Newer
Older
//* Make the APS directories group writable
exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
exec("chmod -R 770 $install_dir/server/aps_packages");
//* make sure that the server config file (not the interface one) is only readable by the root user
chmod($install_dir.'/server/lib/config.inc.php', 0600);
chown($install_dir.'/server/lib/config.inc.php', 'root');
chgrp($install_dir.'/server/lib/config.inc.php', 'root');
//* Make sure thet the interface config file is readable by user ispconfig only
chmod($install_dir.'/interface/lib/config.inc.php', 0600);
chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
}
// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
// and must be fixed as this will allow the apache user to read the ispconfig files.
// Later this must run as own apache server or via suexec!
Falko Timme
committed
if($conf['apache']['installed'] == true){
$command = 'groupmod --add-user '.$conf['apache']['user'].' ispconfig';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if(is_group('ispapps')){
$command = 'groupmod --add-user '.$conf['apache']['user'].' ispapps';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
Falko Timme
committed
}
if($conf['nginx']['installed'] == true){
$command = 'groupmod --add-user '.$conf['nginx']['user'].' ispconfig';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if(is_group('ispapps')){
$command = 'groupmod --add-user '.$conf['nginx']['user'].' ispapps';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
Falko Timme
committed
}
//* Make the shell scripts executable
$command = "chmod +x $install_dir/server/scripts/*.sh";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
// TODO: These are missing! should they be "vhost_dist_*_dir" ?
$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
// Dont just copy over the virtualhost template but add some custom settings
$content = rf("tpl/apache_ispconfig.vhost.master");
$content = str_replace('{vhost_port}', $conf['apache']['vhost_port'], $content);
// comment out the listen directive if port is 80 or 443
if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
$content = str_replace('{vhost_port_listen}', '#', $content);
} else {
$content = str_replace('{vhost_port_listen}', '', $content);
}
if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_comment}', '', $content);
} else {
$content = str_replace('{ssl_comment}', '#', $content);
}
if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
$content = str_replace('{ssl_bundle_comment}', '', $content);
} else {
$content = str_replace('{ssl_bundle_comment}', '#', $content);
}
$content = str_replace('/var/www/', '/srv/www/', $content);
wf("$vhost_conf_dir/ispconfig.vhost", $content);
//if(!is_file('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
$content = rf('tpl/apache_ispconfig_fcgi_starter.master');
$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
wf('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
//* and create the symlink
if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
}
// Fix a setting in vhost master file for suse
replaceLine('/usr/local/ispconfig/server/conf/vhost.conf.master',"suPHP_UserGroup"," suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>",0);
}
if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
// Dont just copy over the virtualhost template but add some custom settings
$content = rf('tpl/nginx_ispconfig.vhost.master');
$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_on}', ' on', $content);
$content = str_replace('{ssl_comment}', '', $content);
$content = str_replace('{fastcgi_ssl}', 'on', $content);
} else {
$content = str_replace('{ssl_on}', ' off', $content);
$content = str_replace('{ssl_comment}', '#', $content);
$content = str_replace('{fastcgi_ssl}', 'off', $content);
Falko Timme
committed
$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
$fpm_socket = $socket_dir.'ispconfig.sock';
//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
$content = str_replace('{fpm_socket}', $fpm_socket, $content);
wf($vhost_conf_dir.'/ispconfig.vhost', $content);
unset($content);
// PHP-FPM
// Dont just copy over the php-fpm pool template but add some custom settings
$content = rf('tpl/php_fpm_pool.conf.master');
$content = str_replace('{fpm_pool}', 'ispconfig', $content);
Falko Timme
committed
//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
$content = str_replace('{fpm_socket}', $fpm_socket, $content);
$content = str_replace('{fpm_user}', 'ispconfig', $content);
$content = str_replace('{fpm_group}', 'ispconfig', $content);
wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
//* and create the symlink
if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
symlink($vhost_conf_dir.'/ispconfig.vhost',$vhost_conf_enabled_dir.'/000-ispconfig.vhost');
}
}
// create symlinks from /usr/share to phpMyAdmin and SquirrelMail, if they are installed
if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/srv/www/htdocs/phpMyAdmin')) symlink('/srv/www/htdocs/phpMyAdmin/','/usr/share/phpmyadmin');
if(!@file_exists('/usr/share/squirrelmail') && @is_dir('/srv/www/htdocs/squirrelmail')) symlink('/srv/www/htdocs/squirrelmail/','/usr/share/squirrelmail');
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
}
// Make the Clamav log files readable by ISPConfig
//exec('chmod +r /var/log/clamav/clamav.log');
//exec('chmod +r /var/log/clamav/freshclam.log');
//* Install the update script
if(is_file('/usr/local/bin/ispconfig_update_from_svn.sh')) unlink('/usr/local/bin/ispconfig_update_from_svn.sh');
exec('chown root /usr/local/ispconfig/server/scripts/update_from_svn.sh');
exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_svn.sh');
exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
if(!is_link('/usr/local/bin/ispconfig_update_from_svn.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_svn.sh');
if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
//set the fast cgi starter script to executable
//exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
//* Make the logs readable for the ispconfig user
if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
//To enable apache to read the directories
exec('chmod a+rx /usr/local/ispconfig');
exec('chmod -R 751 /usr/local/ispconfig/interface');
exec('chmod a+rx /usr/local/ispconfig/interface/web');
//* Create the ispconfig log directory
jwarnier
committed
if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
tbrehm
committed
if(is_user('getmail')) {
exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
exec('chown getmail /usr/local/bin/run-getmail.sh');
exec('chmod 744 /usr/local/bin/run-getmail.sh');
}
if(is_dir($install_dir.'/interface/invoices')) {
exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
//* Create the ispconfig auth log file and set uid/gid
if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
touch($conf['ispconfig_log_dir'].'/auth.log');
}
exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
//* Remove Domain module as its functions are available in the client module now
if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
}
public function configure_dbserver()
{
global $conf;
//* If this server shall act as database server for client DB's, we configure this here
$install_dir = $conf['ispconfig_install_dir'];
// Create a file with the database login details which
// are used to create the client databases.
if(!is_dir("$install_dir/server/lib")) {
$command = "mkdir $install_dir/server/lib";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
$content = rf("tpl/mysql_clientdb.conf.master");
tbrehm
committed
$content = str_replace('{hostname}',$conf['mysql']['host'],$content);
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
$content = str_replace('{username}',$conf['mysql']['admin_user'],$content);
$content = str_replace('{password}',$conf['mysql']['admin_password'], $content);
wf("$install_dir/server/lib/mysql_clientdb.conf",$content);
exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf");
exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf");
}
public function install_crontab()
{
global $conf;
//* Root Crontab
exec('crontab -u root -l > crontab.txt');
$existing_root_cron_jobs = file('crontab.txt');
// remove existing ispconfig cronjobs, in case the syntax has changed
foreach($existing_root_cron_jobs as $key => $val) {
if(stristr($val,'/usr/local/ispconfig')) unset($existing_root_cron_jobs[$key]);
}
$root_cron_jobs = array(
'* * * * * /usr/local/ispconfig/server/server.sh &> /dev/null',
'30 00 * * * /usr/local/ispconfig/server/cron_daily.sh &> /dev/null'
);
if ($conf['nginx']['installed'] == true) {
$root_cron_jobs[] = "0 0 * * * /usr/local/ispconfig/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
}
foreach($root_cron_jobs as $cron_job) {
if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
$existing_root_cron_jobs[] = $cron_job."\n";
}
}
file_put_contents('crontab.txt', $existing_root_cron_jobs);
exec('crontab -u root crontab.txt &> /dev/null');
unlink('crontab.txt');
//* Getmail crontab
if(is_user('getmail')) {
$cf = $conf['getmail'];
exec('crontab -u getmail -l > crontab.txt');
$existing_cron_jobs = file('crontab.txt');
$cron_jobs = array(
'*/5 * * * * /usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null'
);
// remove existing ispconfig cronjobs, in case the syntax has changed
foreach($existing_cron_jobs as $key => $val) {
if(stristr($val,'getmail')) unset($existing_cron_jobs[$key]);
}
foreach($cron_jobs as $cron_job) {
if(!in_array($cron_job."\n", $existing_cron_jobs)) {
$existing_cron_jobs[] = $cron_job."\n";
}
}
file_put_contents('crontab.txt', $existing_cron_jobs);
exec('crontab -u getmail crontab.txt &> /dev/null');
unlink('crontab.txt');
}
exec('touch /var/log/ispconfig/cron.log');
exec('chmod 660 /var/log/ispconfig/cron.log');