| _| ' echo echo -echo '-------------------------------' -echo " https://$vst_ip:8083" -echo ' username: admin' -echo " password: $vpass" -echo '-------------------------------' -echo -echo -echo 'Congratulations,' -echo 'you have successfully installed Vesta Control Panel.' -echo -echo +cat $tmpfile +rm -f $tmpfile -# Tricky way to get new PATH variable -cd -bash - -#EOF +# EOF diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh old mode 100644 new mode 100755 index b90320cbd..9aa438570 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Vesta RHEL/CentOS installer v.04 +# Vesta RHEL/CentOS installer v.05 #----------------------------------------------------------# # Variables&Functions # @@ -10,34 +10,68 @@ RHOST='r.vestacp.com' CHOST='c.vestacp.com' REPO='cmmnt' VERSION='0.9.8/rhel' -YUM_REPO='/etc/yum.repos.d/vesta.repo' -software="nginx httpd mod_ssl mod_ruid2 mod_extract_forwarded mod_fcgid - php php-bcmath php-cli php-common php-gd php-imap php-mbstring php-mcrypt - php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc quota e2fsprogs - phpMyAdmin awstats webalizer vsftpd mysql mysql-server exim dovecot clamd - spamassassin curl roundcubemail bind bind-utils bind-libs mc screen ftp - libpng libjpeg libmcrypt mhash zip unzip openssl flex rssh libxml2 - ImageMagick sqlite pcre sudo bc jwhois mailx lsof tar telnet rrdtool - fail2ban GeoIP freetype ntp openssh-clients vesta vesta-nginx vesta-php" +memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) +arch=$(uname -i) +os=$(cut -f 1 -d ' ' /etc/redhat-release) +release=$(grep -o "[0-9]" /etc/redhat-release |head -n1) +codename="${os}_$release" +vestacp="http://$CHOST/$VERSION/$release" -# Help +if [ "$release" -eq 7 ]; then + software="nginx httpd mod_ssl mod_ruid2 mod_fcgid php php-common php-cli + php-bcmath php-gd php-imap php-mbstring php-mcrypt php-mysql php-pdo + php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql awstats webalizer + vsftpd proftpd bind bind-utils bind-libs exim dovecot clamav-server + clamav-update spamassassin roundcubemail mariadb mariadb-server phpMyAdmin + postgresql postgresql-server postgresql-contrib phpPgAdmin e2fsprogs + openssh-clients ImageMagick curl mc screen ftp zip unzip flex sqlite pcre + sudo bc jwhois mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype + fail2ban rsyslog iptables-services which vesta vesta-nginx vesta-php" +else + software="nginx httpd mod_ssl mod_ruid2 mod_fcgid mod_extract_forwarded + php php-common php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt + php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql + awstats webalizer vsftpd proftpd bind bind-utils bind-libs exim dovecot + clamd spamassassin roundcubemail mysql mysql-server phpMyAdmin postgresql + postgresql-server postgresql-contrib phpPgAdmin e2fsprogs openssh-clients + ImageMagick curl mc screen ftp zip unzip flex sqlite pcre sudo bc jwhois + mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype fail2ban + which vesta vesta-nginx vesta-php" +fi + +# Defining help function help() { - echo "usage: $0 [OPTIONS] - -h, --help Print this help and exit - -f, --force Force installation - -i, --disable-iptables Disable iptables support - -b, --disable-fail2ban Disable fail2ban protection - -d, --disable-remi Disable remi repository - -n, --noupdate Do not run yum update command - -s, --hostname Set server hostname - -e, --email Set email address - -p, --password Set admin password instead of generating it - -m, --mysql-password Set MySQL password instead of generating it - -q, --quota Enable File System Quota" + echo "Usage: $0 [OPTIONS] + -a, --apache Install Apache [yes|no] default: yes + -n, --nginx Install Nginx [yes|no] default: yes + -w, --phpfpm Install PHP-FPM [yes|no] default: no + -v, --vsftpd Install Vsftpd [yes|no] default: yes + -j, --proftpd Install ProFTPD [yes|no] default: no + -k, --named Install Bind [yes|no] default: yes + -m, --mysql Install MySQL [yes|no] default: yes + -g, --postgresql Install PostgreSQL [yes|no] default: no + -d, --mongodb Install MongoDB [yes|no] unsupported + -x, --exim Install Exim [yes|no] default: yes + -z, --dovecot Install Dovecot [yes|no] default: yes + -c, --clamav Install ClamAV [yes|no] default: yes + -t, --spamassassin Install SpamAssassin [yes|no] default: yes + -i, --iptables Install Iptables [yes|no] default: yes + -b, --fail2ban Install Fail2ban [yes|no] default: yes + -r, --remi Install Remi repo [yes|no] default: yes + -q, --quota Filesystem Quota [yes|no] default: no + -l, --lang Default language default: en + -y, --interactive Interactive install [yes|no] default: yes + -s, --hostname Set hostname + -e, --email Set admin email + -p, --password Set admin password + -f, --force Force installation + -h, --help Print this help + + Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" exit 1 } -# Password generator +# Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' LENGTH=10 @@ -48,117 +82,172 @@ gen_pass() { echo "$PASS" } +# Defning return code check function +check_result() { + if [ $1 -ne 0 ]; then + echo "Error: $2" + exit $1 + fi +} + +# Defining function to set default value +set_default_value() { + eval variable=\$$1 + if [ -z "$variable" ]; then + eval $1=$2 + fi + if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then + eval $1=$2 + fi +} + #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# +# Creating temporary file +tmpfile=$(mktemp -p /tmp) + # Translating argument to --gnu-long-options for arg; do delim="" case "$arg" in - --help) args="${args}-h " ;; - --force) args="${args}-f " ;; - --disable-fail2ban) args="${args}-b " ;; - --disable-remi) args="${args}-d " ;; - --disable-iptables) args="${args}-i " ;; - --noupdate) args="${args}-n " ;; + --apache) args="${args}-a " ;; + --nginx) args="${args}-n " ;; + --phpfpm) args="${args}-w " ;; + --vsftpd) args="${args}-v " ;; + --proftpd) args="${args}-j " ;; + --named) args="${args}-k " ;; + --mysql) args="${args}-m " ;; + --postgresql) args="${args}-g " ;; + --mongodb) args="${args}-d " ;; + --exim) args="${args}-x " ;; + --dovecot) args="${args}-z " ;; + --clamav) args="${args}-c " ;; + --spamassassin) args="${args}-t " ;; + --iptables) args="${args}-i " ;; + --fail2ban) args="${args}-b " ;; + --remi) args="${args}-r " ;; + --quota) args="${args}-q " ;; + --lang) args="${args}-l " ;; + --interactive) args="${args}-y " ;; --hostname) args="${args}-s " ;; --email) args="${args}-e " ;; --password) args="${args}-p " ;; - --mysql-password) args="${args}-m " ;; - --quota) args="${args}-q " ;; - *) [[ "${arg:0:1}" == "-" ]] || delim="\"" - args="${args}${delim}${arg}${delim} ";; + --force) args="${args}-f " ;; + --help) args="${args}-h " ;; + *) [[ "${arg:0:1}" == "-" ]] || delim="\"" + args="${args}${delim}${arg}${delim} ";; esac done eval set -- "$args" -# Getopt -while getopts "hfibdnqe:m:p:s:" Option; do +# Parsing arguments +while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:q:l:y:s:e:p:fh" Option; do case $Option in - h) help ;; # Help - f) force='yes' ;; # Force install - i) disable_iptables='yes' ;; # Disable iptables - b) disable_fail2ban='yes' ;; # Disable fail2ban - d) disable_remi='yes' ;; # Disable remi repo - n) noupdate='yes' ;; # Disable yum update - s) servername=$OPTARG ;; # Server hostname - e) email=$OPTARG ;; # Set email - p) vpass=$OPTARG ;; # Admin password - m) mpass=$OPTARG ;; # MySQL pasword - q) quota='yes' ;; # Enable quota - *) help ;; # Default + a) apache=$OPTARG ;; # Apache + n) nginx=$OPTARG ;; # Nginx + w) phpfpm=$OPTARG ;; # PHP-FPM + v) vsftpd=$OPTARG ;; # Vsftpd + j) proftpd=$OPTARG ;; # Proftpd + k) named=$OPTARG ;; # Named + m) mysql=$OPTARG ;; # MySQL + g) postgresql=$OPTARG ;; # PostgreSQL + d) mongodb=$OPTARG ;; # MongoDB (unsupported) + x) exim=$OPTARG ;; # Exim + z) dovecot=$OPTARG ;; # Dovecot + c) clamd=$OPTARG ;; # ClamAV + t) spamd=$OPTARG ;; # SpamAssassin + i) iptables=$OPTARG ;; # Iptables + b) fail2ban=$OPTARG ;; # Fail2ban + r) remi=$OPTARG ;; # Remi repo + q) quota=$OPTARG ;; # FS Quota + l) lang=$OPTARG ;; # Language + y) interactive=$OPTARG ;; # Interactive install + s) servername=$OPTARG ;; # Hostname + e) email=$OPTARG ;; # Admin email + p) vpass=$OPTARG ;; # Admin password + f) force='yes' ;; # Force install + h) help ;; # Help + *) help ;; # Print help (default) esac done -# Am I root? +# Defining default software stack +set_default_value 'nginx' 'yes' +set_default_value 'apache' 'yes' +set_default_value 'phpfpm' 'no' +set_default_value 'vsftpd' 'yes' +set_default_value 'proftpd' 'no' +set_default_value 'named' 'yes' +set_default_value 'mysql' 'yes' +set_default_value 'postgresql' 'no' +set_default_value 'mongodb' 'no' +set_default_value 'exim' 'yes' +set_default_value 'dovecot' 'yes' +if [ $memory -lt 1500000 ]; then + set_default_value 'clamd' 'no' + set_default_value 'spamd' 'no' +else + set_default_value 'clamd' 'yes' + set_default_value 'spamd' 'yes' +fi +set_default_value 'iptables' 'yes' +set_default_value 'fail2ban' 'yes' +set_default_value 'remi' 'yes' +set_default_value 'quota' 'no' +set_default_value 'lang' 'en' +set_default_value 'interactive' 'yes' + +# Checking software conflicts +if [ "$phpfpm" = 'yes' ]; then + apache='no' + nginx='yes' +fi +if [ "$proftpd" = 'yes' ]; then + vsftpd='no' +fi +if [ "$exim" = 'no' ]; then + clamd='no' + spamd='no' + dovecot='no' +fi +if [ "$iptables" = 'no' ]; then + fail2ban='no' +fi + + +# Checking root permissions if [ "x$(id -u)" != 'x0' ]; then - echo 'Error: this script can only be executed by root' - exit 1 + check_error 1 "Script can be run executed only by root" fi -# Check supported version -if [ ! -e '/etc/redhat-release' ]; then - echo 'Error: sorry, we currently support RHEL and CentOS only' - exit 1 -fi - -# Check supported OS -arch=$(uname -i) -os=$(cut -f 1 -d ' ' /etc/redhat-release) -release=$(grep -o "[0-9]" /etc/redhat-release |head -n1) -codename="${os}_$release" -if [ $os != 'CentOS' ] && [ $os != 'Red' ]; then - echo 'Error: sorry, we currently support RHEL and CentOS only' - exit -fi - -# Check admin user account -if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" != 'yes' ]; then - echo "Error: user admin exists" - echo +# Checking admin user account +if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' - echo "Example: bash $0 --force" - exit 1 + echo -e "Example: bash $0 --force\n" + check_result 1 "User admin exists" fi -# Check admin group -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" != 'yes' ]; then - echo "Error: group admin exists" - echo - echo 'Please remove admin group before proceeding.' - echo 'If you want to do it automatically run installer with -f option:' - echo "Example: bash $0 --force" - exit 1 -fi - -# Check wget +# Checking wget if [ ! -e '/usr/bin/wget' ]; then yum -y install wget - if [ $? -ne 0 ]; then - echo "Error: can't install wget" - exit 1 - fi + check_result $? "Can't install wget" fi -# Check repo availability -wget -q "$CHOST/$VERSION/vesta.conf" -O /dev/null -if [ $? -ne 0 ]; then - echo "Error: no access to $REPO repository" - exit 1 -fi +# Checking repository availability +wget -q "$vestacp/GPG.txt" -O /dev/null +check_result $? "No access to Vesta repository" -# Check installed packages -tmpfile=$(mktemp -p /tmp) +# Checking installed packages rpm -qa > $tmpfile -for pkg in exim bind-9 mysql-server httpd nginx vesta; do +for pkg in exim mysql-server httpd nginx vesta; do if [ ! -z "$(grep $pkg $tmpfile)" ]; then conflicts="$pkg $conflicts" fi done -rm -f $tmpfile if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo @@ -171,92 +260,357 @@ if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo - exit 1 + check_result 1 "Control Panel should be installed on clean server." fi -# Check server type -memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) -if [ "$memory" -lt '350000' ] && [ -z "$force" ]; then - echo "Error: not enough memory to install Vesta Control Panel." - echo -e "\nMinimum RAM required: 350Mb" - echo 'If you want to force installation run this script with -f option:' - echo "Example: bash $0 --force" - exit 1 -fi -srv_type='micro' -if [ "$memory" -gt '1000000' ]; then - srv_type='small' +#----------------------------------------------------------# +# Brief Info # +#----------------------------------------------------------# + +# Printing nice ascii aslogo +clear +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _| _|_|_| _|_| _| _|_|_|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _|_|_|_| _|_|_| _| _| _|' +echo +echo ' Vesta Control Panel' +echo -e "\n\n" + +echo 'Following software will be installed on your system:' + +# Web stack +if [ "$nginx" = 'yes' ]; then + echo ' - Nginx Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo ' - Apache Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo ' - Apache Web Server (as backend)' +fi +if [ "$phpfpm" = 'yes' ]; then + echo ' - PHP-FPM Application Server' fi -if [ "$memory" -gt '3000000' ]; then - srv_type='medium' +# DNS stack +if [ "$named" = 'yes' ]; then + echo ' - Bind DNS Server' fi -if [ "$memory" -gt '7000000' ]; then - srv_type='large' -fi - -# Are you sure ? -if [ -z $email ]; then - clear - echo - echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' - echo ' _| _| _| _| _| _| _| ' - echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' - echo ' _| _| _| _| _| _| _| ' - echo ' _| _|_|_|_| _|_|_| _| _| _| ' - echo - echo ' Vesta Control Panel' - echo - echo - echo 'Following software will be installed on your system:' - echo ' - Nginx frontend web server' - echo ' - Apache application web server' - echo ' - Bind DNS server' - echo ' - Exim mail server' - echo ' - Dovecot IMAP and POP3 server' - if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - echo ' - Clam mail antivirus' - echo ' - SpamAssassin antispam' +# Mail Stack +if [ "$exim" = 'yes' ]; then + echo -n ' - Exim mail server' + if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then + echo -n ' + ' + if [ "$clamd" = 'yes' ]; then + echo -n 'Antivirus ' + fi + if [ "$spamd" = 'yes' ]; then + echo -n 'Antispam' + fi fi - echo ' - MySQL database server' - echo ' - Vsftpd FTP server' - echo - echo ' * SELinux and Iptables will be disabled' - echo + echo + if [ "$dovecot" = 'yes' ]; then + echo ' - Dovecot POP3/IMAP Server' + fi +fi - read -p 'Do you want to proceed? [y/n]): ' answer +# DB stack +if [ "$mysql" = 'yes' ]; then + if [ $release = 7 ]; then + echo ' - MariaDB Database Server' + else + echo ' - MySQL Database Server' + fi +fi +if [ "$postgresql" = 'yes' ]; then + echo ' - PostgreSQL Database Server' +fi +if [ "$mongodb" = 'yes' ]; then + echo ' - MongoDB Database Server' +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo ' - Vsftpd FTP Server' +fi +if [ "$proftpd" = 'yes' ]; then + echo ' - ProFTPD FTP Server' +fi + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo -n ' - Iptables Firewall' +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo -n ' + Fail2Ban' +fi +echo -e "\n\n" + +# Asking for confirmation to proceed +if [ "$interactive" = 'yes' ]; then + read -p 'Would you like to continue [y/n]: ' answer if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then echo 'Goodbye' exit 1 fi - # Define email - read -p 'Please enter valid email address: ' email + # Asking for contact email + if [ -z "$email" ]; then + read -p 'Please enter admin email address: ' email + fi - # Define server hostname + # Asking to set FQDN hostname if [ -z "$servername" ]; then - read -p "Please enter hostname [$(hostname)]: " servername + read -p "Please enter FQDN hostname [$(hostname)]: " servername fi fi -# Validate email -local_part=$(echo $email | cut -s -f1 -d\@) -remote_host=$(echo $email | cut -s -f2 -d\@) -mx_failed=1 -if [ ! -z "$remote_host" ] && [ ! -z "$local_part" ]; then - /usr/bin/host -t mx "$remote_host" > /dev/null 2>&1 - mx_failed="$?" +# Generating admin password if it wasn't set +if [ -z "$vpass" ]; then + vpass=$(gen_pass) fi -if [ "$mx_failed" -eq 1 ]; then - echo "Error: email $email is not valid" - exit 1 +# Set hostname if it wasn't set +if [ -z "$servername" ]; then + servername=$(hostname -f) fi -# Check for ipv6 on loopback interface -check_lo_ipv6=$(/sbin/ifconfig lo| grep 'inet6 addr') +# Set email if it wasn't set +if [ -z "$email" ]; then + email="admin@$servername" +fi + +# Defining backup directory +vst_backups="/root/vst_install_backups/$(date +%s)" +echo "Installation backup directory: $vst_backups" + +# Printing start message and sleeping for 5 seconds +echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" +sleep 5 + + +#----------------------------------------------------------# +# Checking swap # +#----------------------------------------------------------# + +# Checking swap on small instances +if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then + fallocate -l 1G /swapfile + chmod 600 /swapfile + mkswap /swapfile + swapon /swapfile + echo "/swapfile none swap sw 0 0" >> /etc/fstab +fi + + +#----------------------------------------------------------# +# Install repositories # +#----------------------------------------------------------# + +# Updating system packages +yum -y update +check_result $? 'yum update failed' + +# Installing EPEL repository +rpm -Uvh --force $vestacp/epel-release.rpm +check_result $? "Can't install EPEL repository" + +# Installing Remi repository +if [ "$remi" = 'yes' ]; then + rpm -Uvh --force $vestacp/remi-release.rpm + check_result $? "Can't install REMI repository" +fi + +# Installing Nginx repository +nrepo="/etc/yum.repos.d/nginx.repo" +echo "[nginx]" > $nrepo +echo "name=nginx repo" >> $nrepo +echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" >> $nrepo +echo "gpgcheck=0" >> $nrepo +echo "enabled=1" >> $nrepo + +# Installing Vesta repository +vrepo='/etc/yum.repos.d/vesta.repo' +echo "[vesta]" > $vrepo +echo "name=Vesta - $REPO" >> $vrepo +echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo +echo "enabled=1" >> $vrepo +echo "gpgcheck=1" >> $vrepo +echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo +wget $vestacp/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA + + +#----------------------------------------------------------# +# Backup # +#----------------------------------------------------------# + +# Creating backup directory tree +mkdir -p $vst_backups +cd $vst_backups +mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ + spamassassin mysql postgresql mongodb vesta + +# Backing up Nginx configuration +service nginx stop > /dev/null 2>&1 +cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 + +# Backing up Apache configuration +service httpd stop > /dev/null 2>&1 +cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 + +# Backing up PHP configuration +service php-fpm stop >/dev/null 2>&1 +cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 +cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 +cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 +mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 + +# Backing up Bind configuration +service named stop > /dev/null 2>&1 +cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 + +# Backing up Vsftpd configuration +service vsftpd stop > /dev/null 2>&1 +cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 + +# Backing up ProFTPD configuration +service proftpd stop > /dev/null 2>&1 +cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 + +# Backing up Exim configuration +service exim stop > /dev/null 2>&1 +cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 + +# Backing up ClamAV configuration +service clamd stop > /dev/null 2>&1 +cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 +cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 + +# Backing up SpamAssassin configuration +service spamassassin stop > /dev/null 2>&1 +cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 + +# Backing up Dovecot configuration +service dovecot stop > /dev/null 2>&1 +cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 +cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 + +# Backing up MySQL/MariaDB configuration and data +service mysql stop > /dev/null 2>&1 +service mysqld stop > /dev/null 2>&1 +service mariadb stop > /dev/null 2>&1 +mv /var/lib/mysql $vst_backups/mysql/mysql_datadir >/dev/null 2>&1 +cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 +cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 +mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 + +# Backing up MySQL/MariaDB configuration and data +service postgresql stop > /dev/null 2>&1 +mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 + +# Backing up Vesta configuration and data +service vesta stop > /dev/null 2>&1 +mv /usr/local/vesta/data/* $vst_backups/vesta > /dev/null 2>&1 +mv /usr/local/vesta/conf/* $vst_backups/vesta > /dev/null 2>&1 + + +#----------------------------------------------------------# +# Package Exludes # +#----------------------------------------------------------# + +# Excluding packages +if [ "$nginx" = 'no' ]; then + software=$(echo "$software" | sed -e "s/^nginx//") +fi +if [ "$apache" = 'no' ]; then + software=$(echo "$software" | sed -e "s/httpd//") + software=$(echo "$software" | sed -e "s/mod_ssl//") + software=$(echo "$software" | sed -e "s/mod_fcgid//") + software=$(echo "$software" | sed -e "s/mod_ruid2//") +fi +if [ "$phpfpm" = 'no' ]; then + software=$(echo "$software" | sed -e "s/php-fpm//") +fi +if [ "$vsftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/vsftpd//") +fi +if [ "$proftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/proftpd//") +fi +if [ "$named" = 'no' ]; then + software=$(echo "$software" | sed -e "s/bind //") +fi +if [ "$exim" = 'no' ]; then + software=$(echo "$software" | sed -e "s/exim//") + software=$(echo "$software" | sed -e "s/dovecot//") + software=$(echo "$software" | sed -e "s/clamd//") + software=$(echo "$software" | sed -e "s/clamav-server//") + software=$(echo "$software" | sed -e "s/clamav-update//") + software=$(echo "$software" | sed -e "s/spamassassin//") + software=$(echo "$software" | sed -e "s/dovecot//") + software=$(echo "$software" | sed -e "s/roundcubemail//") +fi +if [ "$clamd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/clamd//") + software=$(echo "$software" | sed -e "s/clamav-server//") + software=$(echo "$software" | sed -e "s/clamav-update//") +fi +if [ "$spamd" = 'no' ]; then + software=$(echo "$software" | sed -e 's/spamassassin//') +fi +if [ "$dovecot" = 'no' ]; then + software=$(echo "$software" | sed -e "s/dovecot//") +fi +if [ "$mysql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/mysql //') + software=$(echo "$software" | sed -e 's/mysql-server//') + software=$(echo "$software" | sed -e 's/mariadb //') + software=$(echo "$software" | sed -e 's/mariadb-server//') + software=$(echo "$software" | sed -e 's/php-mysql//') + software=$(echo "$software" | sed -e 's/phpMyAdmin//') + software=$(echo "$software" | sed -e 's/roundcubemail//') +fi +if [ "$postgresql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/postgresql //') + software=$(echo "$software" | sed -e 's/postgresql-server//') + software=$(echo "$software" | sed -e 's/postgresql-contrib//') + software=$(echo "$software" | sed -e 's/php-pgsql//') + software=$(echo "$software" | sed -e 's/phpPgAdmin//') +fi +if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then + software=$(echo "$software" | sed -e 's/fail2ban//') +fi + + +#----------------------------------------------------------# +# Install packages # +#----------------------------------------------------------# + +# Installing rpm packages +if [ -z "$disable_remi" ]; then + yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta,remi" \ + install $software +else + yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta" \ + install $software +fi +check_result $? "yum install failed" + + +#----------------------------------------------------------# +# Configure system # +#----------------------------------------------------------# + +# Restarting rsyslog +service rsyslog restart > /dev/null 2>&1 + +# Checking ipv6 on loopback interface +check_lo_ipv6=$(/sbin/ip addr | grep 'inet6') check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local) if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then ip addr add ::2/128 scope global dev lo @@ -265,621 +619,601 @@ if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then chmod a+x /etc/rc.local fi - -#----------------------------------------------------------# -# Install repository # -#----------------------------------------------------------# -# Let's start -echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" -sleep 5 - -# Update system -if [ -z "$noupdate" ]; then - yum -y update - if [ $? -ne 0 ]; then - echo 'Error: yum update failed' - exit 1 - fi -fi - -# Install EPEL repo -if [ ! -e '/etc/yum.repos.d/epel.repo' ]; then - if [ "$release" -eq '5' ]; then - epel="5/$arch/epel-release-5-4.noarch.rpm" - fi - - if [ "$release" -eq '6' ]; then - epel="6/$arch/epel-release-6-8.noarch.rpm" - fi - - rpm -ivh http://dl.fedoraproject.org/pub/epel/$epel - if [ $? -ne 0 ]; then - echo "Error: can't install EPEL repository" - exit 1 - fi -fi - -# Install remi repo -if [ ! -e '/etc/yum.repos.d/remi.repo' ]; then - if [ "$release" -eq '5' ]; then - remi="remi-release-5.rpm" - fi - - if [ "$release" -eq '6' ]; then - remi="remi-release-6.rpm" - fi - - rpm -ivh http://rpms.famillecollet.com/enterprise/$remi - if [ $? -ne 0 ]; then - echo "Error: can't install remi repository" - exit 1 - fi -fi - -# Install nginx repo -if [ ! -e '/etc/yum.repos.d/nginx.repo' ]; then - echo "[nginx]" > /etc/yum.repos.d/nginx.repo - echo "name=nginx repo" >> /etc/yum.repos.d/nginx.repo - echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" \ - >> /etc/yum.repos.d/nginx.repo - echo "gpgcheck=0" >> /etc/yum.repos.d/nginx.repo - echo "enabled=1" >> /etc/yum.repos.d/nginx.repo -fi - -# Install vesta repo -echo "[vesta]" > $YUM_REPO -echo "name=Vesta - $REPO" >> $YUM_REPO -echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $YUM_REPO -echo "enabled=1" >> $YUM_REPO -echo "gpgcheck=1" >> $YUM_REPO -echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $YUM_REPO -wget $CHOST/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA - - -#----------------------------------------------------------# -# Backups # -#----------------------------------------------------------# - -# Prepare backup tree -vst_backups="/root/vst_install_backups/$(date +%s)" -mkdir -p $vst_backups/nginx -mkdir -p $vst_backups/httpd -mkdir -p $vst_backups/mysql -mkdir -p $vst_backups/exim -mkdir -p $vst_backups/dovecot -mkdir -p $vst_backups/clamd -mkdir -p $vst_backups/spamassassin -mkdir -p $vst_backups/vsftpd -mkdir -p $vst_backups/named -mkdir -p $vst_backups/vesta/admin -mkdir -p $vst_backups/home - -# Backup sudoers -if [ -e '/etc/sudoers' ]; then - cp /etc/sudoers $vst_backups/ -fi - -# Backup nginx -service nginx stop > /dev/null 2>&1 -if [ -e '/etc/nginx/nginx.conf' ]; then - cp -r /etc/nginx/* $vst_backups/nginx/ -fi - -# Backup httpd -service httpd stop > /dev/null 2>&1 -if [ -e '/etc/httpd/conf/httpd.conf' ]; then - cp -r /etc/httpd/* $vst_backups/httpd/ -fi - -# Backup bind -service named stop > /dev/null 2>&1 -if [ -e '/etc/named.conf' ]; then - cp /etc/named.conf $vst_backups/named/ -fi - -# Backup vsftpd -service vsftpd stop > /dev/null 2>&1 -if [ -e '/etc/vsftpd/vsftpd.conf' ]; then - cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd/ -fi - -# Backup exim -service exim stop > /dev/null 2>&1 -if [ -e '/etc/exim/exim.conf' ]; then - cp -r /etc/exim/* $vst_backups/exim/ -fi - -# Backup clamav -service clamd stop > /dev/null 2>&1 -if [ -e '/etc/clamd.conf' ]; then - cp /etc/clamd.conf $vst_backups/clamd/ -fi - -# Backup SpamAssassin -service spamassassin stop > /dev/null 2>&1 -if [ -e '/etc/mail/spamassassin' ]; then - cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin/ -fi - -# Backup dovecot -service dovecot stop > /dev/null 2>&1 -if [ -e '/etc/dovecot.conf' ]; then - cp /etc/dovecot.conf $vst_backups/dovecot/ -fi -if [ -e '/etc/dovecot' ]; then - cp -r /etc/dovecot/* $vst_backups/dovecot/ -fi - -# Backup MySQL stuff -service mysqld stop > /dev/null 2>&1 -if [ -e '/var/lib/mysql' ]; then - mv /var/lib/mysql $vst_backups/mysql/mysql_datadir -fi -if [ -e '/etc/my.cnf' ]; then - cp /etc/my.cnf $vst_backups/mysql/ -fi -if [ -e '/root/.my.cnf' ]; then - mv /root/.my.cnf $vst_backups/mysql/ -fi - -# Backup vesta -service vesta stop > /dev/null 2>&1 -if [ -e '/usr/local/vesta/data' ]; then - mv /usr/local/vesta/data $vst_backups/vesta/ -fi - -if [ -e '/usr/local/vesta/conf' ]; then - mv /usr/local/vesta/conf $vst_backups/vesta/ -fi - -if [ -e '/home/admin/conf/' ]; then - mv /home/admin/conf/ $vst_backups/vesta/admin -fi - - -#----------------------------------------------------------# -# Install packages # -#----------------------------------------------------------# - -# Exclude heavy packages -if [ "$srv_type" = 'micro' ]; then - software=$(echo "$software" | sed -e 's/mod_fcgid//') - software=$(echo "$software" | sed -e 's/clamd//') - software=$(echo "$software" | sed -e 's/spamassassin//') -fi - -if [ "$srv_type" = 'small' ]; then - software=$(echo "$software" | sed -e 's/clamd//') - software=$(echo "$software" | sed -e 's/spamassassin//') -fi - -# Exclude fail2ban -if [ "$disable_fail2ban" = 'yes' ]; then - software=$(echo "$software" | sed -e 's/fail2ban//') -fi - -# Install Vesta packages -if [ -z "$disable_remi" ]; then - yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta,remi" \ - install $software -else - yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta" \ - install $software -fi -if [ $? -ne 0 ]; then - echo 'Error: yum install failed' - exit 1 -fi - - -#----------------------------------------------------------# -# Configure system # -#----------------------------------------------------------# - -# Set writable permission on tmp directory -chmod 777 /tmp - # Disabling SELinux if [ -e '/etc/sysconfig/selinux' ]; then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux - setenforce 0 -fi -if [ -e '/etc/selinux/config' ]; then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config - setenforce 0 + setenforce 0 2>/dev/null fi -# Vesta configuration +# Disable iptables +service iptables stop + +# Configuring NTP synchronization +echo '#!/bin/sh' > /etc/cron.daily/ntpdate +echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate +chmod 775 /etc/cron.daily/ntpdate +ntpdate -s pool.ntp.org + +# Disabling webalizer routine +rm -f /etc/cron.daily/00webalizer + +# Adding backup user +adduser backup 2>/dev/null +ln -sf /home/backup /backup +chmod a+x /backup + +# Chaning default directory color +echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile + +# Changing default systemd interval +if [ "$release" -eq '7' ]; then + # Hi Lennart + echo "DefaultStartLimitInterval=1s" >> /etc/systemd/system.conf + echo "DefaultStartLimitBurst=60" >> /etc/systemd/system.conf + systemctl daemon-reexec +fi + + +#----------------------------------------------------------# +# Configure VESTA # +#----------------------------------------------------------# + +# Downlading sudo configuration +mkdir -p /etc/sudoers.d +wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +chmod 440 /etc/sudoers.d/admin + +# Configuring system env echo "export VESTA='/usr/local/vesta'" > /etc/profile.d/vesta.sh chmod 755 /etc/profile.d/vesta.sh source /etc/profile.d/vesta.sh echo 'PATH=$PATH:/usr/local/vesta/bin' >> /root/.bash_profile echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile -wget $CHOST/$VERSION/vesta.log -O /etc/logrotate.d/vesta -# Directory tree -mkdir -p $VESTA/conf -mkdir -p $VESTA/log -mkdir -p $VESTA/ssl -mkdir -p $VESTA/data -mkdir -p $VESTA/data/ips -mkdir -p $VESTA/data/queue -mkdir -p $VESTA/data/users -mkdir -p $VESTA/data/firewall -touch $VESTA/data/queue/backup.pipe -touch $VESTA/data/queue/disk.pipe -touch $VESTA/data/queue/webstats.pipe -touch $VESTA/data/queue/restart.pipe -touch $VESTA/data/queue/traffic.pipe -chmod 750 $VESTA/conf -chmod 750 $VESTA/data/users -chmod 750 $VESTA/data/ips +# Configuring logrotate for vesta logs +wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta + +# Buidling directory tree and creating some blank files for vesta +mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ + $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall +touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ + $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ + $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ + $VESTA/log/nginx-error.log $VESTA/log/auth.log +chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log chmod -R 750 $VESTA/data/queue -ln -s /usr/local/vesta/log /var/log/vesta -touch /var/log/vesta/system.log -touch /var/log/vesta/nginx-error.log -touch /var/log/vesta/auth.log chmod 660 /var/log/vesta/* -adduser backup -ln -s /home/backup /backup -chmod a+x /backup +rm -f /var/log/vesta +ln -s /usr/local/vesta/log /var/log/vesta -# vesta.conf -wget $CHOST/$VERSION/vesta.conf -O $VESTA/conf/vesta.conf -if [ "$srv_type" = 'micro' ] || [ "$srv_type" = 'small' ]; then - sed -i "s/clamav//g" $VESTA/conf/vesta.conf - sed -i "s/spamassassin//g" $VESTA/conf/vesta.conf +# Generating vesta configuration +rm -f $VESTA/conf/vesta.conf 2>/dev/null +touch $VESTA/conf/vesta.conf +chmod 660 $VESTA/conf/vesta.conf + +# WEB stack +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf + echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then + echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf + if [ "$phpfpm" = 'yes' ]; then + echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf + fi + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi -# Set server hostname -if [ -z "$servername" ]; then - servername=$(hostname) +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf +fi +if [ "$proftpd" = 'yes' ]; then + echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf fi -/usr/local/vesta/bin/v-change-sys-hostname $servername 2>/dev/null -# Templates -cd /usr/local/vesta/data -wget $CHOST/$VERSION/packages.tar.gz -O packages.tar.gz +# DNS stack +if [ "$named" = 'yes' ]; then + echo "DNS_SYSTEM='named'" >> $VESTA/conf/vesta.conf +fi + +# Mail stack +if [ "$exim" = 'yes' ]; then + echo "MAIL_SYSTEM='exim'" >> $VESTA/conf/vesta.conf + if [ "$clamd" = 'yes' ]; then + echo "ANTIVIRUS_SYSTEM='clamav'" >> $VESTA/conf/vesta.conf + fi + if [ "$spamd" = 'yes' ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + fi + if [ "$dovecot" = 'yes' ]; then + echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf + fi +fi + +# CRON daemon +echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf +fi + +# Disk quota +if [ "$quota" = 'yes' ]; then + echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf +fi + +# Backups +echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf + +# Language +echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf + +# Version +echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf + +# Downloading hosting packages +cd $VESTA/data +wget $vestacp/packages.tar.gz -O packages.tar.gz tar -xzf packages.tar.gz rm -f packages.tar.gz -cd /usr/local/vesta/data -wget $CHOST/$VERSION/templates.tar.gz -O templates.tar.gz + +# Downloading templates +wget $vestacp/templates.tar.gz -O templates.tar.gz tar -xzf templates.tar.gz rm -f templates.tar.gz -chmod -R 755 /usr/local/vesta/data/templates + +# Copying index.html to default documentroot cp templates/web/skel/public_html/index.html /var/www/html/ sed -i 's/%domain%/It worked!/g' /var/www/html/index.html -if [ "$srv_type" = 'micro' ]; then - rm -f /usr/local/vesta/data/templates/web/httpd/phpfcgid.* -fi + +# Downloading firewall rules +wget $vestacp/firewall.tar.gz -O firewall.tar.gz +tar -xzf firewall.tar.gz +rm -f firewall.tar.gz + +# Configuring server hostname +$VESTA/bin/v-change-sys-hostname $servername 2>/dev/null # Generating SSL certificate $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem -# Parsing merged certificate file +# Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) # Adding SSL certificate -cd /usr/local/vesta/ssl +cd $VESTA/ssl sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key -chown root:mail /usr/local/vesta/ssl/* -chmod 660 /usr/local/vesta/ssl/* +chown root:mail $VESTA/ssl/* +chmod 660 $VESTA/ssl/* rm /tmp/vst.pem -# Disabling webalizer routine -rm -f /etc/cron.daily/00webalizer -# Set directory color -echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile +#----------------------------------------------------------# +# Configure Nginx # +#----------------------------------------------------------# -# Sudo configuration -wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers -wget $CHOST/$VERSION/sudoers.admin.conf -O /etc/sudoers.d/admin -chmod 440 /etc/sudoers -chmod 440 /etc/sudoers.d/admin - -# NTP Synchronization -echo '#!/bin/sh' > /etc/cron.daily/ntpdate -echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate -chmod 775 /etc/cron.daily/ntpdate -ntpdate -s pool.ntp.org - -# Setup rssh -if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then - echo /usr/bin/rssh >> /etc/shells -fi -sed -i 's/#allowscp/allowscp/' /etc/rssh.conf -sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf -sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf -chmod 755 /usr/bin/rssh - -# Nginx configuration -rm -f /etc/nginx/conf.d/*.conf -wget $CHOST/$VERSION/nginx.conf -O /etc/nginx/nginx.conf -wget $CHOST/$VERSION/nginx-status.conf -O /etc/nginx/conf.d/status.conf -touch /etc/nginx/conf.d/vesta.conf -chkconfig nginx on -service nginx start -if [ "$?" -ne 0 ]; then - echo "Error: nginx start failed" - exit 1 +if [ "$nginx" = 'yes' ]; then + rm -f /etc/nginx/conf.d/*.conf + wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf + wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf + wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc + wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc + wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc + wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + echo > /etc/nginx/conf.d/vesta.conf + mkdir -p /var/log/nginx/domains + chkconfig nginx on + service nginx start + check_result $? "nginx start failed" fi -# Apache configuration -wget $CHOST/$VERSION/httpd.conf -O /etc/httpd/conf/httpd.conf -wget $CHOST/$VERSION/httpd-status.conf -O /etc/httpd/conf.d/status.conf -wget $CHOST/$VERSION/httpd-ssl.conf -O /etc/httpd/conf.d/ssl.conf -wget $CHOST/$VERSION/httpd.log -O /etc/logrotate.d/httpd -echo "MEFaccept 127.0.0.1" >> /etc/httpd/conf.d/mod_extract_forwarded.conf -rm -f /etc/httpd/conf.d/proxy_ajp.conf -echo > /etc/httpd/conf.d/proxy_ajp.conf -rm -f /etc/httpd/conf.d/vesta.conf -echo > /etc/httpd/conf.d/vesta.conf -touch /var/log/httpd/access_log -touch /var/log/httpd/error_log -touch /var/log/httpd/suexec.log -mkdir -p /var/log/httpd/domains -chmod a+x /var/log/httpd -chmod 640 /var/log/httpd/access_log -chmod 640 /var/log/httpd/error_log -chmod 640 /var/log/httpd/suexec.log -chmod 751 /var/log/httpd/domains -chkconfig httpd on -service httpd start -if [ "$?" -ne 0 ]; then - echo "Error: httpd start failed" - exit 1 + +#----------------------------------------------------------# +# Configure Apache # +#----------------------------------------------------------# + +if [ "$apache" = 'yes' ]; then + cd /etc/httpd + wget $vestacp/httpd/httpd.conf -O conf/httpd.conf + wget $vestacp/httpd/status.conf -O conf.d/status.conf + wget $vestacp/httpd/ssl.conf -O conf.d/ssl.conf + wget $vestacp/httpd/ruid2.conf -O conf.d/ruid2.conf + wget $vestacp/logrotate/httpd -O /etc/logrotate.d/httpd + if [ $release -ne 7 ]; then + echo "MEFaccept 127.0.0.1" >> conf.d/mod_extract_forwarded.conf + echo > conf.d/proxy_ajp.conf + fi + if [ -e "conf.modules.d/00-dav.conf" ]; then + sed -i "s/^/#/" conf.modules.d/00-dav.conf conf.modules.d/00-lua.conf + sed -i "s/^/#/" conf.modules.d/00-proxy.conf + fi + echo > conf.d/vesta.conf + touch logs/access_log logs/error_log logs/error_log logs/suexec.log + chmod 640 logs/access_log logs/error_log logs/error_log logs/suexec.log + chmod -f 777 /var/lib/php/session + chmod a+x /var/log/httpd + mkdir -p /var/log/httpd/domains + chmod 751 /var/log/httpd/domains + chkconfig httpd on + service httpd start + check_result $? "httpd start failed" fi -# Vsftpd configuration -wget $CHOST/$VERSION/vsftpd.conf -O /etc/vsftpd/vsftpd.conf -chkconfig vsftpd on -service vsftpd start -if [ "$?" -ne 0 ]; then - echo "Error: vsftpd start failed" - exit 1 + +#----------------------------------------------------------# +# Configure PHP-FPM # +#----------------------------------------------------------# + +if [ "$phpfpm" = 'yes' ]; then + wget $vestacp/php-fpm/www.conf -O /etc/php-fpm.d/www.conf + chkconfig nginx on + service php-fpm start + check_result $? "php-fpm start failed" fi -# MySQL configuration -if [ "$srv_type" = 'micro' ]; then - wget $CHOST/$VERSION/mysql-512.cnf -O /etc/my.cnf -else - wget $CHOST/$VERSION/mysql.cnf -O /etc/my.cnf + +#----------------------------------------------------------# +# Configure PHP # +#----------------------------------------------------------# + +ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') +if [ -e '/etc/sysconfig/clock' ]; then + source /etc/sysconfig/clock fi -chkconfig mysqld on -service mysqld start -if [ "$?" -ne 0 ]; then - # Fix for aio on OpenVZ - if [ -e "/proc/user_beancounters" ]; then - sed -i "s/#innodb_use_native_aio/innodb_use_native_aio/g" /etc/my.cnf +if [ -z "$ZONE" ]; then + ZONE='UTC' +fi +sed -i 's%short_open_tag = Off%short_open_tag = On%g' /etc/php.ini +sed -i "s%;date.timezone =%date.timezone = $ZONE%g" /etc/php.ini + + +#----------------------------------------------------------# +# Configure VSFTPD # +#----------------------------------------------------------# + +if [ "$vsftpd" = 'yes' ]; then + wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd/vsftpd.conf + chkconfig vsftpd on + service vsftpd start + check_result $? "vsftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure ProFTPD # +#----------------------------------------------------------# + +if [ "$proftpd" = 'yes' ]; then + wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd.conf + chkconfig proftpd on + service proftpd start + check_result $? "proftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure MySQL/MariaDB # +#----------------------------------------------------------# + +if [ "$mysql" = 'yes' ]; then + + mycnf="my-small.cnf" + if [ $memory -gt 1200000 ]; then + mycnf="my-medium.cnf" + fi + if [ $memory -gt 3900000 ]; then + mycnf="my-large.cnf" fi - service mysqld start + mkdir -p /var/lib/mysql + chown mysql:mysql /var/lib/mysql + + if [ $release -ne 7 ]; then + service='mysqld' + else + service='mariadb' + fi + + wget $vestacp/$service/$mycnf -O /etc/my.cnf + chkconfig $service on + service $service start if [ "$?" -ne 0 ]; then - echo "Error: mysqld start failed" - exit 1 + if [ -e "/proc/user_beancounters" ]; then + # Fix for aio on OpenVZ + sed -i "s/#innodb_use_native/innodb_use_native/g" /etc/my.cnf + fi + service $service start + check_result $? "$service start failed" fi + + # Securing MySQL installation + mysqladmin -u root password $vpass + echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysql -e "DELETE FROM mysql.user WHERE User=''" + mysql -e "DROP DATABASE test" >/dev/null 2>&1 + mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" + mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "FLUSH PRIVILEGES" + + # Configuring phpMyAdmin + if [ "$apache" = 'yes' ]; then + wget $vestacp/pma/phpMyAdmin.conf -O /etc/httpd/conf.d/phpMyAdmin.conf + fi + wget $vestacp/pma/config.inc.conf -O /etc/phpMyAdmin/config.inc.php + sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php fi -# Generating MySQL password if it wasn't set -if [ -z "$mpass" ]; then - mpass=$(gen_pass) + +#----------------------------------------------------------# +# Configure PostgreSQL # +#----------------------------------------------------------# + +if [ "$postgresql" = 'yes' ]; then + if [ $release = 5 ]; then + service postgresql start + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + service postgresql stop + wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf + service postgresql start + else + service postgresql initdb + wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf + service postgresql start + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + fi + # Configuring phpPgAdmin + if [ "$apache" = 'yes' ]; then + wget $vestacp/pga/phpPgAdmin.conf -O /etc/httpd/conf.d/phpPgAdmin.conf + fi + wget $vestacp/pga/config.inc.php -O /etc/phpPgAdmin/config.inc.php fi -mysqladmin -u root password $mpass -echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf -chmod 600 /root/.my.cnf -mysql -e "DELETE FROM mysql.user WHERE User=''" -mysql -e "DROP DATABASE test" -mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" -mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" -mysql -e "FLUSH PRIVILEGES" -# Bind configuration -wget $CHOST/$VERSION/named.conf -O /etc/named.conf -chown root:named /etc/named.conf -chmod 640 /etc/named.conf -chkconfig named on -service named start -if [ "$?" -ne 0 ]; then - echo "Error: named start failed" - exit 1 +#----------------------------------------------------------# +# Configure Bind # +#----------------------------------------------------------# + +if [ "$named" = 'yes' ]; then + wget $vestacp/named/named.conf -O /etc/named.conf + chown root:named /etc/named.conf + chmod 640 /etc/named.conf + chkconfig named on + service named start + check_result $? "named start failed" fi -# Exim -wget $CHOST/$VERSION/exim.conf -O /etc/exim/exim.conf -if [ "$srv_type" != 'micro' ] && [ "$srv_type" != 'small' ]; then - sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf - sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf -fi -wget $CHOST/$VERSION/dnsbl.conf -O /etc/exim/dnsbl.conf -wget $CHOST/$VERSION/spam-blocks.conf -O /etc/exim/spam-blocks.conf -touch /etc/exim/white-blocks.conf -rm -rf /etc/exim/domains -mkdir -p /etc/exim/domains -chmod 640 /etc/exim/exim.conf -gpasswd -a exim mail -if [ -e /etc/init.d/sendmail ]; then - chkconfig sendmail off - service sendmail stop -fi -if [ -e /etc/init.d/postfix ]; then - chkconfig postfix off - service postfix stop -fi -rm -f /etc/alternatives/mta -ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta -chkconfig exim on -service exim start -if [ "$?" -ne 0 ]; then - echo "Error: exim start failed" - exit 1 + +#----------------------------------------------------------# +# Configure Exim # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ]; then + gpasswd -a exim mail + wget $vestacp/exim/exim.conf -O /etc/exim/exim.conf + wget $vestacp/exim/dnsbl.conf -O /etc/exim/dnsbl.conf + wget $vestacp/exim/spam-blocks.conf -O /etc/exim/spam-blocks.conf + touch /etc/exim/white-blocks.conf + + if [ "$spamd" = 'yes' ]; then + sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf + fi + if [ "$clamd" = 'yes' ]; then + sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf + fi + + chmod 640 /etc/exim/exim.conf + rm -rf /etc/exim/domains + mkdir -p /etc/exim/domains + + rm -f /etc/alternatives/mta + ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta + chkconfig sendmail off 2>/dev/null + service sendmail stop 2>/dev/null + chkconfig postfix off 2>/dev/null + service postfix stop 2>/dev/null + + chkconfig exim on + service exim start + check_result $? "exim start failed" fi -# Dovecot configuration -if [ "$release" -eq '5' ]; then - wget $CHOST/$VERSION/dovecot.conf -O /etc/dovecot.conf -else - wget $CHOST/$VERSION/$release/dovecot.tar.gz -O /etc/dovecot.tar.gz + +#----------------------------------------------------------# +# Configure Dovecot # +#----------------------------------------------------------# + +if [ "$dovecot" = 'yes' ]; then + gpasswd -a dovecot mail + wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz cd /etc - if [ -d /etc/dovecot ]; then - rm -rf /etc/dovecot - fi - if [ -f /etc/dovecot.conf ]; then - rm /etc/dovecot.conf - fi + rm -rf dovecot dovecot.conf tar -xzf dovecot.tar.gz rm -f dovecot.tar.gz - if [ -d /etc/dovecot ]; then - chown -R root:root /etc/dovecot - fi -fi -gpasswd -a dovecot mail -chkconfig dovecot on -service dovecot start -if [ "$?" -ne 0 ]; then - echo "Error: dovecot start failed" - exit 1 + chown -R root:root /etc/dovecot* + chkconfig dovecot on + service dovecot start + check_result $? "dovecot start failed" fi -# ClamAV configuration -if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - wget $CHOST/$VERSION/clamd.conf -O /etc/clamd.conf - wget $CHOST/$VERSION/freshclam.conf -O /etc/freshclam.conf + +#----------------------------------------------------------# +# Configure ClamAV # +#----------------------------------------------------------# + +if [ "$clamd" = 'yes' ]; then + useradd clam -s /sbin/nologin -d /var/lib/clamav 2>/dev/null gpasswd -a clam exim gpasswd -a clam mail + wget $vestacp/clamav/clamd.conf -O /etc/clamd.conf + wget $vestacp/clamav/freshclam.conf -O /etc/freshclam.conf + mkdir -p /var/log/clamav + mkdir -p /var/run/clamav + chown clam:clam /var/log/clamav + chown -R clam:clam /var/lib/clamav + if [ "$release" -eq '7' ]; then + wget $vestacp/clamav/clamd.service -O \ + /usr/lib/systemd/system/clamd.service + systemctl --system daemon-reload + fi /usr/bin/freshclam chkconfig clamd on service clamd start - if [ "$?" -ne 0 ]; then - echo "Error: clamd start failed" - exit 1 - fi + #check_result $? "clamd start failed" fi -# SpamAssassin configuration -if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then + +#----------------------------------------------------------# +# Configure SpamAssassin # +#----------------------------------------------------------# + +if [ "$spamd" = 'yes' ]; then chkconfig spamassassin on service spamassassin start - if [ "$?" -ne 0 ]; then - echo "Error: spamassassin start failed" - exit 1 + check_result $? "spamassassin start failed" +fi + + +#----------------------------------------------------------# +# Configure RoundCube # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then + if [ "$apache" = 'yes' ]; then + wget $vestacp/roundcube/roundcubemail.conf \ + -O /etc/httpd/conf.d/roundcubemail.conf + fi + wget $vestacp/roundcube/main.inc.php -O /etc/roundcubemail/config.inc.php + cd /usr/share/roundcubemail/plugins/password + wget $vestacp/roundcube/vesta.php -O drivers/vesta.php + wget $vestacp/roundcube/config.inc.php -O config.inc.php + chmod a+r /etc/roundcubemail/* + chmod -f 777 /var/log/roundcubemail + r="$(gen_pass)" + mysql -e "CREATE DATABASE roundcube" + mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" + sed -i "s/%password%/$r/g" /etc/roundcubemail/config.inc.php + if [ -e "/usr/share/roundcubemail/SQL/mysql.initial.sql" ]; then + mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql + else + mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql fi fi -# Fail2ban configuration -if [ -z "$disable_fail2ban" ]; then + +#----------------------------------------------------------# +# Configure Fail2Ban # +#----------------------------------------------------------# + +if [ "$fail2ban" = 'yes' ]; then cd /etc - wget $CHOST/$VERSION/fail2ban.tar.gz -O fail2ban.tar.gz + wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz tar -xzf fail2ban.tar.gz rm -f fail2ban.tar.gz + if [ "$dovecot" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) + fline=$(echo "$fline" |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + if [ "$exim" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) + fline=$(echo "$fline" |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi chkconfig fail2ban on service fail2ban start -else - sed -i "s/fail2ban//" $VESTA/conf/vestac.conf + check_result $? "fail2ban start failed" fi -# php configuration -sed -i 's/short_open_tag = Off/short_open_tag = On/g' /etc/php.ini -sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php.ini -# phpMyAdmin configuration -wget $CHOST/$VERSION/httpd-pma.conf -O /etc/httpd/conf.d/phpMyAdmin.conf -wget $CHOST/$VERSION/pma.conf -O /etc/phpMyAdmin/config.inc.php -sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php +#----------------------------------------------------------# +# Configure Admin User # +#----------------------------------------------------------# -# Roundcube configuration -wget $CHOST/$VERSION/httpd-webmail.conf -O /etc/httpd/conf.d/roundcubemail.conf -wget $CHOST/$VERSION/roundcube-main.conf -O /etc/roundcubemail/main.inc.php -wget $CHOST/$VERSION/roundcube-db.conf -O /etc/roundcubemail/db.inc.php -wget $CHOST/$VERSION/roundcube-driver.php -O \ - /usr/share/roundcubemail/plugins/password/drivers/vesta.php -wget $CHOST/$VERSION/roundcube-pw.conf -O \ - /usr/share/roundcubemail/plugins/password/config.inc.php -r="$(gen_pass)" -mysql -e "CREATE DATABASE roundcube" -mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" -sed -i "s/%password%/$r/g" /etc/roundcubemail/db.inc.php -if [ -e "/usr/share/roundcubemail/SQL/mysql.initial.sql" ]; then - mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql -else - mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql -fi - -# Adding admin user +# Deleting old admin user if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then chattr -i /home/admin/conf > /dev/null 2>&1 - userdel -f admin - chattr -i /home/admin/conf - mv -f /home/admin $vst_backups/home/ - rm -f /tmp/sess_* + userdel -f admin >/dev/null 2>&1 + chattr -i /home/admin/conf >/dev/null 2>&1 + mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 + rm -f /tmp/sess_* >/dev/null 2>&1 fi if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then groupdel admin > /dev/null 2>&1 fi -# Generating admin password if it wasn't set -if [ -z "$vpass" ]; then - vpass=$(gen_pass) -fi - # Adding vesta account $VESTA/bin/v-add-user admin $vpass $email default System Administrator -if [ $? -ne 0 ]; then - echo "Error: can't create admin user" - exit 1 -fi +check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash -$VESTA/bin/v-change-user-language admin en - -# Configuring mysql host -$VESTA/bin/v-add-database-host mysql localhost root $mpass -$VESTA/bin/v-add-database admin default default $(gen_pass) mysql +$VESTA/bin/v-change-user-language admin $lang # Configuring system ips $VESTA/bin/v-update-sys-ip -# Firewall configuration -wget $CHOST/$VERSION/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz -if [ "$disable_iptables" = 'yes' ]; then - sed -i "s/iptables//" $VESTA/conf/vesta.conf - chkconfig iptables off - service iptables stop -else - /usr/local/vesta/bin/v-update-firewall -fi - # Get main ip -main_ip=$(ifconfig |grep 'inet addr:' |grep -v 127.0.0.1 |head -n1 | \ - cut -f2 -d: | cut -f1 -d ' ') +ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) -# Get remote ip -vst_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) -if [ ! -z "$vst_ip" ] && [ "$vst_ip" != "$main_ip" ]; then - # Set NAT association - $VESTA/bin/v-change-sys-ip-nat $main_ip $vst_ip +# Get public ip +pub_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) +if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip fi -if [ -z "$vst_ip" ]; then - vst_ip=$main_ip +if [ -z "$pub_ip" ]; then + ip=$main_ip fi -# Add default web domain -$VESTA/bin/v-add-web-domain admin default.domain $vst_ip +# Firewall configuration +if [ "$iptables" = 'yes' ]; then + $VESTA/bin/v-update-firewall +fi -# Add default dns domain -$VESTA/bin/v-add-dns-domain admin default.domain $vst_ip +# Configuring mysql host +if [ "$mysql" = 'yes' ]; then + $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database admin default default $(gen_pass) mysql +fi -# Add default mail domain -$VESTA/bin/v-add-mail-domain admin default.domain +# Configuring pgsql host +if [ "$postgresql" = 'yes' ]; then + $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql +fi -# Configuring crond +# Adding default domain +$VESTA/bin/v-add-domain admin $servername +check_result $? "can't create $servername domain" + +# Adding cron jobs command='sudo /usr/local/vesta/bin/v-update-sys-queue disk' $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command='sudo /usr/local/vesta/bin/v-update-sys-queue traffic' @@ -894,34 +1228,42 @@ command='sudo /usr/local/vesta/bin/v-update-user-stats' $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command='sudo /usr/local/vesta/bin/v-update-sys-rrd' $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +service crond restart -# Build inititall rrd images +# Building inititall rrd images $VESTA/bin/v-update-sys-rrd -# Enable file system quota +# Enabling file system quota if [ "$quota" = 'yes' ]; then $VESTA/bin/v-add-sys-quota fi -# Start system service +# Starting vesta service chkconfig vesta on service vesta start -if [ "$?" -ne 0 ]; then - echo "Error: vesta start failed" - exit 1 +check_result $? "vesta start failed" + + +#----------------------------------------------------------# +# Vesta Access Info # +#----------------------------------------------------------# + +# Sending install notification to vestacp.com +wget vestacp.com/notify/?$codename -O /dev/null -q + +# Comparing hostname and ip +host_ip=$(host $servername| head -n 1 | awk '{print $NF}') +if [ "$host_ip" = "$ip" ]; then + ip="$servername" fi -# Send notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null - -# Send notification to admin email +# Sending notification to admin email echo -e "Congratulations, you have just successfully installed \ -the Vesta Control Panel +Vesta Control Panel -You can login in Vesta with following credentials: + https://$ip:8083 username: admin password: $vpass - https://$vst_ip:8083 We hope that you enjoy your installation of Vesta. Please \ feel free to contact us anytime if you have any questions. @@ -934,12 +1276,10 @@ vestacp.com team send_mail="$VESTA/web/inc/mail-wrapper.php" cat $tmpfile | $send_mail -s "Vesta Control Panel" $email -rm -f $tmpfile # Congrats echo '=======================================================' echo -echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' echo ' _| _| _| _| _| _| _| ' echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' @@ -947,16 +1287,7 @@ echo ' _| _| _| _| _| _| _| ' echo ' _| _|_|_|_| _|_|_| _| _| _| ' echo echo -echo '-------------------------------' -echo " https://$vst_ip:8083" -echo ' username: admin' -echo " password: $vpass" -echo '-------------------------------' -echo -echo -echo 'Congratulations,' -echo 'you have successfully installed Vesta Control Panel.' -echo -echo +cat $tmpfile +rm -f $tmpfile # EOF diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh old mode 100644 new mode 100755 index da443348d..5fb068861 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Vesta Ubuntu installer v.04 +# Vesta Ubuntu installer v.05 #----------------------------------------------------------# # Variables&Functions # @@ -10,31 +10,57 @@ export DEBIAN_FRONTEND=noninteractive RHOST='apt.vestacp.com' CHOST='c.vestacp.com' VERSION='0.9.8/ubuntu' -software="nginx apache2 apache2-utils apache2-suexec-custom bsdutils e2fsprogs - libapache2-mod-ruid2 libapache2-mod-rpaf libapache2-mod-fcgid bind9 idn - mysql-server mysql-common mysql-client php5-common php5-cgi php5-mysql - php5-curl libapache2-mod-php5 vsftpd mc exim4 exim4-daemon-heavy - clamav-daemon flex dovecot-imapd dovecot-pop3d phpMyAdmin awstats e2fslibs - webalizer jwhois rssh git spamassassin roundcube roundcube-mysql quota - roundcube-plugins apparmor-utils sudo bc ftp lsof ntpdate rrdtool - fail2ban dnsutils vesta vesta-nginx vesta-php" +memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) +arch=$(uname -i) +os='ubuntu' +release="$(lsb_release -r|awk '{print $2}')" +codename="$(lsb_release -c|awk '{print $2}')" +vestacp="http://$CHOST/$VERSION/$release" +software="nginx apache2 apache2-utils apache2.2-common + apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf + libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi + php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd + proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon + spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mysql-server mysql-common + mysql-client postgresql postgresql-contrib phppgadmin phpMyAdmin mc + flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils vesta vesta-nginx vesta-php" +# Defining help function help() { - echo "usage: $0 [OPTIONS] - -h, --help Print this help and exit - -f, --force Force installation - -i, --disable-iptables Disable iptables support - -b, --disable-fail2ban Disable fail2ban protection - -n, --noupdate Do not run apt-get upgrade command - -s, --hostname Set server hostname - -e, --email Set email address - -p, --password Set admin password instead of generating it - -m, --mysql-password Set MySQL password instead of generating it - -q, --quota Enable File System Quota" + echo "Usage: $0 [OPTIONS] + -a, --apache Install Apache [yes|no] default: yes + -n, --nginx Install Nginx [yes|no] default: yes + -w, --phpfpm Install PHP-FPM [yes|no] default: no + -v, --vsftpd Install Vsftpd [yes|no] default: yes + -j, --proftpd Install ProFTPD [yes|no] default: no + -k, --named Install Bind [yes|no] default: yes + -m, --mysql Install MySQL [yes|no] default: yes + -g, --postgresql Install PostgreSQL [yes|no] default: no + -d, --mongodb Install MongoDB [yes|no] unsupported + -x, --exim Install Exim [yes|no] default: yes + -z, --dovecot Install Dovecot [yes|no] default: yes + -c, --clamav Install ClamAV [yes|no] default: yes + -t, --spamassassin Install SpamAssassin [yes|no] default: yes + -i, --iptables Install Iptables [yes|no] default: yes + -b, --fail2ban Install Fail2ban [yes|no] default: yes + -q, --quota Filesystem Quota [yes|no] default: no + -l, --lang Default language default: en + -y, --interactive Interactive install [yes|no] default: yes + -s, --hostname Set hostname + -e, --email Set admin email + -p, --password Set admin password + -f, --force Force installation + -h, --help Print this help + + Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" exit 1 } -# Password generator + +# Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' LENGTH=10 @@ -45,109 +71,159 @@ gen_pass() { echo "$PASS" } +# Defning return code check function +check_result() { + if [ $1 -ne 0 ]; then + echo "Error: $2" + exit $1 + fi +} + +# Defining function to set default value +set_default_value() { + eval variable=\$$1 + if [ -z "$variable" ]; then + eval $1=$2 + fi + if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then + eval $1=$2 + fi +} #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# +# Creating temporary file +tmpfile=$(mktemp -p /tmp) + # Translating argument to --gnu-long-options for arg; do delim="" case "$arg" in - --help) args="${args}-h " ;; - --force) args="${args}-f " ;; - --disable-fail2ban) args="${args}-b " ;; - --disable-iptables) args="${args}-i " ;; - --noupdate) args="${args}-n " ;; + --apache) args="${args}-a " ;; + --nginx) args="${args}-n " ;; + --phpfpm) args="${args}-w " ;; + --vsftpd) args="${args}-v " ;; + --proftpd) args="${args}-j " ;; + --named) args="${args}-k " ;; + --mysql) args="${args}-m " ;; + --postgresql) args="${args}-g " ;; + --mongodb) args="${args}-d " ;; + --exim) args="${args}-x " ;; + --dovecot) args="${args}-z " ;; + --clamav) args="${args}-c " ;; + --spamassassin) args="${args}-t " ;; + --iptables) args="${args}-i " ;; + --fail2ban) args="${args}-b " ;; + --quota) args="${args}-q " ;; + --lang) args="${args}-l " ;; + --interactive) args="${args}-y " ;; --hostname) args="${args}-s " ;; --email) args="${args}-e " ;; --password) args="${args}-p " ;; - --mysql-password) args="${args}-m " ;; - --quota) args="${args}-q " ;; - *) [[ "${arg:0:1}" == "-" ]] || delim="\"" - args="${args}${delim}${arg}${delim} ";; + --force) args="${args}-f " ;; + --help) args="${args}-h " ;; + *) [[ "${arg:0:1}" == "-" ]] || delim="\"" + args="${args}${delim}${arg}${delim} ";; esac done eval set -- "$args" -# Getopt -while getopts "hfibdnqe:m:p:s:" Option; do +# Parsing arguments +while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:q:l:y:s:e:p:fh" Option; do case $Option in - h) help ;; # Help - f) force='yes' ;; # Force install - i) disable_iptables='yes' ;; # Disable iptables - b) disable_fail2ban='yes' ;; # Disable fail2ban - n) noupdate='yes' ;; # Disable apt-get upgrade - s) servername=$OPTARG ;; # Server hostname - e) email=$OPTARG ;; # Set email - p) vpass=$OPTARG ;; # Admin password - m) mpass=$OPTARG ;; # MySQL pasword - q) quota='yes' ;; # Enable quota - *) help ;; # Default + a) apache=$OPTARG ;; # Apache + n) nginx=$OPTARG ;; # Nginx + w) phpfpm=$OPTARG ;; # PHP-FPM + v) vsftpd=$OPTARG ;; # Vsftpd + j) proftpd=$OPTARG ;; # Proftpd + k) named=$OPTARG ;; # Named + m) mysql=$OPTARG ;; # MySQL + g) postgresql=$OPTARG ;; # PostgreSQL + d) mongodb=$OPTARG ;; # MongoDB (unsupported) + x) exim=$OPTARG ;; # Exim + z) dovecot=$OPTARG ;; # Dovecot + c) clamd=$OPTARG ;; # ClamAV + t) spamd=$OPTARG ;; # SpamAssassin + i) iptables=$OPTARG ;; # Iptables + b) fail2ban=$OPTARG ;; # Fail2ban + q) quota=$OPTARG ;; # FS Quota + l) lang=$OPTARG ;; # Language + y) interactive=$OPTARG ;; # Interactive install + s) servername=$OPTARG ;; # Hostname + e) email=$OPTARG ;; # Admin email + p) vpass=$OPTARG ;; # Admin password + f) force='yes' ;; # Force install + h) help ;; # Help + *) help ;; # Print help (default) esac done -# Am I root? -if [ "x$(id -u)" != 'x0' ]; then - echo 'Error: this script can only be executed by root' - exit 1 -fi - -# Check supported version -if [ -e '/etc/redhat-release' ]; then - echo 'Error: sorry, this installer works only on Ubuntu' - exit 1 -fi - -# Check supported OS -if [ "$(arch)" != 'x86_64' ]; then - arch='i386' +# Defining default software stack +set_default_value 'nginx' 'yes' +set_default_value 'apache' 'yes' +set_default_value 'phpfpm' 'no' +set_default_value 'vsftpd' 'yes' +set_default_value 'proftpd' 'no' +set_default_value 'named' 'yes' +set_default_value 'mysql' 'yes' +set_default_value 'postgresql' 'no' +set_default_value 'mongodb' 'no' +set_default_value 'exim' 'yes' +set_default_value 'dovecot' 'yes' +if [ $memory -lt 1500000 ]; then + set_default_value 'clamd' 'no' + set_default_value 'spamd' 'no' else - arch="amd64" + set_default_value 'clamd' 'yes' + set_default_value 'spamd' 'yes' fi -os=$(head -n 1 /etc/issue | cut -f 1 -d ' ') -release=$(head -n 1 /etc/issue | cut -f 2 -d ' ' ) -codename=$(lsb_release -cs | egrep "precise|quantal|raring|saucy|trusty") -if [ -z "$codename" ]; then - echo "Error: Ubuntu $(lsb_release -r|awk '{print $2}') is not supported" - exit 1 +set_default_value 'iptables' 'yes' +set_default_value 'fail2ban' 'yes' +set_default_value 'quota' 'no' +set_default_value 'lang' 'en' +set_default_value 'interactive' 'yes' + +# Checking software conflicts +if [ "$phpfpm" = 'yes' ]; then + apache='no' + nginx='yes' +fi +if [ "$proftpd" = 'yes' ]; then + vsftpd='no' +fi +if [ "$exim" = 'no' ]; then + clamd='no' + spamd='no' + dovecot='no' +fi +if [ "$iptables" = 'no' ]; then + fail2ban='no' fi -# Check admin user account -if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" != 'yes' ]; then - echo "Error: user admin exists" - echo +# Checking root permissions +if [ "x$(id -u)" != 'x0' ]; then + check_error 1 "Script can be run executed only by root" +fi + +# Checking admin user account +if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' - echo "Example: bash $0 --force" - exit 1 + echo -e "Example: bash $0 --force\n" + check_result 1 "User admin exists" fi -# Check admin group -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" != 'yes' ]; then - echo "Error: group admin exists" - echo - echo 'Please remove admin group before proceeding.' - echo 'If you want to do it automatically run installer with -f option:' - echo "Example: bash $0 --force" - exit 1 -fi - -# Check wget +# Checking wget if [ ! -e '/usr/bin/wget' ]; then apt-get -y install wget - if [ $? -ne 0 ]; then - echo "Error: can't install wget" - exit 1 - fi + check_result $? "Can't install wget" fi -# Check repo availability -wget -q "$CHOST/$VERSION/vesta.conf" -O /dev/null -if [ $? -ne 0 ]; then - echo "Error: no access to repository" - exit 1 -fi +# Checking repository availability +wget -q "$vestacp/deb_signing.key" -O /dev/null +check_result $? "No access to Vesta repository" # Check installed packages tmpfile=$(mktemp -p /tmp) @@ -170,206 +246,306 @@ if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo - exit 1 + check_result 1 "Control Panel should be installed on clean server." fi -# Check server type -memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) -if [ "$memory" -lt '350000' ] && [ -z "$force" ]; then - echo "Error: not enough memory to install Vesta Control Panel." - echo -e "\nMinimum RAM required: 350Mb" - echo 'If you want to force installation run this script with -f option:' - echo "Example: bash $0 --force" - exit 1 -fi -srv_type='micro' -if [ "$memory" -gt '1000000' ]; then - srv_type='small' +#----------------------------------------------------------# +# Brief Info # +#----------------------------------------------------------# + +# Printing nice ascii aslogo +clear +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _| _|_|_| _|_| _| _|_|_|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _|_|_|_| _|_|_| _| _| _|' +echo +echo ' Vesta Control Panel' +echo -e "\n\n" + +echo 'Following software will be installed on your system:' + +# Web stack +if [ "$nginx" = 'yes' ]; then + echo ' - Nginx Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo ' - Apache Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo ' - Apache Web Server (as backend)' +fi +if [ "$phpfpm" = 'yes' ]; then + echo ' - PHP-FPM Application Server' fi -if [ "$memory" -gt '3000000' ]; then - srv_type='medium' +# DNS stack +if [ "$named" = 'yes' ]; then + echo ' - Bind DNS Server' fi -if [ "$memory" -gt '7000000' ]; then - srv_type='large' -fi - -# Are you sure ? -if [ -z $email ]; then - clear - echo - echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' - echo ' _| _| _| _| _| _| _| ' - echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' - echo ' _| _| _| _| _| _| _| ' - echo ' _| _|_|_|_| _|_|_| _| _| _| ' - echo - echo ' Vesta Control Panel' - echo - echo - echo 'Following software will be installed on your system:' - echo ' - Nginx frontend web server' - echo ' - Apache application web server' - echo ' - Bind DNS server' - echo ' - Exim mail server' - echo ' - Dovecot IMAP and POP3 server' - if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - echo ' - Clam mail antivirus' - echo ' - SpamAssassin antispam' +# Mail Stack +if [ "$exim" = 'yes' ]; then + echo -n ' - Exim mail server' + if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then + echo -n ' + ' + if [ "$clamd" = 'yes' ]; then + echo -n 'Antivirus ' + fi + if [ "$spamd" = 'yes' ]; then + echo -n 'Antispam' + fi fi - echo ' - MySQL database server' - echo ' - Vsftpd FTP server' - echo - echo + echo + if [ "$dovecot" = 'yes' ]; then + echo ' - Dovecot POP3/IMAP Server' + fi +fi - read -p 'Do you want to proceed? [y/n]): ' answer +# DB stack +if [ "$mysql" = 'yes' ]; then + echo ' - MySQL Database Server' +fi +if [ "$postgresql" = 'yes' ]; then + echo ' - PostgreSQL Database Server' +fi +if [ "$mongodb" = 'yes' ]; then + echo ' - MongoDB Database Server' +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo ' - Vsftpd FTP Server' +fi +if [ "$proftpd" = 'yes' ]; then + echo ' - ProFTPD FTP Server' +fi + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo -n ' - Iptables Firewall' +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo -n ' + Fail2Ban' +fi +echo -e "\n\n" + +# Asking for confirmation to proceed +if [ "$interactive" = 'yes' ]; then + read -p 'Would you like to continue [y/n]: ' answer if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then echo 'Goodbye' exit 1 fi - # Check email - read -p 'Please enter valid email address: ' email + # Asking for contact email + if [ -z "$email" ]; then + read -p 'Please enter admin email address: ' email + fi - # Define server hostname + # Asking to set FQDN hostname if [ -z "$servername" ]; then - read -p "Please enter hostname [$(hostname)]: " servername + read -p "Please enter FQDN hostname [$(hostname -f)]: " servername fi fi -# Validate email -local_part=$(echo $email | cut -s -f1 -d\@) -remote_host=$(echo $email | cut -s -f2 -d\@) -mx_failed=1 -if [ ! -z "$remote_host" ] && [ ! -z "$local_part" ]; then - /usr/bin/host -t mx "$remote_host" > /dev/null 2>&1 - mx_failed="$?" +# Generating admin password if it wasn't set +if [ -z "$vpass" ]; then + vpass=$(gen_pass) fi -if [ "$mx_failed" -eq 1 ]; then - echo "Error: email $email is not valid" - exit 1 +# Set hostname if it wasn't set +if [ -z "$servername" ]; then + servername=$(hostname -f) +fi + +# Set email if it wasn't set +if [ -z "$email" ]; then + email="admin@$servername" +fi + +# Defining backup directory +vst_backups="/root/vst_install_backups/$(date +%s)" +echo "Installation backup directory: $vst_backups" + +# Printing start message and sleeping for 5 seconds +echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" +sleep 5 + + +#----------------------------------------------------------# +# Checking swap # +#----------------------------------------------------------# + +# Checking swap on small instances +if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then + fallocate -l 1G /swapfile + chmod 600 /swapfile + mkswap /swapfile + swapon /swapfile + echo "/swapfile none swap sw 0 0" >> /etc/fstab fi #----------------------------------------------------------# # Install repository # #----------------------------------------------------------# -# Let's start -echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" -sleep 5 -# Update system -if [ -z "$noupdate" ]; then - apt-get -y upgrade - if [ $? -ne 0 ]; then - echo 'Error: apt-get upgrade failed' - exit 1 - fi -fi +# Updating system +apt-get -y upgrade +check_result $? 'apt-get upgrade failed' -# Install nginx repo +# Installing nginx repo apt=/etc/apt/sources.list.d -echo "deb http://nginx.org/packages/ubuntu/ $codename nginx" > $apt/nginx.list +echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key apt-key add /tmp/nginx_signing.key -# Install vesta repo +# Installing vesta repo echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list wget $CHOST/deb_signing.key -O deb_signing.key apt-key add deb_signing.key #----------------------------------------------------------# -# Backups # +# Backup # #----------------------------------------------------------# -# Prepare backup tree -vst_backups="/root/vst_install_backups/$(date +%s)" -mkdir -p $vst_backups/nginx -mkdir -p $vst_backups/apache2 -mkdir -p $vst_backups/mysql -mkdir -p $vst_backups/exim4 -mkdir -p $vst_backups/dovecot -mkdir -p $vst_backups/clamav -mkdir -p $vst_backups/spamassassin -mkdir -p $vst_backups/vsftpd -mkdir -p $vst_backups/bind -mkdir -p $vst_backups/vesta -mkdir -p $vst_backups/home +# Creating backup directory tree +mkdir -p $vst_backups +cd $vst_backups +mkdir nginx apache2 php5 php5-fpm vsftpd proftpd bind exim4 dovecot clamd +mkdir spamassassin mysql postgresql mongodb vesta -# Backup nginx +# Backing up Nginx configuration service nginx stop > /dev/null 2>&1 -if [ -e '/etc/nginx/nginx.conf' ]; then - cp -r /etc/nginx/* $vst_backups/nginx/ -fi +cp -r /etc/nginx/* $vst_backups/nginx >/dev/null 2>&1 -# Backup apache2 +# Backing up Apache configuration service apache2 stop > /dev/null 2>&1 -if [ -e '/etc/apache2/apache2.conf' ]; then - cp -r /etc/apache2/* $vst_backups/apache2/ -fi +cp -r /etc/apache2/* $vst_backups/apache2 > /dev/null 2>&1 +rm -f /etc/apache2/conf.d/* > /dev/null 2>&1 -# Backup bind9 +# Backing up PHP configuration +cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 +cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 + +# Backing up PHP configuration +service php5-fpm stop >/dev/null 2>&1 +cp /etc/php5/* $vst_backups/php5 > /dev/null 2>&1 +rm -f /etc/php5/fpm/pool.d/* >/dev/null 2>&1 + +# Backing up Bind configuration service bind9 stop > /dev/null 2>&1 -if [ -e '/etc/bind/named.conf' ]; then - cp -r /etc/bind/* $vst_backups/bind/ -fi +cp -r /etc/bind/* $vst_backups/bind > /dev/null 2>&1 -# Backup vsftpd +# Backing up Vsftpd configuration service vsftpd stop > /dev/null 2>&1 -if [ -e '/etc/vsftpd.conf' ]; then - cp /etc/vsftpd.conf $vst_backups/vsftpd/ -fi +cp /etc/vsftpd.conf $vst_backups/vsftpd > /dev/null 2>&1 -# Backup exim4 +# Backing up ProFTPD configuration +service proftpd stop > /dev/null 2>&1 +cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 + +# Backing up Exim configuration service exim4 stop > /dev/null 2>&1 -if [ -e '/etc/exim4/exim4.conf.template' ]; then - cp -r /etc/exim4/* $vst_backups/exim4/ -fi +cp -r /etc/exim4/* $vst_backups/exim4 > /dev/null 2>&1 -# Backup clamav +# Backing up ClamAV configuration service clamav-daemon stop > /dev/null 2>&1 -if [ -e '/etc/clamav/clamd.conf' ]; then - cp -r /etc/clamav/* $vst_backups/clamav/ -fi +cp -r /etc/clamav/* $vst_backups/clamav > /dev/null 2>&1 -# Backup SpamAssassin +# Backing up SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 -if [ -e '/etc/spamassassin/local.cf' ]; then - cp -r /etc/spamassassin/* $vst_backups/spamassassin/ -fi +cp -r /etc/spamassassin/* $vst_backups/spamassassin > /dev/null 2>&1 -# Backup dovecot +# Backing up Dovecot configuration service dovecot stop > /dev/null 2>&1 -if [ -e '/etc/dovecot.conf' ]; then - cp /etc/dovecot.conf $vst_backups/dovecot/ -fi -if [ -e '/etc/dovecot' ]; then - cp -r /etc/dovecot/* $vst_backups/dovecot/ -fi +cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 +cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 -# Backup MySQL stuff +# Backing up MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 -if [ -e '/var/lib/mysql' ]; then - mv /var/lib/mysql $vst_backups/mysql/mysql_datadir -fi -if [ -e '/etc/mysql/my.cnf' ]; then - cp -r /etc/mysql/* $vst_backups/mysql/ -fi -if [ -e '/root/.my.cnf' ]; then - mv /root/.my.cnf $vst_backups/mysql/ -fi +killall -9 mysqld > /dev/null 2>&1 +mv /var/lib/mysql $vst_backups/mysql/mysql_datadir > /dev/null 2>&1 +cp -r /etc/mysql/* $vst_backups/mysql > /dev/null 2>&1 +mv -f /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 # Backup vesta service vesta stop > /dev/null 2>&1 -if [ -e '/usr/local/vesta' ]; then - cp -r /usr/local/vesta/* $vst_backups/vesta/ - apt-get -y remove vesta* - apt-get -y purge vesta* - rm -rf /usr/local/vesta +cp -r /usr/local/vesta/* $vst_backups/vesta > /dev/null 2>&1 +apt-get -y remove vesta vesta-nginx vesta-php > /dev/null 2>&1 +apt-get -y purge vesta vesta-nginx vesta-php > /dev/null 2>&1 +rm -rf /usr/local/vesta > /dev/null 2>&1 + + +#----------------------------------------------------------# +# Package Exludes # +#----------------------------------------------------------# + +# Excluding packages +if [ "$nginx" = 'no' ]; then + software=$(echo "$software" | sed -e "s/^nginx//") +fi +if [ "$apache" = 'no' ]; then + software=$(echo "$software" | sed -e "s/apache2 //") + software=$(echo "$software" | sed -e "s/apache2-utils//") + software=$(echo "$software" | sed -e "s/apache2-suexec-custom//") + software=$(echo "$software" | sed -e "s/apache2.2-common//") + software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//") + software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//") + software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//") + software=$(echo "$software" | sed -e "s/libapache2-mod-php5//") +fi +if [ "$phpfpm" = 'no' ]; then + software=$(echo "$software" | sed -e "s/php5-fpm//") +fi +if [ "$vsftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/vsftpd//") +fi +if [ "$proftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/proftpd-basic//") + software=$(echo "$software" | sed -e "s/proftpd-mod-vroot//") +fi +if [ "$named" = 'no' ]; then + software=$(echo "$software" | sed -e "s/bind9//") +fi +if [ "$exim" = 'no' ]; then + software=$(echo "$software" | sed -e "s/exim4 //") + software=$(echo "$software" | sed -e "s/exim4-daemon-heavy//") + software=$(echo "$software" | sed -e "s/dovecot-imapd//") + software=$(echo "$software" | sed -e "s/dovecot-pop3d//") + software=$(echo "$software" | sed -e "s/clamav-daemon//") + software=$(echo "$software" | sed -e "s/spamassassin//") +fi +if [ "$clamd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/clamav-daemon//") +fi +if [ "$spamd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/spamassassin//") +fi +if [ "$dovecot" = 'no' ]; then + software=$(echo "$software" | sed -e "s/dovecot-imapd//") + software=$(echo "$software" | sed -e "s/dovecot-pop3d//") +fi +if [ "$mysql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/mysql-server//') + software=$(echo "$software" | sed -e 's/mysql-client//') + software=$(echo "$software" | sed -e 's/mysql-common//') + software=$(echo "$software" | sed -e 's/php5-mysql//') + software=$(echo "$software" | sed -e 's/phpMyAdmin//') +fi +if [ "$postgresql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/postgresql-contrib//') + software=$(echo "$software" | sed -e 's/postgresql//') + software=$(echo "$software" | sed -e 's/php5-pgsql//') + software=$(echo "$software" | sed -e 's/phppgadmin//') +fi +if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then + software=$(echo "$software" | sed -e 's/fail2ban//') fi @@ -377,37 +553,16 @@ fi # Install packages # #----------------------------------------------------------# -# Exclude heavy packages -if [ "$srv_type" = 'micro' ]; then - software=$(echo "$software" | sed -e 's/libapache2-mod-fcgid//') - software=$(echo "$software" | sed -e 's/clamav-daemon//') - software=$(echo "$software" | sed -e 's/spamassassin//') -fi - -if [ "$srv_type" = 'small' ]; then - software=$(echo "$software" | sed -e 's/clamav-daemon//') - software=$(echo "$software" | sed -e 's/spamassassin//') -fi - -# Exclude fail2ban -if [ "$disable_fail2ban" = 'yes' ]; then - software=$(echo "$software" | sed -e 's/fail2ban//') -fi - # Update system packages apt-get update -# Disable daemon autostart -# For more details /usr/share/doc/sysv-rc/README.policy-rc.d.gz +# Disable daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d chmod a+x /usr/sbin/policy-rc.d -# Install Vesta packages +# Install apt packages apt-get -y install $software -if [ $? -ne 0 ]; then - echo 'Error: apt-get install failed' - exit 1 -fi +check_result $? "apt-get install failed" # Restore policy rm -f /usr/sbin/policy-rc.d @@ -417,108 +572,12 @@ rm -f /usr/sbin/policy-rc.d # Configure system # #----------------------------------------------------------# -# Set writable permission on tmp directory -chmod 777 /tmp - -# Vesta configuration -echo "export VESTA='/usr/local/vesta'" > /etc/profile.d/vesta.sh -chmod 755 /etc/profile.d/vesta.sh -source /etc/profile.d/vesta.sh -echo 'PATH=$PATH:/usr/local/vesta/bin' >> /root/.bash_profile -echo 'export PATH' >> /root/.bash_profile -source /root/.bash_profile -wget $CHOST/$VERSION/vesta.log -O /etc/logrotate.d/vesta - -# Directory tree -mkdir -p $VESTA/conf -mkdir -p $VESTA/log -mkdir -p $VESTA/ssl -mkdir -p $VESTA/data -mkdir -p $VESTA/data/ips -mkdir -p $VESTA/data/queue -mkdir -p $VESTA/data/users -mkdir -p $VESTA/data/firewall -touch $VESTA/data/queue/backup.pipe -touch $VESTA/data/queue/disk.pipe -touch $VESTA/data/queue/webstats.pipe -touch $VESTA/data/queue/restart.pipe -touch $VESTA/data/queue/traffic.pipe -chmod 750 $VESTA/conf -chmod 750 $VESTA/data/users -chmod 750 $VESTA/data/ips -chmod -R 750 $VESTA/data/queue -ln -s /usr/local/vesta/log /var/log/vesta -touch /var/log/vesta/system.log -touch /var/log/vesta/nginx-error.log -touch /var/log/vesta/auth.log -chmod 660 /var/log/vesta/* -adduser backup > /dev/null 2>&1 -mkdir -p /home/backup -chown backup:backup /home/backup -ln -s /home/backup /backup -chmod a+x /backup - -# vesta.conf -wget $CHOST/$VERSION/vesta.conf -O $VESTA/conf/vesta.conf -if [ "$srv_type" = 'micro' ] || [ "$srv_type" = 'small' ]; then - sed -i "s/clamav-daemon//g" $VESTA/conf/vesta.conf - sed -i "s/spamassassin//g" $VESTA/conf/vesta.conf -fi - -# Set server hostname -if [ -z "$servername" ]; then - servername=$(hostname) -fi -/usr/local/vesta/bin/v-change-sys-hostname $servername 2>/dev/null - -# Templates, packages -cd /usr/local/vesta/data -wget $CHOST/$VERSION/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz -cd /usr/local/vesta/data -wget $CHOST/$VERSION/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz -if [ "$codename" = 'saucy' ] || [ "$codename" = 'trusty' ]; then - sed -i "s/Include /IncludeOptional /g" \ - $VESTA/data/templates/web/apache2/*tpl -fi -chmod -R 755 /usr/local/vesta/data/templates -cp templates/web/skel/public_html/index.html /var/www/ -sed -i 's/%domain%/It worked!/g' /var/www/index.html -if [ "$srv_type" = 'micro' ]; then - rm -f /usr/local/vesta/data/templates/web/apache2/phpfcgid.* -fi - -# Removing CGI templates -if [ "$codename" = 'trusty' ]; then - rm -f /usr/local/vesta/data/templates/web/apache2/phpcgi.* -fi - -# Generating SSL certificate -$VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ - 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem - -# Parsing merged certificate file -crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) - -# Adding SSL certificate -cd /usr/local/vesta/ssl -sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt -sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key -chown root:mail /usr/local/vesta/ssl/* -chmod 660 /usr/local/vesta/ssl/* -rm /tmp/vst.pem - # Enable SSH password auth sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config service ssh restart # AppArmor -aa-complain /usr/sbin/named +#aa-complain /usr/sbin/named # Disable awstats cron rm -f /etc/cron.d/awstats @@ -529,13 +588,6 @@ echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile # Register /sbin/nologin echo "/sbin/nologin" >> /etc/shells -# Sudo configuration -wget $CHOST/$VERSION/sudoers.vestacp.conf -O /etc/sudoers.d/vestacp -wget $CHOST/$VERSION/sudoers.admin.conf -O /etc/sudoers.d/admin -chmod 440 /etc/sudoers.d/vestacp -chmod 440 /etc/sudoers.d/admin -echo 'Defaults:admin !syslog' >>/etc/sudoers.d/admin - # NTP Synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate @@ -551,295 +603,536 @@ sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf chmod 755 /usr/bin/rssh -# Nginx configuration -rm -f /etc/nginx/conf.d/*.conf -wget $CHOST/$VERSION/nginx.conf -O /etc/nginx/nginx.conf -wget $CHOST/$VERSION/nginx-status.conf -O /etc/nginx/conf.d/status.conf -touch /etc/nginx/conf.d/vesta.conf -update-rc.d nginx defaults -service nginx stop > /dev/null 2>&1 -service nginx start -if [ "$?" -ne 0 ]; then - echo "Error: nginx start failed" - exit 1 + +#----------------------------------------------------------# +# Configure VESTA # +#----------------------------------------------------------# + +# AppArmor +aa-complain /usr/sbin/named 2>/dev/null + +# Downlading sudo configuration +mkdir -p /etc/sudoers.d +wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +chmod 440 /etc/sudoers.d/admin + +# Configuring system env +echo "export VESTA='/usr/local/vesta'" > /etc/profile.d/vesta.sh +chmod 755 /etc/profile.d/vesta.sh +source /etc/profile.d/vesta.sh +echo 'PATH=$PATH:/usr/local/vesta/bin' >> /root/.bash_profile +echo 'export PATH' >> /root/.bash_profile +source /root/.bash_profile + +# Configuring logrotate for vesta logs +wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta + +# Buidling directory tree and creating some blank files for vesta +mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ + $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall +touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ + $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ + $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ + $VESTA/log/nginx-error.log $VESTA/log/auth.log +chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log +chmod -R 750 $VESTA/data/queue +chmod 660 /var/log/vesta/* +rm -f /var/log/vesta +ln -s /usr/local/vesta/log /var/log/vesta + +# Generating vesta configuration +rm -f $VESTA/conf/vesta.conf 2>/dev/null +touch $VESTA/conf/vesta.conf +chmod 660 $VESTA/conf/vesta.conf + +# WEB stack +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf + echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then + echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf + if [ "$phpfpm" = 'yes' ]; then + echo "WEB_BACKEND='php5-fpm'" >> $VESTA/conf/vesta.conf + fi + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi -# Apache configuration -wget $CHOST/$VERSION/apache2.conf -O /etc/apache2/apache2.conf -if [ "$codename" = 'saucy' ] || [ "$codename" = 'trusty' ]; then - sed -i "/^LockFile /d" /etc/apache2/apache2.conf +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf fi -wget $CHOST/$VERSION/apache2-status.conf \ - -O /etc/apache2/mods-enabled/status.conf -wget $CHOST/$VERSION/apache2.log -O /etc/logrotate.d/apache2 -echo "# Powered by vesta" > /etc/apache2/sites-available/default -echo "# Powered by vesta" > /etc/apache2/sites-available/default-ssl -echo "# Powered by vesta" > /etc/apache2/ports.conf -mkdir -p /etc/apache2/conf.d -rm -f /etc/apache2/conf.d/vesta.conf -echo > /etc/apache2/conf.d/vesta.conf -touch /var/log/apache2/access.log -touch /var/log/apache2/error.log -mkdir -p /var/log/apache2/domains -chmod a+x /var/log/apache2 -chmod 640 /var/log/apache2/access.log -chmod 640 /var/log/apache2/error.log -chmod 751 /var/log/apache2/domains -a2enmod rewrite -a2enmod ssl -a2enmod suexec -echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data -update-rc.d apache2 defaults -service apache2 stop > /dev/null 2>&1 -service apache2 start -if [ "$?" -ne 0 ]; then - echo "Error: apache2 start failed" - exit 1 +if [ "$proftpd" = 'yes' ]; then + echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf fi -# Vsftpd configuration -wget $CHOST/$VERSION/vsftpd.conf -O /etc/vsftpd.conf -update-rc.d vsftpd defaults -service vsftpd stop > /dev/null 2>&1 -service vsftpd start -if [ "$?" -ne 0 ]; then - echo "Error: vsftpd start failed" - exit 1 +# DNS stack +if [ "$named" = 'yes' ]; then + echo "DNS_SYSTEM='bind9'" >> $VESTA/conf/vesta.conf fi -# Generating MySQL password if it wasn't set -if [ -z "$mpass" ]; then - mpass=$(gen_pass) +# Mail stack +if [ "$exim" = 'yes' ]; then + echo "MAIL_SYSTEM='exim4'" >> $VESTA/conf/vesta.conf + if [ "$clamd" = 'yes' ]; then + echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $VESTA/conf/vesta.conf + fi + if [ "$spamd" = 'yes' ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + fi + if [ "$dovecot" = 'yes' ]; then + echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf + fi fi -# MySQL configuration -wget $CHOST/$VERSION/my.cnf -O /etc/mysql/my.cnf -mysql_install_db -if [ "$release" != '14.04' ]; then +# CRON daemon +echo "CRON_SYSTEM='cron'" >> $VESTA/conf/vesta.conf + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf +fi + +# Disk quota +if [ "$quota" = 'yes' ]; then + echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf +fi + +# Backups +echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf + +# Language +echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf + +# Version +echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf + +# Downloading hosting packages +cd $VESTA/data +wget $vestacp/packages.tar.gz -O packages.tar.gz +tar -xzf packages.tar.gz +rm -f packages.tar.gz + +# Downloading templates +wget $vestacp/templates.tar.gz -O templates.tar.gz +tar -xzf templates.tar.gz +rm -f templates.tar.gz + +# Copying index.html to default documentroot +cp templates/web/skel/public_html/index.html /var/www/ +sed -i 's/%domain%/It worked!/g' /var/www/index.html + +# Downloading firewall rules +wget $vestacp/firewall.tar.gz -O firewall.tar.gz +tar -xzf firewall.tar.gz +rm -f firewall.tar.gz + +# Configuring server hostname +$VESTA/bin/v-change-sys-hostname $servername 2>/dev/null + +# Generating SSL certificate +$VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ + 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem + +# Parsing certificate file +crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) +key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) +key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) + +# Adding SSL certificate +cd $VESTA/ssl +sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt +sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key +chown root:mail $VESTA/ssl/* +chmod 660 $VESTA/ssl/* +rm /tmp/vst.pem + + +#----------------------------------------------------------# +# Configure Nginx # +#----------------------------------------------------------# + +if [ "$nginx" = 'yes' ]; then + rm -f /etc/nginx/conf.d/*.conf + wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf + wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf + wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc + wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc + wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc + wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + echo > /etc/nginx/conf.d/vesta.conf + mkdir -p /var/log/nginx/domains + update-rc.d nginx defaults + service nginx start + check_result $? "nginx start failed" +fi + + +#----------------------------------------------------------# +# Configure Apache # +#----------------------------------------------------------# + +if [ "$apache" = 'yes' ]; then + wget $vestacp/apache2/apache2.conf -O /etc/apache2/apache2.conf + wget $vestacp/apache2/status.conf -O /etc/apache2/mods-enabled/status.conf + wget $vestacp/logrotate/apache2 -O /etc/logrotate.d/apache2 + a2enmod rewrite + a2enmod suexec + a2enmod ssl + a2enmod actions + a2enmod ruid2 + mkdir -p /etc/apache2/conf.d + echo > /etc/apache2/conf.d/vesta.conf + echo "# Powered by vesta" > /etc/apache2/sites-available/default + echo "# Powered by vesta" > /etc/apache2/sites-available/default-ssl + echo "# Powered by vesta" > /etc/apache2/ports.conf + echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data + touch /var/log/apache2/access.log /var/log/apache2/error.log + mkdir -p /var/log/apache2/domains + chmod a+x /var/log/apache2 + chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log + chmod 751 /var/log/apache2/domains + update-rc.d apache2 defaults + service apache2 start + check_result $? "apache2 start failed" +fi + + +#----------------------------------------------------------# +# Configure PHP-FPM # +#----------------------------------------------------------# + +if [ "$phpfpm" = 'yes' ]; then + wget $vestacp/php5-fpm/www.conf -O /etc/php5/fpm/pool.d/www.conf + update-rc.d php5-fpm defaults + service php5-fpm start + check_result $? "php-fpm start failed" +fi + + +#----------------------------------------------------------# +# Configure PHP # +#----------------------------------------------------------# + +ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') +if [ -z "$ZONE" ]; then + ZONE='UTC' +fi +sed -i "s/;date.timezone =/date.timezone = $ZONE/g" /etc/php5/apache2/php.ini +sed -i "s/;date.timezone =/date.timezone = $ZONE/g" /etc/php5/cli/php.ini +sed -i 's%_open_tag = Off%_open_tag = On%g' /etc/php5/apache2/php.ini +sed -i 's%_open_tag = Off%_open_tag = On%g' /etc/php5/cli/php.ini + + +#----------------------------------------------------------# +# Configure VSFTPD # +#----------------------------------------------------------# + +if [ "$vsftpd" = 'yes' ]; then + wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd.conf + update-rc.d vsftpd defaults + service vsftpd start + check_result $? "vsftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure ProFTPD # +#----------------------------------------------------------# + +if [ "$proftpd" = 'yes' ]; then + echo "127.0.0.1 $servername" >> /etc/hosts + wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd/proftpd.conf + update-rc.d proftpd defaults + service proftpd start + check_result $? "proftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure MySQL/MariaDB # +#----------------------------------------------------------# + +if [ "$mysql" = 'yes' ]; then + mycnf="my-small.cnf" + if [ $memory -gt 1200000 ]; then + mycnf="my-medium.cnf" + fi + if [ $memory -gt 3900000 ]; then + mycnf="my-large.cnf" + fi + + # MySQL configuration + wget $vestacp/mysql/$mycnf -O /etc/mysql/my.cnf + mysql_install_db update-rc.d mysql defaults -fi -service mysql stop > /dev/null 2>&1 -service mysql start -if [ "$?" -ne 0 ]; then - echo "Error: mysql start failed" - exit 1 -fi -mysqladmin -u root password $mpass -echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf -chmod 600 /root/.my.cnf -mysql -e "DELETE FROM mysql.user WHERE User=''" -mysql -e "DROP DATABASE test" > /dev/null 2>&1 -mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" -mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" -mysql -e "FLUSH PRIVILEGES" + service mysql start + check_result $? "mysql start failed" -# Bind configuration -wget $CHOST/$VERSION/named.conf -O /etc/bind/named.conf -sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options -chown root:bind /etc/bind/named.conf -chmod 640 /etc/bind/named.conf -update-rc.d bind9 defaults -service bind9 stop > /dev/null 2>&1 -service bind9 start -if [ "$?" -ne 0 ]; then - echo "Error: bind9 start failed" - exit 1 + # Securing MySQL installation + mysqladmin -u root password $vpass + echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysql -e "DELETE FROM mysql.user WHERE User=''" + mysql -e "DROP DATABASE test" >/dev/null 2>&1 + mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" + mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "FLUSH PRIVILEGES" + + # Configuring phpMyAdmin + if [ "$apache" = 'yes' ]; then + wget $vestacp/pma/apache.conf -O /etc/phpmyadmin/apache.conf + ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf + fi + wget $vestacp/pma/config.inc.php -O /etc/phpmyadmin/config.inc.php + chmod 777 /var/lib/phpmyadmin/tmp fi -# Exim -wget $CHOST/$VERSION/exim4.conf.template -O /etc/exim4/exim4.conf.template -if [ "$srv_type" != 'micro' ] && [ "$srv_type" != 'small' ]; then - sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template - sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template -fi -wget $CHOST/$VERSION/dnsbl.conf -O /etc/exim4/dnsbl.conf -wget $CHOST/$VERSION/spam-blocks.conf -O /etc/exim4/spam-blocks.conf -touch /etc/exim4/white-blocks.conf -rm -rf /etc/exim4/domains -mkdir -p /etc/exim4/domains -chmod 640 /etc/exim4/exim4.conf.template -gpasswd -a Debian-exim mail -if [ -e /etc/init.d/sendmail ]; then - update-rc.d -f sendmail remove - service sendmail stop -fi -if [ -e /etc/init.d/postfix ]; then - update-rc.d -f postfix remove - service postfix stop -fi -rm -f /etc/alternatives/mta -ln -s /usr/sbin/exim4 /etc/alternatives/mta -update-rc.d exim4 defaults -service exim4 stop > /dev/null 2>&1 -service exim4 start -if [ "$?" -ne 0 ]; then - echo "Error: exim start failed" - exit +#----------------------------------------------------------# +# Configure PostgreSQL # +#----------------------------------------------------------# + +if [ "$postgresql" = 'yes' ]; then + wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf + service postgresql restart + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" 2>/dev/null + + # Configuring phpPgAdmin + if [ "$apache" = 'yes' ]; then + wget $vestacp/pga/phppgadmin.conf -O /etc/apache2/conf.d/phppgadmin.conf + fi + wget $vestacp/pga/config.inc.php -O /etc/phppgadmin/config.inc.php fi -# Dovecot configuration -wget $CHOST/$VERSION/dovecot.conf -O /etc/dovecot/dovecot.conf -cd /etc/dovecot/ -wget $CHOST/$VERSION/dovecot-conf.d.tar.gz -rm -rf conf.d *.ext README -tar -xzf dovecot-conf.d.tar.gz -rm -f dovecot-conf.d.tar.gz -chown -R root:root /etc/dovecot -gpasswd -a dovecot mail -update-rc.d dovecot defaults -service dovecot stop > /dev/null 2>&1 -service dovecot start -if [ "$?" -ne 0 ]; then - echo "Error: dovecot start failed" - exit 1 + +#----------------------------------------------------------# +# Configure Bind # +#----------------------------------------------------------# + +if [ "$named" = 'yes' ]; then + wget $vestacp/bind/named.conf -O /etc/bind/named.conf + sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options + chown root:bind /etc/bind/named.conf + chmod 640 /etc/bind/named.conf + update-rc.d bind9 defaults + service bind9 start + check_result $? "bind9 start failed" fi -# ClamAV configuration -if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - wget $CHOST/$VERSION/clamd.conf -O /etc/clamav/clamd.conf +#----------------------------------------------------------# +# Configure Exim # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ]; then + gpasswd -a Debian-exim mail + wget $vestacp/exim/exim4.conf.template -O /etc/exim4/exim4.conf.template + wget $vestacp/exim/dnsbl.conf -O /etc/exim4/dnsbl.conf + wget $vestacp/exim/spam-blocks.conf -O /etc/exim4/spam-blocks.conf + touch /etc/exim4/white-blocks.conf + + if [ "$spamd" = 'yes' ]; then + sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template + fi + if [ "$clamd" = 'yes' ]; then + sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template + fi + + chmod 640 /etc/exim4/exim4.conf.template + rm -rf /etc/exim4/domains + mkdir -p /etc/exim4/domains + + rm -f /etc/alternatives/mta + ln -s /usr/sbin/exim4 /etc/alternatives/mta + update-rc.d -f sendmail remove > /dev/null 2>&1 + service sendmail stop > /dev/null 2>&1 + update-rc.d -f postfix remove > /dev/null 2>&1 + service postfix stop > /dev/null 2>&1 + + update-rc.d exim4 defaults + service exim4 start + check_result $? "exim4 start failed" +fi + + +#----------------------------------------------------------# +# Configure Dovecot # +#----------------------------------------------------------# + +if [ "$dovecot" = 'yes' ]; then + gpasswd -a dovecot mail + wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz + cd /etc + rm -rf dovecot dovecot.conf + tar -xzf dovecot.tar.gz + rm -f dovecot.tar.gz + chown -R root:root /etc/dovecot* + update-rc.d dovecot defaults + service dovecot start + check_result $? "dovecot start failed" +fi + + +#----------------------------------------------------------# +# Configure ClamAV # +#----------------------------------------------------------# + +if [ "$clamd" = 'yes' ]; then gpasswd -a clamav mail gpasswd -a clamav Debian-exim + wget $vestacp/clamav/clamd.conf -O /etc/clamav/clamd.conf /usr/bin/freshclam update-rc.d clamav-daemon defaults - service clamav-daemon stop > /dev/null 2>&1 service clamav-daemon start - if [ "$?" -ne 0 ]; then - echo "Error: clamav start failed" - exit 1 - fi + check_result $? "clamav-daeom start failed" fi -# SpamAssassin configuration -if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then + +#----------------------------------------------------------# +# Configure SpamAssassin # +#----------------------------------------------------------# + +if [ "$spamd" = 'yes' ]; then update-rc.d spamassassin defaults sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin - service spamassassin stop > /dev/null 2>&1 service spamassassin start - if [ "$?" -ne 0 ]; then - echo "Error: spamassassin start failed" - exit 1 + check_result $? "spamassassin start failed" +fi + + +#----------------------------------------------------------# +# Configure RoundCube # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then + if [ "$apache" = 'yes' ]; then + wget $vestacp/roundcube/apache.conf -O /etc/roundcube/apache.conf + ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf + fi + wget $vestacp/roundcube/main.inc.php -O /etc/roundcube/main.inc.php + wget $vestacp/roundcube/db.inc.php -O /etc/roundcube/db.inc.php + wget $vestacp/roundcube/vesta.php -O \ + /usr/share/roundcube/plugins/password/drivers/vesta.php + wget $vestacp/roundcube/config.inc.php -O \ + /etc/roundcube/plugins/password/config.inc.php + r="$(gen_pass)" + mysql -e "CREATE DATABASE roundcube" + mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" + sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php + mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql + php5enmod mcrypt 2>/dev/null + service apache2 restart + if [ "$release" -eq 8 ]; then + mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php + mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php fi fi -# Fail2ban configuration -if [ -z "$disable_fail2ban" ]; then + +#----------------------------------------------------------# +# Configure Fail2Ban # +#----------------------------------------------------------# + +if [ "$fail2ban" = 'yes' ]; then cd /etc - wget $CHOST/$VERSION/fail2ban.tar.gz -O fail2ban.tar.gz + wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz tar -xzf fail2ban.tar.gz rm -f fail2ban.tar.gz - chkconfig fail2ban on + if [ "$dovecot" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) + fline=$(echo "$fline" |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + if [ "$exim" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) + fline=$(echo "$fline" |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + update-rc.d fail2ban defaults service fail2ban start -else - sed -i "s/fail2ban//" $VESTA/conf/vestac.conf + check_result $? "fail2ban start failed" fi -# php configuration -sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php5/apache2/php.ini -sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php5/cli/php.ini -if [ "$codename" = 'saucy' ] || [ "$codename" = 'trusty' ]; then - ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available - php5enmod mcrypt - service apache2 restart -fi -# phpMyAdmin configuration -wget $CHOST/$VERSION/apache2-pma.conf -O /etc/phpmyadmin/apache.conf -wget $CHOST/$VERSION/pma.conf -O /etc/phpmyadmin/config.inc.php -ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf -mv -f /etc/phpmyadmin/config-db.php /etc/phpmyadmin/config-db.php_ -chmod 777 /var/lib/phpmyadmin/tmp +#----------------------------------------------------------# +# Configure Admin User # +#----------------------------------------------------------# -# Roundcube configuration -wget $CHOST/$VERSION/apache2-webmail.conf -O /etc/roundcube/apache.conf -wget $CHOST/$VERSION/roundcube-main.conf -O /etc/roundcube/main.inc.php -wget $CHOST/$VERSION/roundcube-db.conf -O /etc/roundcube/db.inc.php -wget $CHOST/$VERSION/roundcube-driver.php -O \ - /usr/share/roundcube/plugins/password/drivers/vesta.php -wget $CHOST/$VERSION/roundcube-pw.conf -O \ - /etc/roundcube/plugins/password/config.inc.php -r="$(gen_pass)" -mysql -e "DROP DATABASE roundcube" > /dev/null 2>&1 -mysql -e "CREATE DATABASE roundcube" -mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" -sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php -mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql -if [ "$codename" = 'saucy' ] || [ "$codename" = 'trusty' ]; then - wget $CHOST/$VERSION/roundcube-driver-new.php -O \ - /usr/share/roundcube/plugins/password/drivers/vesta.php - ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/ - service apache2 restart -fi -mkdir -p /var/log/roundcube/error -chmod -R 777 /var/log/roundcube - -# Deleting old admin user account if exists +# Deleting old admin user if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then chattr -i /home/admin/conf > /dev/null 2>&1 - userdel -f admin - chattr -i /home/admin/conf - mv -f /home/admin $vst_backups/home/ - rm -f /tmp/sess_* + userdel -f admin >/dev/null 2>&1 + chattr -i /home/admin/conf >/dev/null 2>&1 + mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 + rm -f /tmp/sess_* >/dev/null 2>&1 fi -if [ ! -z "$(grep ^admin: /etc/group)" ]; then +if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then groupdel admin > /dev/null 2>&1 fi -# Generating admin password if it wasn't set -if [ -z "$vpass" ]; then - vpass=$(gen_pass) -fi - -# Adding admin account +# Adding vesta account $VESTA/bin/v-add-user admin $vpass $email default System Administrator -if [ $? -ne 0 ]; then - echo "Error: can't create admin user" - exit 1 -fi +check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash -$VESTA/bin/v-change-user-language admin en - -# Configure mysql host -$VESTA/bin/v-add-database-host mysql localhost root $mpass -$VESTA/bin/v-add-database admin default default $(gen_pass) mysql +$VESTA/bin/v-change-user-language admin $lang # Configuring system ips $VESTA/bin/v-update-sys-ip -# Firewall configuartion -cd $VESTA/data -wget $CHOST/$VERSION/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz -if [ "$disable_iptables" = 'yes' ]; then - sed -i "s/iptables//" $VESTA/conf/vesta.conf -else - /usr/local/vesta/bin/v-update-firewall -fi - # Get main ip -main_ip=$(ifconfig |grep 'inet addr:' |grep -v 127.0.0.1 |head -n1 | \ - cut -f2 -d: | cut -f1 -d ' ') +ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) -# Get remote ip -vst_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) -if [ ! -z "$vst_ip" ] && [ "$vst_ip" != "$main_ip" ]; then - # Set NAT association - $VESTA/bin/v-change-sys-ip-nat $main_ip $vst_ip +# Get public ip +pub_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) +if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip fi -if [ -z "$vst_ip" ]; then - vst_ip=$main_ip +if [ -z "$pub_ip" ]; then + ip=$main_ip fi -# Add default web domain -$VESTA/bin/v-add-web-domain admin default.domain $vst_ip +# Firewall configuration +if [ "$iptables" = 'yes' ]; then + $VESTA/bin/v-update-firewall +fi -# Add default dns domain -$VESTA/bin/v-add-dns-domain admin default.domain $vst_ip +# Configuring mysql host +if [ "$mysql" = 'yes' ]; then + $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database admin default default $(gen_pass) mysql +fi -# Add default mail domain -$VESTA/bin/v-add-mail-domain admin default.domain +# Configuring pgsql host +if [ "$postgresql" = 'yes' ]; then + $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql +fi -# Configuring cron jobs +# Adding default domain +$VESTA/bin/v-add-domain admin $servername +check_result $? "can't create $servername domain" + +# Adding cron jobs command='sudo /usr/local/vesta/bin/v-update-sys-queue disk' $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command='sudo /usr/local/vesta/bin/v-update-sys-queue traffic' @@ -854,35 +1147,42 @@ command='sudo /usr/local/vesta/bin/v-update-user-stats' $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command='sudo /usr/local/vesta/bin/v-update-sys-rrd' $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +service cron restart # Building inititall rrd images $VESTA/bin/v-update-sys-rrd -# Enable file system quota +# Enabling file system quota if [ "$quota" = 'yes' ]; then $VESTA/bin/v-add-sys-quota fi -# Start system service +# Starting vesta service update-rc.d vesta defaults -service vesta stop > /dev/null 2>&1 service vesta start -if [ "$?" -ne 0 ]; then - echo "Error: vesta start failed" - exit 1 +check_result $? "vesta start failed" + + +#----------------------------------------------------------# +# Vesta Access Info # +#----------------------------------------------------------# + +# Sending install notification to vestacp.com +wget vestacp.com/notify/?$codename -O /dev/null -q + +# Comparing hostname and ip +host_ip=$(host $servername| head -n 1 | awk '{print $NF}') +if [ "$host_ip" = "$ip" ]; then + ip="$servername" fi -# Send notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null - -# Send notification to admin email +# Sending notification to admin email echo -e "Congratulations, you have just successfully installed \ -the Vesta Control Panel +Vesta Control Panel -You can login in Vesta with following credentials: + https://$ip:8083 username: admin password: $vpass - https://$vst_ip:8083 We hope that you enjoy your installation of Vesta. Please \ feel free to contact us anytime if you have any questions. @@ -895,12 +1195,10 @@ vestacp.com team send_mail="$VESTA/web/inc/mail-wrapper.php" cat $tmpfile | $send_mail -s "Vesta Control Panel" $email -rm -f $tmpfile # Congrats echo '=======================================================' echo -echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' echo ' _| _| _| _| _| _| _| ' echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' @@ -908,20 +1206,7 @@ echo ' _| _| _| _| _| _| _| ' echo ' _| _|_|_|_| _|_|_| _| _| _| ' echo echo -echo '-------------------------------' -echo " https://$vst_ip:8083" -echo ' username: admin' -echo " password: $vpass" -echo '-------------------------------' -echo -echo -echo 'Congratulations,' -echo 'you have successfully installed Vesta Control Panel.' -echo -echo +cat $tmpfile +rm -f $tmpfile -# Tricky way to get new PATH variable -cd -bash - -#EOF +# EOF diff --git a/install/vst-install.sh b/install/vst-install.sh old mode 100644 new mode 100755 index 9c064ab01..9e05feea1 --- a/install/vst-install.sh +++ b/install/vst-install.sh @@ -5,10 +5,10 @@ # # Currently Supported Operating Systems: # -# RHEL 5, RHEL 6 -# CentOS 5, CentOS 6 -# Debian 7 -# Ubuntu LTS, Ubuntu 13.04, Ubuntu 13.10 +# RHEL 5, 6, 7 +# CentOS 5, 6, 7 +# Debian 7, 8 +# Ubuntu 12.04 - 15.04 # # Am I root?