Commit 80e3c9ac authored by tbrehm's avatar tbrehm
Browse files

- Improved nginx reverse proxy support.

- Added UFW firewall support.
parent a285fa66
......@@ -51,6 +51,8 @@ $conf['services']['dns'] = true;
$conf['services']['file'] = true;
$conf['services']['db'] = true;
$conf['services']['vserver'] = true;
$conf['services']['proxy'] = false;
$conf['services']['firewall'] = false;
//* MySQL
$conf['mysql']['installed'] = false; // will be detected automatically during installation
......@@ -183,6 +185,28 @@ $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico';
$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
//* Squid
$conf['squid']['installed'] = false; // will be detected automatically during installation
$conf['squid']['config_dir'] = '/etc/squid';
$conf['squid']['init_script'] = 'squid';
//* Nginx
$conf['nginx']['installed'] = false; // will be detected automatically during installation
$conf['nginx']['config_dir'] = '/etc/nginx';
$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
$conf['nginx']['init_script'] = 'nginx';
//*Ufw
$conf['ufw']['installed'] = false;
$conf['ufw']['config_dir'] = '/etc/ufw';
$conf['ufw']['init_script'] = 'ufw';
//*Bastille-Firwall
$conf['bastille']['installed'] = false;
$conf['bastille']['config_dir'] = '/etc/Bastille';
//* vlogger
$conf['vlogger']['config_dir'] = '/etc';
......
......@@ -51,6 +51,8 @@ $conf['services']['dns'] = true;
$conf['services']['file'] = true;
$conf['services']['db'] = true;
$conf['services']['vserver'] = true;
$conf['services']['proxy'] = false;
$conf['services']['firewall'] = false;
//* MySQL
$conf['mysql']['installed'] = false; // will be detected automatically during installation
......@@ -183,6 +185,27 @@ $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico';
$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
//* Squid
$conf['squid']['installed'] = false; // will be detected automatically during installation
$conf['squid']['config_dir'] = '/etc/squid';
$conf['squid']['init_script'] = 'squid';
//* Nginx
$conf['nginx']['installed'] = false; // will be detected automatically during installation
$conf['nginx']['config_dir'] = '/etc/nginx';
$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
$conf['nginx']['init_script'] = 'nginx';
//* Ufw
$conf['ufw']['installed'] = false;
$conf['squid']['config_dir'] = '/etc/ufw';
$conf['squid']['init_script'] = 'ufw';
//*Bastille-Firwall
$conf['bastille']['installed'] = false;
$conf['bastille']['config_dir'] = '/etc/Bastille';
//* vlogger
$conf['vlogger']['config_dir'] = '/etc';
......
......@@ -230,9 +230,31 @@ if($install_mode == 'standard') {
$inst->configure_apps_vhost();
//* Configure Firewall
swriteln('Configuring Firewall');
$inst->configure_firewall();
//swriteln('Configuring Firewall');
//$inst->configure_firewall();
//** Configure Firewall
if($conf['bastille']['installed'] == true) {
//* Configure Bastille Firewall
$conf['services']['firewall'] = true;
swriteln('Configuring Bastille Firewall');
$inst->configure_firewall();
} elseif($conf['ufw']['installed'] == true) {
//* Configure Ubuntu Firewall
$conf['services']['firewall'] = true;
swriteln('Configuring Ubuntu Firewall');
$inst->configure_ufw_firewall();
}
if($conf['squid']['installed'] == true) {
$conf['services']['proxy'] = true;
swriteln('Configuring Squid');
$inst->configure_squid();
} else if($conf['nginx']['installed'] == true) {
$conf['services']['proxy'] = true;
swriteln('Configuring Nginx');
$inst->configure_nginx();
}
//* Configure ISPConfig
swriteln('Installing ISPConfig');
......@@ -267,7 +289,9 @@ if($install_mode == 'standard') {
if($conf['mydns']['installed'] == true && $conf['mydns']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['mydns']['init_script'])) system($conf['init_scripts'].'/'.$conf['mydns']['init_script'].' restart &> /dev/null');
if($conf['powerdns']['installed'] == true && $conf['powerdns']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['powerdns']['init_script'])) system($conf['init_scripts'].'/'.$conf['powerdns']['init_script'].' restart &> /dev/null');
if($conf['bind']['installed'] == true && $conf['bind']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['bind']['init_script'])) system($conf['init_scripts'].'/'.$conf['bind']['init_script'].' restart &> /dev/null');
if($conf['squid']['installed'] == true && $conf['squid']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['squid']['init_script'])) system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null');
if($conf['nginx']['installed'] == true && $conf['nginx']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['nginx']['init_script'])) system($conf['init_scripts'].'/'.$conf['nginx']['init_script'].' restart &> /dev/null');
if($conf['ufw']['installed'] == true && $conf['ufw']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['ufw']['init_script'])) system($conf['init_scripts'].'/'.$conf['ufw']['init_script'].' restart &> /dev/null');
}else{
//* In expert mode, we select the services in the following steps, only db is always available
......@@ -275,6 +299,8 @@ if($install_mode == 'standard') {
$conf['services']['web'] = false;
$conf['services']['dns'] = false;
$conf['services']['db'] = true;
$conf['services']['firewall'] = false;
$conf['services']['proxy'] = false;
//** Get Server ID
......@@ -416,6 +442,21 @@ if($install_mode == 'standard') {
}
//** Configure Squid
if(strtolower($inst->simple_query('Configure Proxy Server', array('y','n'),'y') ) == 'y') {
if($conf['squid']['installed'] == true) {
$conf['services']['proxy'] = true;
swriteln('Configuring Squid');
$inst->configure_squid();
if($conf['squid']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['squid']['init_script']))system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null');
} else if($conf['nginx']['installed'] == true) {
$conf['services']['proxy'] = true;
swriteln('Configuring Nginx');
$inst->configure_nginx();
if($conf['nginx']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['nginx']['init_script']))system($conf['init_scripts'].'/'.$conf['nginx']['init_script'].' restart &> /dev/null');
}
}
//** Configure Apache
swriteln("\nHint: If this server shall run the ISPConfig interface, select 'y' in the 'Configure Apache Server' option.\n");
if(strtolower($inst->simple_query('Configure Apache Server',array('y','n'),'y')) == 'y') {
......@@ -434,9 +475,25 @@ if($install_mode == 'standard') {
//** Configure Firewall
if(strtolower($inst->simple_query('Configure Firewall Server',array('y','n'),'y')) == 'y') {
if($conf['bastille']['installed'] == true) {
//* Configure Bastille Firewall
$conf['services']['firewall'] = true;
swriteln('Configuring Bastille Firewall');
$inst->configure_firewall();
} elseif($conf['ufw']['installed'] == true) {
//* Configure Ubuntu Firewall
$conf['services']['firewall'] = true;
swriteln('Configuring Ubuntu Firewall');
$inst->configure_ufw_firewall();
}
}
//** Configure Firewall
/*if(strtolower($inst->simple_query('Configure Firewall Server',array('y','n'),'y')) == 'y') {
swriteln('Configuring Firewall');
$inst->configure_firewall();
}
}*/
//** Configure ISPConfig :-)
if(strtolower($inst->simple_query('Install ISPConfig Web Interface',array('y','n'),'y')) == 'y') {
swriteln('Installing ISPConfig');
......
......@@ -130,7 +130,12 @@ class installer_base {
if(is_installed('jk_chrootsh')) $conf['jailkit']['installed'] = true;
if(is_installed('pdns_server') || is_installed('pdns_control')) $conf['powerdns']['installed'] = true;
if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true;
if(is_installed('squid')) $conf['squid']['installed'] = true;
if(is_installed('nginx')) $conf['nginx']['installed'] = true;
if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
if ($conf['services']['web'] && $conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) $this->ispconfig_interface_installed = true;
}
/** Create the database for ISPConfig */
......@@ -227,6 +232,11 @@ class installer_base {
$tpl_ini_array['dns']['named_conf_path'] = $conf['bind']['named_conf_path'];
$tpl_ini_array['dns']['named_conf_local_path'] = $conf['bind']['named_conf_local_path'];
if ($conf['nginx']['installed'] == true) {
$tpl_ini_array['nginx']['vhost_conf_dir'] = $conf['nginx']['vhost_conf_dir'];
$tpl_ini_array['nginx']['vhost_conf_enabled_dir'] = $conf['nginx']['vhost_conf_enabled_dir'];
}
if (array_key_exists('awstats', $conf)) {
foreach ($conf['awstats'] as $aw_sett => $aw_value) {
$tpl_ini_array['web']['awstats_'.$aw_sett] = $aw_value;
......@@ -242,6 +252,8 @@ class installer_base {
$file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
//** Get the database version number based on the patchfiles
$found = true;
......@@ -261,13 +273,13 @@ class installer_base {
if($conf['mysql']['master_slave_setup'] == 'y') {
//* Insert the server record in master DB
$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version);";
$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
$this->dbmaster->query($sql);
$conf['server_id'] = $this->dbmaster->insertID();
$conf['server_id'] = $conf['server_id'];
//* Insert the same record in the local DB
$sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version);";
$sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
$this->db->query($sql);
//* username for the ispconfig user
......@@ -277,7 +289,7 @@ class installer_base {
} else {
//* Insert the server, if its not a mster / slave setup
$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version);";
$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";
$this->db->query($sql);
$conf['server_id'] = $this->db->insertID();
$conf['server_id'] = $conf['server_id'];
......@@ -1108,6 +1120,67 @@ class installer_base {
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
public function configure_nginx()
{
global $conf;
$row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
$ip_address = gethostbyname($row["server_name"]);
$server_name = $row["server_name"];
//setup proxy.conf
$configfile = 'proxy.conf';
if(is_file($conf["nginx"]["config_dir"].'/'.$configfile)) copy($conf["nginx"]["config_dir"].'/'.$configfile,$conf["nginx"]["config_dir"].'/'.$configfile.'~');
if(is_file($conf["nginx"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/'.$configfile.'~');
$content = rf("tpl/nginx_".$configfile.".master");
wf($conf["nginx"]["config_dir"].'/'.$configfile,$content);
exec('chmod 600 '.$conf["nginx"]["config_dir"].'/'.$configfile);
exec('chown root:root '.$conf["nginx"]["config_dir"].'/'.$configfile);
//setup conf.d/cache.conf
$configfile = 'cache.conf';
if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile)) copy($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~');
if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~');
$content = rf("tpl/nginx_".$configfile.".master");
wf($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$content);
exec('chmod 600 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile);
exec('chown root:root '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile);
//setup cache directories
mkdir('/var/cache/nginx/cache');
exec('chown www-data:www-data /var/cache/nginx/cache');
mkdir('/var/cache/nginx/temp');
exec('chown www-data:www-data /var/cache/nginx/temp');
}
public function configure_squid()
{
global $conf;
$row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
$ip_address = gethostbyname($row["server_name"]);
$server_name = $row["server_name"];
$configfile = 'squid.conf';
if(is_file($conf["squid"]["config_dir"].'/'.$configfile)) copy($conf["squid"]["config_dir"].'/'.$configfile,$conf["squid"]["config_dir"].'/'.$configfile.'~');
if(is_file($conf["squid"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["squid"]["config_dir"].'/'.$configfile.'~');
$content = rf("tpl/".$configfile.".master");
$content = str_replace('{server_name}',$server_name,$content);
$content = str_replace('{ip_address}',$ip_address, $content);
$content = str_replace('{config_dir}',$conf['squid']['config_dir'], $content);
wf($conf["squid"]["config_dir"].'/'.$configfile,$content);
exec('chmod 600 '.$conf["squid"]["config_dir"].'/'.$configfile);
exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
}
public function configure_ufw_firewall()
{
$configfile = 'ufw.conf';
if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf','/etc/ufw/ufw.conf~');
$content = rf("tpl/".$configfile.".master");
wf('/etc/ufw/ufw.conf',$content);
exec('chmod 600 /etc/ufw/ufw.conf');
exec('chown root:root /etc/ufw/ufw.conf');
}
public function configure_firewall() {
global $conf;
......@@ -1426,13 +1499,14 @@ class installer_base {
$file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled' WHERE server_id = ".intval($conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
$this->dbmaster->query($sql);
......
......@@ -95,6 +95,9 @@ function updateDbAndIni() {
$conf['services']['file'] = ($tmp['file_server'] == 1)?true:false;
$conf['services']['db'] = ($tmp['db_server'] == 1)?true:false;
$conf['services']['vserver'] = ($tmp['vserver_server'] == 1)?true:false;
$conf['services']['proxy'] = ($tmp['proxy_server'] == 1)?true:false;
$conf['services']['firewall'] = ($tmp['firewall_server'] == 1)?true:false;
$conf['postfix']['vmail_mailbox_base'] = $ini_array['mail']['homedir_path'];
//* Do incremental DB updates only on installed ISPConfig versions > 3.0.3
......
CREATE TABLE IF NOT EXISTS `proxy_reverse` (
`rewrite_id` int(11) NOT NULL auto_increment,
`sys_userid` int(11) unsigned NOT NULL default '0',
`sys_groupid` int(11) unsigned NOT NULL default '0',
`sys_perm_user` varchar(5) default NULL,
`sys_perm_group` varchar(5) default NULL,
`sys_perm_other` varchar(5) default NULL,
`server_id` int(11) unsigned NOT NULL default '0',
`rewrite_url_src` varchar(100) NOT NULL,
`rewrite_url_dst` varchar(100) NOT NULL,
`active` enum('n','y') NOT NULL default 'y',
PRIMARY KEY (`rewrite_id`)
) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `firewall_filter` (
`firewall_id` int(11) unsigned NOT NULL auto_increment,
`sys_userid` int(11) unsigned NOT NULL default '0',
`domain_id` int(11) NOT NULL,
`sys_groupid` int(11) unsigned NOT NULL default '0',
`sys_perm_user` varchar(5) default NULL,
`sys_perm_group` varchar(5) default NULL,
`sys_perm_other` varchar(5) default NULL,
`server_id` int(11) unsigned NOT NULL default '0',
`rule_name` varchar(100) default NULL,
`rule_id` int(11) default 1,
`src_ip` varchar(20) NOT NULL,
`src_netmask` varchar(20) NOT NULL,
`dst_ip` varchar(20) NOT NULL,
`dst_netmask` varchar(20) NOT NULL,
`src_from_port` varchar(10) NOT NULL,
`src_to_port` varchar(10) NOT NULL,
`dst_to_port` varchar(10) NOT NULL,
`dst_from_port` varchar(10) NOT NULL,
`protocol` varchar(10) default 'tcp',
`inbound_policy` enum('allow','deny','reject','limit') default 'allow',
`outbound_policy` enum('allow','deny','reject','limit') default 'allow',
`active` enum('n','y') NOT NULL default 'y',
`client_id` int(11) NOT NULL,
PRIMARY KEY (`firewall_id`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `firewall_forward` (
`firewall_id` int(11) unsigned NOT NULL auto_increment,
`sys_userid` int(11) unsigned NOT NULL default '0',
`domain_id` int(11) NOT NULL,
`sys_groupid` int(11) unsigned NOT NULL default '0',
`sys_perm_user` varchar(5) default NULL,
`sys_perm_group` varchar(5) default NULL,
`sys_perm_other` varchar(5) default NULL,
`server_id` int(11) unsigned NOT NULL default '0',
`application_name` varchar(100) default NULL,
`dst_ip` varchar(20) NOT NULL,
`src_from_port` varchar(10) NOT NULL,
`src_to_port` varchar(10) NOT NULL,
`dst_to_port` varchar(10) NOT NULL,
`dst_from_port` varchar(10) NOT NULL,
`protocol` int(3) default 0,
`active` enum('n','y') NOT NULL default 'y',
`client_id` int(11) NOT NULL,
PRIMARY KEY (`firewall_id`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8;
alter table `server` add column `proxy_server` tinyint(1) not null after `vserver_server`;
alter table `server` add column `firewall_server` tinyint(1) not null after `proxy_server`;
alter table `web_domain` add column `nginx_directives` mediumtext not null after `apache_directives`;
......@@ -691,6 +691,8 @@ CREATE TABLE `server` (
`file_server` tinyint(1) NOT NULL default '0',
`db_server` tinyint(1) NOT NULL default '0',
`vserver_server` tinyint(1) NOT NULL default '0',
`proxy_server` tinyint(1) NOT NULL default '0',
`firewall_server` tinyint(1) NOT NULL default '0',
`config` text NOT NULL,
`updated` bigint(20) unsigned NOT NULL default '0',
`mirror_server_id` int(11) unsigned NOT NULL default '0',
......@@ -1141,6 +1143,7 @@ CREATE TABLE `web_domain` (
`stats_type` varchar(255) default 'webalizer',
`allow_override` varchar(255) NOT NULL default 'All',
`apache_directives` mediumtext,
`nginx_directives` mediumtext,
`php_open_basedir` mediumtext,
`custom_php_ini` mediumtext,
`backup_interval` VARCHAR( 255 ) NOT NULL DEFAULT 'none',
......@@ -1150,6 +1153,8 @@ CREATE TABLE `web_domain` (
PRIMARY KEY (`domain_id`)
) ENGINE=MyISAM AUTO_INCREMENT=1;
-- --------------------------------------------------------
--
......@@ -1660,6 +1665,70 @@ INSERT INTO `help_faq` VALUES (1,1,0,'I\'d like to know ...','Yes, of course.',1
ALTER TABLE client ADD COLUMN company_id varchar(30);
CREATE TABLE `proxy_reverse` (
`rewrite_id` int(11) NOT NULL auto_increment,
`sys_userid` int(11) unsigned NOT NULL default '0',
`sys_groupid` int(11) unsigned NOT NULL default '0',
`sys_perm_user` varchar(5) default NULL,
`sys_perm_group` varchar(5) default NULL,
`sys_perm_other` varchar(5) default NULL,
`server_id` int(11) unsigned NOT NULL default '0',
`rewrite_url_src` varchar(100) NOT NULL,
`rewrite_url_dst` varchar(100) NOT NULL,
`active` enum('n','y') NOT NULL default 'y',
PRIMARY KEY (`rewrite_id`)
) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
CREATE TABLE `firewall_filter` (
`firewall_id` int(11) unsigned NOT NULL auto_increment,
`sys_userid` int(11) unsigned NOT NULL default '0',
`domain_id` int(11) NOT NULL,
`sys_groupid` int(11) unsigned NOT NULL default '0',
`sys_perm_user` varchar(5) default NULL,
`sys_perm_group` varchar(5) default NULL,
`sys_perm_other` varchar(5) default NULL,
`server_id` int(11) unsigned NOT NULL default '0',
`rule_name` varchar(100) default NULL,
`rule_id` int(11) default 1,
`src_ip` varchar(20) NOT NULL,
`src_netmask` varchar(20) NOT NULL,
`dst_ip` varchar(20) NOT NULL,
`dst_netmask` varchar(20) NOT NULL,
`src_from_port` varchar(10) NOT NULL,
`src_to_port` varchar(10) NOT NULL,
`dst_to_port` varchar(10) NOT NULL,
`dst_from_port` varchar(10) NOT NULL,
`protocol` varchar(10) default 'tcp',
`inbound_policy` enum('allow','deny','reject','limit') default 'allow',
`outbound_policy` enum('allow','deny','reject','limit') default 'allow',
`active` enum('n','y') NOT NULL default 'y',
`client_id` int(11) NOT NULL,
PRIMARY KEY (`firewall_id`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8;
CREATE TABLE `firewall_forward` (
`firewall_id` int(11) unsigned NOT NULL auto_increment,
`sys_userid` int(11) unsigned NOT NULL default '0',
`domain_id` int(11) NOT NULL,
`sys_groupid` int(11) unsigned NOT NULL default '0',
`sys_perm_user` varchar(5) default NULL,
`sys_perm_group` varchar(5) default NULL,
`sys_perm_other` varchar(5) default NULL,
`server_id` int(11) unsigned NOT NULL default '0',
`application_name` varchar(100) default NULL,
`dst_ip` varchar(20) NOT NULL,
`src_from_port` varchar(10) NOT NULL,
`src_to_port` varchar(10) NOT NULL,
`dst_to_port` varchar(10) NOT NULL,
`dst_from_port` varchar(10) NOT NULL,
`protocol` int(3) default 0,
`active` enum('n','y') NOT NULL default 'y',
`client_id` int(11) NOT NULL,
PRIMARY KEY (`firewall_id`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
SET FOREIGN_KEY_CHECKS = 1;
proxy_temp_path /var/cache/nginx/temp;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=global:60m inactive=15m max_size=1G;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid 404 3m;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_cache global;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
set $cache_key $scheme$host$uri$is_args$args$cookie_user;
proxy_cache_key $cache_key;
proxy_cache_valid 200 10h;
expires 3d;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
location = /status {
stub_status on;
allow 127.0.0.1;
allow 192.168.1.0;
deny all;
}
location ~ /purge(/.*) {
allow 127.0.0.1;
allow 192.168.1.0;
deny all;
proxy_cache_purge global $cache_key;
}
# This configuration file requires squid 2.5+. It is untested with squid 3.x.
# BASIC CONFIGURATION
# ------------------------------------------------------------------------------
visible_hostname {server_name}
# port on which to listen
http_port {ip_address}:80 vhost defaultsite={server_name}
# set cache directory and size (1000 MB) - be sure to set the cache size to
# about 10% less than the physical space available to leave room for squid's
# swap files and other temp files
cache_dir ufs /var/spool/squid 100 16 256
cache_mgr webmaster@{server_name}
# LOGS
# ------------------------------------------------------------------------------
log_icp_queries off
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_effective_user nobody
cache_effective_group nogroup
# emulate_httpd_log off
# RESOURCES
# ------------------------------------------------------------------------------
# amount of memory used for caching recently accessed objects - defaults to 8 MB
cache_mem 64 MB
maximum_object_size 10 MB # max cached object size
maximum_object_size_in_memory 300 KB # max cached-in-memory object size