Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Register
Sign in
Toggle navigation
Menu
Open sidebar
Dirk Dankhoff
ISPConfig 3
Commits
80e3c9ac
Commit
80e3c9ac
authored
Apr 26, 2011
by
tbrehm
Browse files
- Improved nginx reverse proxy support.
- Added UFW firewall support.
parent
a285fa66
Changes
40
Hide whitespace changes
Inline
Side-by-side
install/dist/conf/debian40.conf.php
View file @
80e3c9ac
...
...
@@ -51,6 +51,8 @@ $conf['services']['dns'] = true;
$conf
[
'services'
][
'file'
]
=
true
;
$conf
[
'services'
][
'db'
]
=
true
;
$conf
[
'services'
][
'vserver'
]
=
true
;
$conf
[
'services'
][
'proxy'
]
=
false
;
$conf
[
'services'
][
'firewall'
]
=
false
;
//* MySQL
$conf
[
'mysql'
][
'installed'
]
=
false
;
// will be detected automatically during installation
...
...
@@ -183,6 +185,28 @@ $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
$conf
[
'jailkit'
][
'jailkit_chroot_app_programs'
]
=
'/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
;
$conf
[
'jailkit'
][
'jailkit_chroot_cron_programs'
]
=
'/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php'
;
//* Squid
$conf
[
'squid'
][
'installed'
]
=
false
;
// will be detected automatically during installation
$conf
[
'squid'
][
'config_dir'
]
=
'/etc/squid'
;
$conf
[
'squid'
][
'init_script'
]
=
'squid'
;
//* Nginx
$conf
[
'nginx'
][
'installed'
]
=
false
;
// will be detected automatically during installation
$conf
[
'nginx'
][
'config_dir'
]
=
'/etc/nginx'
;
$conf
[
'nginx'
][
'vhost_conf_dir'
]
=
'/etc/nginx/sites-available'
;
$conf
[
'nginx'
][
'vhost_conf_enabled_dir'
]
=
'/etc/nginx/sites-enabled'
;
$conf
[
'nginx'
][
'init_script'
]
=
'nginx'
;
//*Ufw
$conf
[
'ufw'
][
'installed'
]
=
false
;
$conf
[
'ufw'
][
'config_dir'
]
=
'/etc/ufw'
;
$conf
[
'ufw'
][
'init_script'
]
=
'ufw'
;
//*Bastille-Firwall
$conf
[
'bastille'
][
'installed'
]
=
false
;
$conf
[
'bastille'
][
'config_dir'
]
=
'/etc/Bastille'
;
//* vlogger
$conf
[
'vlogger'
][
'config_dir'
]
=
'/etc'
;
...
...
install/dist/conf/debian60.conf.php
View file @
80e3c9ac
...
...
@@ -51,6 +51,8 @@ $conf['services']['dns'] = true;
$conf
[
'services'
][
'file'
]
=
true
;
$conf
[
'services'
][
'db'
]
=
true
;
$conf
[
'services'
][
'vserver'
]
=
true
;
$conf
[
'services'
][
'proxy'
]
=
false
;
$conf
[
'services'
][
'firewall'
]
=
false
;
//* MySQL
$conf
[
'mysql'
][
'installed'
]
=
false
;
// will be detected automatically during installation
...
...
@@ -183,6 +185,27 @@ $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
$conf
[
'jailkit'
][
'jailkit_chroot_app_programs'
]
=
'/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
;
$conf
[
'jailkit'
][
'jailkit_chroot_cron_programs'
]
=
'/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php'
;
//* Squid
$conf
[
'squid'
][
'installed'
]
=
false
;
// will be detected automatically during installation
$conf
[
'squid'
][
'config_dir'
]
=
'/etc/squid'
;
$conf
[
'squid'
][
'init_script'
]
=
'squid'
;
//* Nginx
$conf
[
'nginx'
][
'installed'
]
=
false
;
// will be detected automatically during installation
$conf
[
'nginx'
][
'config_dir'
]
=
'/etc/nginx'
;
$conf
[
'nginx'
][
'vhost_conf_dir'
]
=
'/etc/nginx/sites-available'
;
$conf
[
'nginx'
][
'vhost_conf_enabled_dir'
]
=
'/etc/nginx/sites-enabled'
;
$conf
[
'nginx'
][
'init_script'
]
=
'nginx'
;
//* Ufw
$conf
[
'ufw'
][
'installed'
]
=
false
;
$conf
[
'squid'
][
'config_dir'
]
=
'/etc/ufw'
;
$conf
[
'squid'
][
'init_script'
]
=
'ufw'
;
//*Bastille-Firwall
$conf
[
'bastille'
][
'installed'
]
=
false
;
$conf
[
'bastille'
][
'config_dir'
]
=
'/etc/Bastille'
;
//* vlogger
$conf
[
'vlogger'
][
'config_dir'
]
=
'/etc'
;
...
...
install/install.php
View file @
80e3c9ac
...
...
@@ -230,9 +230,31 @@ if($install_mode == 'standard') {
$inst
->
configure_apps_vhost
();
//* Configure Firewall
swriteln
(
'Configuring Firewall'
);
$inst
->
configure_firewall
();
//swriteln('Configuring Firewall');
//$inst->configure_firewall();
//** Configure Firewall
if
(
$conf
[
'bastille'
][
'installed'
]
==
true
)
{
//* Configure Bastille Firewall
$conf
[
'services'
][
'firewall'
]
=
true
;
swriteln
(
'Configuring Bastille Firewall'
);
$inst
->
configure_firewall
();
}
elseif
(
$conf
[
'ufw'
][
'installed'
]
==
true
)
{
//* Configure Ubuntu Firewall
$conf
[
'services'
][
'firewall'
]
=
true
;
swriteln
(
'Configuring Ubuntu Firewall'
);
$inst
->
configure_ufw_firewall
();
}
if
(
$conf
[
'squid'
][
'installed'
]
==
true
)
{
$conf
[
'services'
][
'proxy'
]
=
true
;
swriteln
(
'Configuring Squid'
);
$inst
->
configure_squid
();
}
else
if
(
$conf
[
'nginx'
][
'installed'
]
==
true
)
{
$conf
[
'services'
][
'proxy'
]
=
true
;
swriteln
(
'Configuring Nginx'
);
$inst
->
configure_nginx
();
}
//* Configure ISPConfig
swriteln
(
'Installing ISPConfig'
);
...
...
@@ -267,7 +289,9 @@ if($install_mode == 'standard') {
if
(
$conf
[
'mydns'
][
'installed'
]
==
true
&&
$conf
[
'mydns'
][
'init_script'
]
!=
''
&&
is_executable
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'mydns'
][
'init_script'
]))
system
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'mydns'
][
'init_script'
]
.
' restart &> /dev/null'
);
if
(
$conf
[
'powerdns'
][
'installed'
]
==
true
&&
$conf
[
'powerdns'
][
'init_script'
]
!=
''
&&
is_executable
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'powerdns'
][
'init_script'
]))
system
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'powerdns'
][
'init_script'
]
.
' restart &> /dev/null'
);
if
(
$conf
[
'bind'
][
'installed'
]
==
true
&&
$conf
[
'bind'
][
'init_script'
]
!=
''
&&
is_executable
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'bind'
][
'init_script'
]))
system
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'bind'
][
'init_script'
]
.
' restart &> /dev/null'
);
if
(
$conf
[
'squid'
][
'installed'
]
==
true
&&
$conf
[
'squid'
][
'init_script'
]
!=
''
&&
is_file
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'squid'
][
'init_script'
]))
system
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'squid'
][
'init_script'
]
.
' restart &> /dev/null'
);
if
(
$conf
[
'nginx'
][
'installed'
]
==
true
&&
$conf
[
'nginx'
][
'init_script'
]
!=
''
&&
is_file
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'nginx'
][
'init_script'
]))
system
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'nginx'
][
'init_script'
]
.
' restart &> /dev/null'
);
if
(
$conf
[
'ufw'
][
'installed'
]
==
true
&&
$conf
[
'ufw'
][
'init_script'
]
!=
''
&&
is_file
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'ufw'
][
'init_script'
]))
system
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'ufw'
][
'init_script'
]
.
' restart &> /dev/null'
);
}
else
{
//* In expert mode, we select the services in the following steps, only db is always available
...
...
@@ -275,6 +299,8 @@ if($install_mode == 'standard') {
$conf
[
'services'
][
'web'
]
=
false
;
$conf
[
'services'
][
'dns'
]
=
false
;
$conf
[
'services'
][
'db'
]
=
true
;
$conf
[
'services'
][
'firewall'
]
=
false
;
$conf
[
'services'
][
'proxy'
]
=
false
;
//** Get Server ID
...
...
@@ -416,6 +442,21 @@ if($install_mode == 'standard') {
}
//** Configure Squid
if
(
strtolower
(
$inst
->
simple_query
(
'Configure Proxy Server'
,
array
(
'y'
,
'n'
),
'y'
)
)
==
'y'
)
{
if
(
$conf
[
'squid'
][
'installed'
]
==
true
)
{
$conf
[
'services'
][
'proxy'
]
=
true
;
swriteln
(
'Configuring Squid'
);
$inst
->
configure_squid
();
if
(
$conf
[
'squid'
][
'init_script'
]
!=
''
&&
is_executable
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'squid'
][
'init_script'
]))
system
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'squid'
][
'init_script'
]
.
' restart &> /dev/null'
);
}
else
if
(
$conf
[
'nginx'
][
'installed'
]
==
true
)
{
$conf
[
'services'
][
'proxy'
]
=
true
;
swriteln
(
'Configuring Nginx'
);
$inst
->
configure_nginx
();
if
(
$conf
[
'nginx'
][
'init_script'
]
!=
''
&&
is_executable
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'nginx'
][
'init_script'
]))
system
(
$conf
[
'init_scripts'
]
.
'/'
.
$conf
[
'nginx'
][
'init_script'
]
.
' restart &> /dev/null'
);
}
}
//** Configure Apache
swriteln
(
"
\n
Hint: If this server shall run the ISPConfig interface, select 'y' in the 'Configure Apache Server' option.
\n
"
);
if
(
strtolower
(
$inst
->
simple_query
(
'Configure Apache Server'
,
array
(
'y'
,
'n'
),
'y'
))
==
'y'
)
{
...
...
@@ -434,9 +475,25 @@ if($install_mode == 'standard') {
//** Configure Firewall
if
(
strtolower
(
$inst
->
simple_query
(
'Configure Firewall Server'
,
array
(
'y'
,
'n'
),
'y'
))
==
'y'
)
{
if
(
$conf
[
'bastille'
][
'installed'
]
==
true
)
{
//* Configure Bastille Firewall
$conf
[
'services'
][
'firewall'
]
=
true
;
swriteln
(
'Configuring Bastille Firewall'
);
$inst
->
configure_firewall
();
}
elseif
(
$conf
[
'ufw'
][
'installed'
]
==
true
)
{
//* Configure Ubuntu Firewall
$conf
[
'services'
][
'firewall'
]
=
true
;
swriteln
(
'Configuring Ubuntu Firewall'
);
$inst
->
configure_ufw_firewall
();
}
}
//** Configure Firewall
/*if(strtolower($inst->simple_query('Configure Firewall Server',array('y','n'),'y')) == 'y') {
swriteln('Configuring Firewall');
$inst->configure_firewall();
}
}*/
//** Configure ISPConfig :-)
if
(
strtolower
(
$inst
->
simple_query
(
'Install ISPConfig Web Interface'
,
array
(
'y'
,
'n'
),
'y'
))
==
'y'
)
{
swriteln
(
'Installing ISPConfig'
);
...
...
install/lib/installer_base.lib.php
View file @
80e3c9ac
...
...
@@ -130,7 +130,12 @@ class installer_base {
if
(
is_installed
(
'jk_chrootsh'
))
$conf
[
'jailkit'
][
'installed'
]
=
true
;
if
(
is_installed
(
'pdns_server'
)
||
is_installed
(
'pdns_control'
))
$conf
[
'powerdns'
][
'installed'
]
=
true
;
if
(
is_installed
(
'named'
)
||
is_installed
(
'bind'
)
||
is_installed
(
'bind9'
))
$conf
[
'bind'
][
'installed'
]
=
true
;
if
(
is_installed
(
'squid'
))
$conf
[
'squid'
][
'installed'
]
=
true
;
if
(
is_installed
(
'nginx'
))
$conf
[
'nginx'
][
'installed'
]
=
true
;
if
(
is_installed
(
'iptables'
)
&&
is_installed
(
'ufw'
))
$conf
[
'ufw'
][
'installed'
]
=
true
;
if
(
is_dir
(
"/etc/Bastille"
))
$conf
[
'bastille'
][
'installed'
]
=
true
;
if
(
$conf
[
'services'
][
'web'
]
&&
$conf
[
'apache'
][
'installed'
]
&&
is_file
(
$conf
[
'apache'
][
"vhost_conf_enabled_dir"
]
.
"/000-ispconfig.vhost"
))
$this
->
ispconfig_interface_installed
=
true
;
}
/** Create the database for ISPConfig */
...
...
@@ -227,6 +232,11 @@ class installer_base {
$tpl_ini_array
[
'dns'
][
'named_conf_path'
]
=
$conf
[
'bind'
][
'named_conf_path'
];
$tpl_ini_array
[
'dns'
][
'named_conf_local_path'
]
=
$conf
[
'bind'
][
'named_conf_local_path'
];
if
(
$conf
[
'nginx'
][
'installed'
]
==
true
)
{
$tpl_ini_array
[
'nginx'
][
'vhost_conf_dir'
]
=
$conf
[
'nginx'
][
'vhost_conf_dir'
];
$tpl_ini_array
[
'nginx'
][
'vhost_conf_enabled_dir'
]
=
$conf
[
'nginx'
][
'vhost_conf_enabled_dir'
];
}
if
(
array_key_exists
(
'awstats'
,
$conf
))
{
foreach
(
$conf
[
'awstats'
]
as
$aw_sett
=>
$aw_value
)
{
$tpl_ini_array
[
'web'
][
'awstats_'
.
$aw_sett
]
=
$aw_value
;
...
...
@@ -242,6 +252,8 @@ class installer_base {
$file_server_enabled
=
(
$conf
[
'services'
][
'file'
])
?
1
:
0
;
$db_server_enabled
=
(
$conf
[
'services'
][
'db'
])
?
1
:
0
;
$vserver_server_enabled
=
(
$conf
[
'services'
][
'vserver'
])
?
1
:
0
;
$proxy_server_enabled
=
(
$conf
[
'services'
][
'proxy'
])
?
1
:
0
;
$firewall_server_enabled
=
(
$conf
[
'services'
][
'firewall'
])
?
1
:
0
;
//** Get the database version number based on the patchfiles
$found
=
true
;
...
...
@@ -261,13 +273,13 @@ class installer_base {
if
(
$conf
[
'mysql'
][
'master_slave_setup'
]
==
'y'
)
{
//* Insert the server record in master DB
$sql
=
"INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES (1, 1, 'riud', 'riud', 'r', '"
.
$conf
[
'hostname'
]
.
"', '
$mail_server_enabled
', '
$web_server_enabled
', '
$dns_server_enabled
', '
$file_server_enabled
', '
$db_server_enabled
', '
$vserver_server_enabled
', '
$server_ini_content
', 0, 1,
$current_db_version
);"
;
$sql
=
"INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`
,`firewall_server`,`proxy_server`
) VALUES (1, 1, 'riud', 'riud', 'r', '"
.
$conf
[
'hostname'
]
.
"', '
$mail_server_enabled
', '
$web_server_enabled
', '
$dns_server_enabled
', '
$file_server_enabled
', '
$db_server_enabled
', '
$vserver_server_enabled
', '
$server_ini_content
', 0, 1,
$current_db_version
,
$proxy_server_enabled
,
$firewall_server_enabled
);"
;
$this
->
dbmaster
->
query
(
$sql
);
$conf
[
'server_id'
]
=
$this
->
dbmaster
->
insertID
();
$conf
[
'server_id'
]
=
$conf
[
'server_id'
];
//* Insert the same record in the local DB
$sql
=
"INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES ('"
.
$conf
[
'server_id'
]
.
"',1, 1, 'riud', 'riud', 'r', '"
.
$conf
[
'hostname'
]
.
"', '
$mail_server_enabled
', '
$web_server_enabled
', '
$dns_server_enabled
', '
$file_server_enabled
', '
$db_server_enabled
', '
$vserver_server_enabled
', '
$server_ini_content
', 0, 1,
$current_db_version
);"
;
$sql
=
"INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`
,`firewall_server`,`proxy_server`
) VALUES ('"
.
$conf
[
'server_id'
]
.
"',1, 1, 'riud', 'riud', 'r', '"
.
$conf
[
'hostname'
]
.
"', '
$mail_server_enabled
', '
$web_server_enabled
', '
$dns_server_enabled
', '
$file_server_enabled
', '
$db_server_enabled
', '
$vserver_server_enabled
', '
$server_ini_content
', 0, 1,
$current_db_version
,
$proxy_server_enabled
,
$firewall_server_enabled
);"
;
$this
->
db
->
query
(
$sql
);
//* username for the ispconfig user
...
...
@@ -277,7 +289,7 @@ class installer_base {
}
else
{
//* Insert the server, if its not a mster / slave setup
$sql
=
"INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES (1, 1, 'riud', 'riud', 'r', '"
.
$conf
[
'hostname'
]
.
"', '
$mail_server_enabled
', '
$web_server_enabled
', '
$dns_server_enabled
', '
$file_server_enabled
', '
$db_server_enabled
', '
$vserver_server_enabled
', '
$server_ini_content
', 0, 1,
$current_db_version
);"
;
$sql
=
"INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`
,`firewall_server`,`proxy_server`
) VALUES (1, 1, 'riud', 'riud', 'r', '"
.
$conf
[
'hostname'
]
.
"', '
$mail_server_enabled
', '
$web_server_enabled
', '
$dns_server_enabled
', '
$file_server_enabled
', '
$db_server_enabled
', '
$vserver_server_enabled
', '
$server_ini_content
', 0, 1,
$current_db_version
,
$proxy_server_enabled
,
$firewall_server_enabled
);"
;
$this
->
db
->
query
(
$sql
);
$conf
[
'server_id'
]
=
$this
->
db
->
insertID
();
$conf
[
'server_id'
]
=
$conf
[
'server_id'
];
...
...
@@ -1108,6 +1120,67 @@ class installer_base {
if
(
!
is_group
(
'sshusers'
))
caselog
(
$command
.
' &> /dev/null 2> /dev/null'
,
__FILE__
,
__LINE__
,
"EXECUTED:
$command
"
,
"Failed to execute the command
$command
"
);
}
public
function
configure_nginx
()
{
global
$conf
;
$row
=
$this
->
db
->
queryOneRecord
(
"SELECT server_name FROM server WHERE server_id = "
.
$conf
[
"server_id"
]
.
""
);
$ip_address
=
gethostbyname
(
$row
[
"server_name"
]);
$server_name
=
$row
[
"server_name"
];
//setup proxy.conf
$configfile
=
'proxy.conf'
;
if
(
is_file
(
$conf
[
"nginx"
][
"config_dir"
]
.
'/'
.
$configfile
))
copy
(
$conf
[
"nginx"
][
"config_dir"
]
.
'/'
.
$configfile
,
$conf
[
"nginx"
][
"config_dir"
]
.
'/'
.
$configfile
.
'~'
);
if
(
is_file
(
$conf
[
"nginx"
][
"config_dir"
]
.
'/'
.
$configfile
.
'~'
))
exec
(
'chmod 400 '
.
$conf
[
"nginx"
][
"config_dir"
]
.
'/'
.
$configfile
.
'~'
);
$content
=
rf
(
"tpl/nginx_"
.
$configfile
.
".master"
);
wf
(
$conf
[
"nginx"
][
"config_dir"
]
.
'/'
.
$configfile
,
$content
);
exec
(
'chmod 600 '
.
$conf
[
"nginx"
][
"config_dir"
]
.
'/'
.
$configfile
);
exec
(
'chown root:root '
.
$conf
[
"nginx"
][
"config_dir"
]
.
'/'
.
$configfile
);
//setup conf.d/cache.conf
$configfile
=
'cache.conf'
;
if
(
is_file
(
$conf
[
"nginx"
][
"config_dir"
]
.
'/conf.d/'
.
$configfile
))
copy
(
$conf
[
"nginx"
][
"config_dir"
]
.
'/conf.d/'
.
$configfile
,
$conf
[
"nginx"
][
"config_dir"
]
.
'/conf.d/'
.
$configfile
.
'~'
);
if
(
is_file
(
$conf
[
"nginx"
][
"config_dir"
]
.
'/conf.d/'
.
$configfile
.
'~'
))
exec
(
'chmod 400 '
.
$conf
[
"nginx"
][
"config_dir"
]
.
'/conf.d/'
.
$configfile
.
'~'
);
$content
=
rf
(
"tpl/nginx_"
.
$configfile
.
".master"
);
wf
(
$conf
[
"nginx"
][
"config_dir"
]
.
'/conf.d/'
.
$configfile
,
$content
);
exec
(
'chmod 600 '
.
$conf
[
"nginx"
][
"config_dir"
]
.
'/conf.d/'
.
$configfile
);
exec
(
'chown root:root '
.
$conf
[
"nginx"
][
"config_dir"
]
.
'/conf.d/'
.
$configfile
);
//setup cache directories
mkdir
(
'/var/cache/nginx/cache'
);
exec
(
'chown www-data:www-data /var/cache/nginx/cache'
);
mkdir
(
'/var/cache/nginx/temp'
);
exec
(
'chown www-data:www-data /var/cache/nginx/temp'
);
}
public
function
configure_squid
()
{
global
$conf
;
$row
=
$this
->
db
->
queryOneRecord
(
"SELECT server_name FROM server WHERE server_id = "
.
$conf
[
"server_id"
]
.
""
);
$ip_address
=
gethostbyname
(
$row
[
"server_name"
]);
$server_name
=
$row
[
"server_name"
];
$configfile
=
'squid.conf'
;
if
(
is_file
(
$conf
[
"squid"
][
"config_dir"
]
.
'/'
.
$configfile
))
copy
(
$conf
[
"squid"
][
"config_dir"
]
.
'/'
.
$configfile
,
$conf
[
"squid"
][
"config_dir"
]
.
'/'
.
$configfile
.
'~'
);
if
(
is_file
(
$conf
[
"squid"
][
"config_dir"
]
.
'/'
.
$configfile
.
'~'
))
exec
(
'chmod 400 '
.
$conf
[
"squid"
][
"config_dir"
]
.
'/'
.
$configfile
.
'~'
);
$content
=
rf
(
"tpl/"
.
$configfile
.
".master"
);
$content
=
str_replace
(
'{server_name}'
,
$server_name
,
$content
);
$content
=
str_replace
(
'{ip_address}'
,
$ip_address
,
$content
);
$content
=
str_replace
(
'{config_dir}'
,
$conf
[
'squid'
][
'config_dir'
],
$content
);
wf
(
$conf
[
"squid"
][
"config_dir"
]
.
'/'
.
$configfile
,
$content
);
exec
(
'chmod 600 '
.
$conf
[
"squid"
][
"config_dir"
]
.
'/'
.
$configfile
);
exec
(
'chown root:root '
.
$conf
[
"squid"
][
"config_dir"
]
.
'/'
.
$configfile
);
}
public
function
configure_ufw_firewall
()
{
$configfile
=
'ufw.conf'
;
if
(
is_file
(
'/etc/ufw/ufw.conf'
))
copy
(
'/etc/ufw/ufw.conf'
,
'/etc/ufw/ufw.conf~'
);
$content
=
rf
(
"tpl/"
.
$configfile
.
".master"
);
wf
(
'/etc/ufw/ufw.conf'
,
$content
);
exec
(
'chmod 600 /etc/ufw/ufw.conf'
);
exec
(
'chown root:root /etc/ufw/ufw.conf'
);
}
public
function
configure_firewall
()
{
global
$conf
;
...
...
@@ -1426,13 +1499,14 @@ class installer_base {
$file_server_enabled
=
(
$conf
[
'services'
][
'file'
])
?
1
:
0
;
$db_server_enabled
=
(
$conf
[
'services'
][
'db'
])
?
1
:
0
;
$vserver_server_enabled
=
(
$conf
[
'services'
][
'vserver'
])
?
1
:
0
;
$proxy_server_enabled
=
(
$conf
[
'services'
][
'proxy'
])
?
1
:
0
;
$firewall_server_enabled
=
(
$conf
[
'services'
][
'firewall'
])
?
1
:
0
;
$sql
=
"UPDATE `server` SET mail_server = '
$mail_server_enabled
', web_server = '
$web_server_enabled
', dns_server = '
$dns_server_enabled
', file_server = '
$file_server_enabled
', db_server = '
$db_server_enabled
', vserver_server = '
$vserver_server_enabled
' WHERE server_id = "
.
intval
(
$conf
[
'server_id'
]);
$sql
=
"UPDATE `server` SET mail_server = '
$mail_server_enabled
', web_server = '
$web_server_enabled
', dns_server = '
$dns_server_enabled
', file_server = '
$file_server_enabled
', db_server = '
$db_server_enabled
', vserver_server = '
$vserver_server_enabled
', proxy_server = '
$proxy_server_enabled
', firewall_server = '
$firewall_server_enabled
' WHERE server_id = "
.
intval
(
$conf
[
'server_id'
]);
if
(
$conf
[
'mysql'
][
'master_slave_setup'
]
==
'y'
)
{
$this
->
dbmaster
->
query
(
$sql
);
...
...
install/lib/update.lib.php
View file @
80e3c9ac
...
...
@@ -95,6 +95,9 @@ function updateDbAndIni() {
$conf
[
'services'
][
'file'
]
=
(
$tmp
[
'file_server'
]
==
1
)
?
true
:
false
;
$conf
[
'services'
][
'db'
]
=
(
$tmp
[
'db_server'
]
==
1
)
?
true
:
false
;
$conf
[
'services'
][
'vserver'
]
=
(
$tmp
[
'vserver_server'
]
==
1
)
?
true
:
false
;
$conf
[
'services'
][
'proxy'
]
=
(
$tmp
[
'proxy_server'
]
==
1
)
?
true
:
false
;
$conf
[
'services'
][
'firewall'
]
=
(
$tmp
[
'firewall_server'
]
==
1
)
?
true
:
false
;
$conf
[
'postfix'
][
'vmail_mailbox_base'
]
=
$ini_array
[
'mail'
][
'homedir_path'
];
//* Do incremental DB updates only on installed ISPConfig versions > 3.0.3
...
...
install/sql/incremental/upd_0009.sql
0 → 100644
View file @
80e3c9ac
CREATE
TABLE
IF
NOT
EXISTS
`proxy_reverse`
(
`rewrite_id`
int
(
11
)
NOT
NULL
auto_increment
,
`sys_userid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`sys_groupid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`sys_perm_user`
varchar
(
5
)
default
NULL
,
`sys_perm_group`
varchar
(
5
)
default
NULL
,
`sys_perm_other`
varchar
(
5
)
default
NULL
,
`server_id`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`rewrite_url_src`
varchar
(
100
)
NOT
NULL
,
`rewrite_url_dst`
varchar
(
100
)
NOT
NULL
,
`active`
enum
(
'n'
,
'y'
)
NOT
NULL
default
'y'
,
PRIMARY
KEY
(
`rewrite_id`
)
)
ENGINE
=
MyISAM
AUTO_INCREMENT
=
5
DEFAULT
CHARSET
=
utf8
;
CREATE
TABLE
IF
NOT
EXISTS
`firewall_filter`
(
`firewall_id`
int
(
11
)
unsigned
NOT
NULL
auto_increment
,
`sys_userid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`domain_id`
int
(
11
)
NOT
NULL
,
`sys_groupid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`sys_perm_user`
varchar
(
5
)
default
NULL
,
`sys_perm_group`
varchar
(
5
)
default
NULL
,
`sys_perm_other`
varchar
(
5
)
default
NULL
,
`server_id`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`rule_name`
varchar
(
100
)
default
NULL
,
`rule_id`
int
(
11
)
default
1
,
`src_ip`
varchar
(
20
)
NOT
NULL
,
`src_netmask`
varchar
(
20
)
NOT
NULL
,
`dst_ip`
varchar
(
20
)
NOT
NULL
,
`dst_netmask`
varchar
(
20
)
NOT
NULL
,
`src_from_port`
varchar
(
10
)
NOT
NULL
,
`src_to_port`
varchar
(
10
)
NOT
NULL
,
`dst_to_port`
varchar
(
10
)
NOT
NULL
,
`dst_from_port`
varchar
(
10
)
NOT
NULL
,
`protocol`
varchar
(
10
)
default
'tcp'
,
`inbound_policy`
enum
(
'allow'
,
'deny'
,
'reject'
,
'limit'
)
default
'allow'
,
`outbound_policy`
enum
(
'allow'
,
'deny'
,
'reject'
,
'limit'
)
default
'allow'
,
`active`
enum
(
'n'
,
'y'
)
NOT
NULL
default
'y'
,
`client_id`
int
(
11
)
NOT
NULL
,
PRIMARY
KEY
(
`firewall_id`
)
)
ENGINE
=
MyISAM
AUTO_INCREMENT
=
12
DEFAULT
CHARSET
=
utf8
;
CREATE
TABLE
IF
NOT
EXISTS
`firewall_forward`
(
`firewall_id`
int
(
11
)
unsigned
NOT
NULL
auto_increment
,
`sys_userid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`domain_id`
int
(
11
)
NOT
NULL
,
`sys_groupid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`sys_perm_user`
varchar
(
5
)
default
NULL
,
`sys_perm_group`
varchar
(
5
)
default
NULL
,
`sys_perm_other`
varchar
(
5
)
default
NULL
,
`server_id`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`application_name`
varchar
(
100
)
default
NULL
,
`dst_ip`
varchar
(
20
)
NOT
NULL
,
`src_from_port`
varchar
(
10
)
NOT
NULL
,
`src_to_port`
varchar
(
10
)
NOT
NULL
,
`dst_to_port`
varchar
(
10
)
NOT
NULL
,
`dst_from_port`
varchar
(
10
)
NOT
NULL
,
`protocol`
int
(
3
)
default
0
,
`active`
enum
(
'n'
,
'y'
)
NOT
NULL
default
'y'
,
`client_id`
int
(
11
)
NOT
NULL
,
PRIMARY
KEY
(
`firewall_id`
)
)
ENGINE
=
MyISAM
AUTO_INCREMENT
=
12
DEFAULT
CHARSET
=
utf8
;
alter
table
`server`
add
column
`proxy_server`
tinyint
(
1
)
not
null
after
`vserver_server`
;
alter
table
`server`
add
column
`firewall_server`
tinyint
(
1
)
not
null
after
`proxy_server`
;
alter
table
`web_domain`
add
column
`nginx_directives`
mediumtext
not
null
after
`apache_directives`
;
install/sql/ispconfig3.sql
View file @
80e3c9ac
...
...
@@ -691,6 +691,8 @@ CREATE TABLE `server` (
`file_server`
tinyint
(
1
)
NOT
NULL
default
'0'
,
`db_server`
tinyint
(
1
)
NOT
NULL
default
'0'
,
`vserver_server`
tinyint
(
1
)
NOT
NULL
default
'0'
,
`proxy_server`
tinyint
(
1
)
NOT
NULL
default
'0'
,
`firewall_server`
tinyint
(
1
)
NOT
NULL
default
'0'
,
`config`
text
NOT
NULL
,
`updated`
bigint
(
20
)
unsigned
NOT
NULL
default
'0'
,
`mirror_server_id`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
...
...
@@ -1141,6 +1143,7 @@ CREATE TABLE `web_domain` (
`stats_type`
varchar
(
255
)
default
'webalizer'
,
`allow_override`
varchar
(
255
)
NOT
NULL
default
'All'
,
`apache_directives`
mediumtext
,
`nginx_directives`
mediumtext
,
`php_open_basedir`
mediumtext
,
`custom_php_ini`
mediumtext
,
`backup_interval`
VARCHAR
(
255
)
NOT
NULL
DEFAULT
'none'
,
...
...
@@ -1150,6 +1153,8 @@ CREATE TABLE `web_domain` (
PRIMARY
KEY
(
`domain_id`
)
)
ENGINE
=
MyISAM
AUTO_INCREMENT
=
1
;
-- --------------------------------------------------------
--
...
...
@@ -1660,6 +1665,70 @@ INSERT INTO `help_faq` VALUES (1,1,0,'I\'d like to know ...','Yes, of course.',1
ALTER
TABLE
client
ADD
COLUMN
company_id
varchar
(
30
);
CREATE
TABLE
`proxy_reverse`
(
`rewrite_id`
int
(
11
)
NOT
NULL
auto_increment
,
`sys_userid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`sys_groupid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`sys_perm_user`
varchar
(
5
)
default
NULL
,
`sys_perm_group`
varchar
(
5
)
default
NULL
,
`sys_perm_other`
varchar
(
5
)
default
NULL
,
`server_id`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`rewrite_url_src`
varchar
(
100
)
NOT
NULL
,
`rewrite_url_dst`
varchar
(
100
)
NOT
NULL
,
`active`
enum
(
'n'
,
'y'
)
NOT
NULL
default
'y'
,
PRIMARY
KEY
(
`rewrite_id`
)
)
ENGINE
=
MyISAM
AUTO_INCREMENT
=
5
DEFAULT
CHARSET
=
utf8
;
CREATE
TABLE
`firewall_filter`
(
`firewall_id`
int
(
11
)
unsigned
NOT
NULL
auto_increment
,
`sys_userid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`domain_id`
int
(
11
)
NOT
NULL
,
`sys_groupid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`sys_perm_user`
varchar
(
5
)
default
NULL
,
`sys_perm_group`
varchar
(
5
)
default
NULL
,
`sys_perm_other`
varchar
(
5
)
default
NULL
,
`server_id`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`rule_name`
varchar
(
100
)
default
NULL
,
`rule_id`
int
(
11
)
default
1
,
`src_ip`
varchar
(
20
)
NOT
NULL
,
`src_netmask`
varchar
(
20
)
NOT
NULL
,
`dst_ip`
varchar
(
20
)
NOT
NULL
,
`dst_netmask`
varchar
(
20
)
NOT
NULL
,
`src_from_port`
varchar
(
10
)
NOT
NULL
,
`src_to_port`
varchar
(
10
)
NOT
NULL
,
`dst_to_port`
varchar
(
10
)
NOT
NULL
,
`dst_from_port`
varchar
(
10
)
NOT
NULL
,
`protocol`
varchar
(
10
)
default
'tcp'
,
`inbound_policy`
enum
(
'allow'
,
'deny'
,
'reject'
,
'limit'
)
default
'allow'
,
`outbound_policy`
enum
(
'allow'
,
'deny'
,
'reject'
,
'limit'
)
default
'allow'
,
`active`
enum
(
'n'
,
'y'
)
NOT
NULL
default
'y'
,
`client_id`
int
(
11
)
NOT
NULL
,
PRIMARY
KEY
(
`firewall_id`
)
)
ENGINE
=
MyISAM
AUTO_INCREMENT
=
12
DEFAULT
CHARSET
=
utf8
;
CREATE
TABLE
`firewall_forward`
(
`firewall_id`
int
(
11
)
unsigned
NOT
NULL
auto_increment
,
`sys_userid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`domain_id`
int
(
11
)
NOT
NULL
,
`sys_groupid`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`sys_perm_user`
varchar
(
5
)
default
NULL
,
`sys_perm_group`
varchar
(
5
)
default
NULL
,
`sys_perm_other`
varchar
(
5
)
default
NULL
,
`server_id`
int
(
11
)
unsigned
NOT
NULL
default
'0'
,
`application_name`
varchar
(
100
)
default
NULL
,
`dst_ip`
varchar
(
20
)
NOT
NULL
,
`src_from_port`
varchar
(
10
)
NOT
NULL
,
`src_to_port`
varchar
(
10
)
NOT
NULL
,
`dst_to_port`
varchar
(
10
)
NOT
NULL
,
`dst_from_port`
varchar
(
10
)
NOT
NULL
,
`protocol`
int
(
3
)
default
0
,
`active`
enum
(
'n'
,
'y'
)
NOT
NULL
default
'y'
,
`client_id`
int
(
11
)
NOT
NULL
,
PRIMARY
KEY
(
`firewall_id`
)
)
ENGINE
=
MyISAM
AUTO_INCREMENT
=
12
DEFAULT
CHARSET
=
utf8
;
-- --------------------------------------------------------
SET
FOREIGN_KEY_CHECKS
=
1
;
install/tpl/nginx_cache.conf.master
0 → 100644
View file @
80e3c9ac
proxy_temp_path /var/cache/nginx/temp;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=global:60m inactive=15m max_size=1G;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid 404 3m;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
install/tpl/nginx_proxy.conf.master
0 → 100644
View file @
80e3c9ac
proxy_cache global;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
set $cache_key $scheme$host$uri$is_args$args$cookie_user;
proxy_cache_key $cache_key;
proxy_cache_valid 200 10h;
expires 3d;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
location = /status {
stub_status on;
allow 127.0.0.1;
allow 192.168.1.0;
deny all;
}
location ~ /purge(/.*) {
allow 127.0.0.1;
allow 192.168.1.0;
deny all;
proxy_cache_purge global $cache_key;
}
install/tpl/squid.conf.master
0 → 100644
View file @
80e3c9ac
# This configuration file requires squid 2.5+. It is untested with squid 3.x.
# BASIC CONFIGURATION
# ------------------------------------------------------------------------------
visible_hostname {server_name}
# port on which to listen
http_port {ip_address}:80 vhost defaultsite={server_name}
# set cache directory and size (1000 MB) - be sure to set the cache size to
# about 10% less than the physical space available to leave room for squid's
# swap files and other temp files
cache_dir ufs /var/spool/squid 100 16 256
cache_mgr webmaster@{server_name}
# LOGS
# ------------------------------------------------------------------------------
log_icp_queries off
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_effective_user nobody
cache_effective_group nogroup
# emulate_httpd_log off
# RESOURCES
# ------------------------------------------------------------------------------
# amount of memory used for caching recently accessed objects - defaults to 8 MB
cache_mem 64 MB
maximum_object_size 10 MB # max cached object size
maximum_object_size_in_memory 300 KB # max cached-in-memory object size