docs/examples/blacklist_helo.master

+# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
+#
+# This file can be used to block hostnames used in smtp HELO command which are known bad.
+# Occasionally you will run into legitimate mail servers which are misconfigured and end
+# up blocked here, so this is not enabled by default, but it is useful if you are prepared
+# to address those cases.  .local is particularly problematic, and commented out by default.
+#
+# Note that any server hitting this check is misconfigured, all of the names below are bogus
+# and not allowed per RFC 2821.
+#
+# If your own users are blocked by this, they are not authenticating to your server when
+# sending (this check is after permit_sasl, which permits authenticated senders).
+#
+# Instructions:
+#
+# Copy this file to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
+# as well as /etc/postfix/blacklist_helo, so your changes are not overwritten with ispconfig
+# updates.
+
+# probably just put REJECT lines in here,
+# as OK lines will bypass a lot of other checks you may want done
+# (use DUNNO instead of OK)
+#
+
+# common for spammers (check https://data.iana.org/TLD/tlds-alpha-by-domain.txt and remove valid tld's occasionally)
+/.*\.administrator$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.admin$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.bac$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.coma$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dlink$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dns$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.domain$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dynamic$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyndns\.org$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyn$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.firewall$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gateway$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.home$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.internal$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.intern$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.janak$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.kornet$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lab$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lan$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localdomain$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localhost$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+# .local is used by spammers a lot, but too many otherwise legit servers hit it
+# (instead of REJECT, should send to greylisting)
+#/.*\.local$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.loc$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lokal$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.mail$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.nat$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.netzwerk$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.pc$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.privat$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.private$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.router$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.setup$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.119$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.beeline$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.cici$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt_3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt-3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.hananet$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.skbroadband$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.tbroad$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+

docs/old_server_plugins/bind_dlz_plugin.inc.php

+<?php
+
+/*
+Copyright (c) 2009, Falko Timme, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/*
+TABLE STRUCTURE of the "named" database:
+
+CREATE TABLE IF NOT EXISTS `records` (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `zone` varchar(255) NOT NULL,
+  `ttl` int(11) NOT NULL default '3600',
+  `type` varchar(255) NOT NULL,
+  `host` varchar(255) NOT NULL default '@',
+  `mx_priority` int(11) default NULL,
+  `data` text,
+  `primary_ns` varchar(255) default NULL,
+  `resp_contact` varchar(255) default NULL,
+  `serial` bigint(20) default NULL,
+  `refresh` int(11) default NULL,
+  `retry` int(11) default NULL,
+  `expire` int(11) default NULL,
+  `minimum` int(11) default NULL,
+  `ispconfig_id` int(11) NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `type` (`type`),
+  KEY `host` (`host`),
+  KEY `zone` (`zone`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+
+CREATE TABLE IF NOT EXISTS `xfr` (
+  `id` int(11) NOT NULL auto_increment,
+  `zone` varchar(255) NOT NULL,
+  `client` varchar(255) NOT NULL,
+  `ispconfig_id` int(11) NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `zone` (`zone`),
+  KEY `client` (`client`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+
+*/
+
+class bind_dlz_plugin {
+
+	var $plugin_name = 'bind_dlz_plugin';
+	var $class_name  = 'bind_dlz_plugin';
+
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall()
+	{
+		global $conf;
+
+		if(isset($conf['bind']['installed']) && $conf['bind']['installed'] == true) {
+			// Temporarily disabled until the installer supports the automatic creation of the necessary
+			// database or at least to select between filebased nd db based bind, as not all bind versions
+			// support dlz out of the box. To enable this plugin manually, create a symlink from the plugins-enabled
+			// directory to this file in the plugins-available directory.
+			return false;
+			//return true;
+		} else {
+			return false;
+		}
+
+	}
+
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+
+	function onLoad()
+	{
+		global $app;
+
+		/*
+		Register for the events
+		*/
+
+		//* SOA
+		$app->plugins->registerEvent('dns_soa_insert', $this->plugin_name, 'soa_insert');
+		$app->plugins->registerEvent('dns_soa_update', $this->plugin_name, 'soa_update');
+		$app->plugins->registerEvent('dns_soa_delete', $this->plugin_name, 'soa_delete');
+
+		//* RR
+		$app->plugins->registerEvent('dns_rr_insert', $this->plugin_name, 'rr_insert');
+		$app->plugins->registerEvent('dns_rr_update', $this->plugin_name, 'rr_update');
+		$app->plugins->registerEvent('dns_rr_delete', $this->plugin_name, 'rr_delete');
+	}
+
+
+	function soa_insert($event_name, $data)
+	{
+		global $app, $conf;
+
+		if($data["new"]["active"] != 'Y') return;
+
+		$origin = substr($data["new"]["origin"], 0, -1);
+		$ispconfig_id = $data["new"]["id"];
+		$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
+
+		$ttl = $data["new"]["ttl"];
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query("INSERT INTO named.records (zone, ttl, type, primary_ns, resp_contact, serial, refresh, retry, expire, minimum, ispconfig_id) VALUES ".
+			"(?, ?, 'SOA', ?, ?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $ispconfig_id);
+		//unset($_db);
+	}
+
+	function soa_update($event_name, $data)
+	{
+		global $app, $conf;
+
+		if($data["new"]["active"] != 'Y')
+		{
+			if($data["old"]["active"] != 'Y') return;
+			$this->soa_delete($event_name, $data);
+		}
+		else
+		{
+			if($data["old"]["active"] == 'Y')
+			{
+				$origin = substr($data["new"]["origin"], 0, -1);
+				$ispconfig_id = $data["new"]["id"];
+				$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
+
+				$ttl = $data["new"]["ttl"];
+
+				//$_db = clone $app->db;
+				//$_db->dbName = 'named';
+
+				$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, primary_ns = ?, resp_contact = ?, serial = ?, refresh = ?, retry = ?, expire = ?, minimum = ? WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $data["new"]["id"]);
+				//unset($_db);
+			}
+			else
+			{
+				$this->soa_insert($event_name, $data);
+				$ispconfig_id = $data["new"]["id"];
+
+				if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id))
+				{
+					foreach($records as $record)
+					{
+						foreach ($record as $key => $val) {
+							$data["new"][$key] = $val;
+						}
+						$this->rr_insert("dns_rr_insert", $data);
+					}
+				}
+			}
+		}
+
+	}
+
+	function soa_delete($event_name, $data)
+	{
+		global $app, $conf;
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query( "DELETE FROM named.dns_records WHERE zone = ?", substr($data['old']['origin'], 0, -1));
+		//unset($_db);
+	}
+
+	function rr_insert($event_name, $data)
+	{
+		global $app, $conf;
+		if($data["new"]["active"] != 'Y') return;
+
+		$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
+		$origin = substr($zone["origin"], 0, -1);
+		$ispconfig_id = $data["new"]["id"];
+
+		$type = $data["new"]["type"];
+
+		if (substr($data["new"]["name"], -1) == '.') {
+			$name = substr($data["new"]["name"], 0, -1);
+		} else {
+			$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
+		}
+
+		if ($name == $origin || $name == '') {
+			$name = '@';
+		}
+
+		switch ($type)
+		{
+		case "CNAME":
+		case "MX":
+		case "NS":
+		case "ALIAS":
+		case "PTR":
+		case "SRV":
+			if(substr($data["new"]["data"], -1) != '.'){
+				$content = $data["new"]["data"] . '.';
+			} else {
+				$content = $data["new"]["data"];
+			}
+			break;
+		case "HINFO":
+			$content = $data["new"]["data"];
+			$quote1 = strpos($content, '"');
+
+			if($quote1 !== FALSE) {
+				$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
+			}
+
+			if ($quote1 !== FALSE && $quote2 !== FALSE) {
+				$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
+				$content = $text_between_quotes.substr($content, ($quote2 + 2));
+			}
+			break;
+		default:
+			$content = $data["new"]["data"];
+		}
+
+		$ttl = $data["new"]["ttl"];
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		if ($type == 'MX') {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, host, mx_priority, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $data["new"]["aux"], $content, $ispconfig_id);
+		} elseif ($type == 'SRV') {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?)", $origin, $ttl, $type, $data["new"]["aux"] . ' ' . $content, $ispconfig_id);
+		} else {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, host, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $content, $ispconfig_id);
+		}
+
+		//unset($_db);
+	}
+
+	function rr_update($event_name, $data)
+	{
+		global $app, $conf;
+
+		if ($data["new"]["active"] != 'Y')
+		{
+			if($data["old"]["active"] != 'Y') return;
+			$this->rr_delete($event_name, $data);
+		}
+		else
+		{
+			if ($data["old"]["active"] == 'Y')
+			{
+				$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
+				$origin = substr($zone["origin"], 0, -1);
+				$ispconfig_id = $data["new"]["id"];
+
+				$type = $data["new"]["type"];
+
+				if (substr($data["new"]["name"], -1) == '.') {
+					$name = substr($data["new"]["name"], 0, -1);
+				} else {
+					$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
+				}
+
+				if ($name == $origin || $name == '') {
+					$name = '@';
+				}
+
+				switch ($type)
+				{
+				case "CNAME":
+				case "MX":
+				case "NS":
+				case "ALIAS":
+				case "PTR":
+				case "SRV":
+					if(substr($data["new"]["data"], -1) != '.'){
+						$content = $data["new"]["data"] . '.';
+					} else {
+						$content = $data["new"]["data"];
+					}
+					break;
+				case "HINFO":
+					$content = $data["new"]["data"];
+					$quote1 = strpos($content, '"');
+					if($quote1 !== FALSE){
+						$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
+					}
+					if($quote1 !== FALSE && $quote2 !== FALSE){
+						$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
+						$content = $text_between_quotes.substr($content, ($quote2 + 2));
+					}
+					break;
+				default:
+					$content = $data["new"]["data"];
+				}
+
+				$ttl = $data["new"]["ttl"];
+				$prio = (int)$data["new"]["aux"];
+
+				//$_db = clone $app->db;
+				//$_db->dbName = 'named';
+
+				if ($type == 'MX') {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, mx_priority = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $prio, $content, $ispconfig_id);
+				} elseif ($type == 'SRV') {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $prio . ' ' . $content, $ispconfig_id);
+				} else {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $content, $ispconfig_id);
+				}
+
+				//unset($_db);
+			} else {
+				$this->rr_insert($event_name, $data);
+			}
+		}
+	}
+
+	function rr_delete($event_name, $data) {
+		global $app, $conf;
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = ?", substr($data['old']['origin'], 0, -1));
+		//unset($_db);
+	}
+
+} // end class
+?>

docs/old_server_plugins/nginx_reverseproxy_plugin.inc.php

+<?php
+
+class nginx_reverseproxy_plugin {
+
+	var $plugin_name = 'nginx_reverseproxy_plugin';
+	var $class_name = 'nginx_reverseproxy_plugin';
+
+	// private variables
+	var $action = '';
+
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall() {
+		global $conf;
+
+		if(isset($conf['services']['proxy']) && $conf['services']['proxy'] == true && isset($conf['nginx']['installed']) && $conf['nginx']['installed'] == true) {
+			return true;
+		} else {
+			return false;
+		}
+
+	}
+
+
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+
+	function onLoad() {
+		global $app;
+
+		/*
+		Register for the events
+		*/
+
+		$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'ssl');
+		$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'ssl');
+		$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'ssl');
+
+		$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'insert');
+		$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'update');
+		$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'delete');
+
+		// $app->plugins->registerEvent('proxy_reverse_insert',$this->plugin_name,'rewrite_insert');
+		// $app->plugins->registerEvent('proxy_reverse_update',$this->plugin_name,'rewrite_update');
+		// $app->plugins->registerEvent('proxy_reverse_delete',$this->plugin_name,'rewrite_delete');
+
+
+
+	}
+
+
+	function insert($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->update($event_name, $data);
+	}
+
+
+	function update($event_name, $data) {
+		global $app, $conf;
+
+		if($this->action != 'insert') $this->action = 'update';
+
+		if($data['new']['type'] != 'vhost' && $data['new']['type'] != 'vhostsubdomain' && $data['new']['type'] != 'vhostalias' && $data['new']['parent_domain_id'] > 0) {
+
+			$old_parent_domain_id = intval($data['old']['parent_domain_id']);
+			$new_parent_domain_id = intval($data['new']['parent_domain_id']);
+
+			// If the parent_domain_id has been chenged, we will have to update the old site as well.
+			if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
+				$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
+				$data['new'] = $tmp;
+				$data['old'] = $tmp;
+				$this->action = 'update';
+				$this->update($event_name, $data);
+			}
+
+			// This is not a vhost, so we need to update the parent record instead.
+			$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
+			$data['new'] = $tmp;
+			$data['old'] = $tmp;
+			$this->action = 'update';
+		}
+
+
+
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+		// Create group and user, if not exist
+		$app->uses('system');
+
+		//* Create the vhost config file
+		$app->load('tpl');
+
+		$tpl = new tpl();
+		$tpl->newTemplate('nginx_reverseproxy_vhost.conf.master');
+
+		$vhost_data = $data['new'];
+		$vhost_data['config_dir'] = $config['nginx']['config_dir'];
+
+		$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
+		// Check if a SSL cert exists
+		$ssl_dir = $config['nginx']['config_dir'].'/ssl';
+		$domain = $data['new']['ssl_domain'];
+		$key_file = $ssl_dir.'/'.$domain.'.key';
+		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+		$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+
+		if($vhost_data['nginx_directives']) {
+			$vhost_data['nginx_directives'] = preg_replace("/\[IP\]/", $vhost_data['ip_address'], $vhost_data['nginx_directives']);
+		}
+
+
+		if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
+			$vhost_data['ssl_enabled'] = 1;
+			$app->log('Enable SSL for: '.$domain, LOGLEVEL_DEBUG);
+		} else {
+			$vhost_data['ssl_enabled'] = 0;
+			$app->log('Disable SSL for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+		if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
+
+
+		$tpl->setVar($vhost_data);
+
+
+
+		// get alias domains (co-domains and subdomains)
+		$aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);
+		$server_alias = array();
+		switch($data['new']['subdomain']) {
+		case 'www':
+			$server_alias[] .= 'www.'.$data['new']['domain'].' ';
+			break;
+		case '*':
+			$server_alias[] .= '*.'.$data['new']['domain'].' ';
+			break;
+		}
+		if(is_array($aliases)) {
+			foreach($aliases as $alias) {
+				switch($alias['subdomain']) {
+				case 'www':
+					$server_alias[] .= 'www.'.$alias['domain'].' '.$alias['domain'].' ';
+					break;
+				case '*':
+					$server_alias[] .= '*.'.$alias['domain'].' '.$alias['domain'].' ';
+					break;
+				default:
+					$server_alias[] .= $alias['domain'].' ';
+					break;
+				}
+				$app->log('Add server alias: '.$alias['domain'], LOGLEVEL_DEBUG);
+
+			}
+		}
+
+		//* If we have some alias records
+		if(count($server_alias) > 0) {
+			$server_alias_str = '';
+			$n = 0;
+
+			// begin a new ServerAlias line after 30 alias domains
+			foreach($server_alias as $tmp_alias) {
+				if($n % 30 == 0) $server_alias_str .= " ";
+				$server_alias_str .= $tmp_alias;
+			}
+			unset($tmp_alias);
+
+			$tpl->setVar('alias', trim($server_alias_str));
+		} else {
+			$tpl->setVar('alias', '');
+		}
+
+
+		$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost';
+		//* Make a backup copy of vhost file
+		copy($vhost_file, $vhost_file.'~');
+
+		//* Write vhost file
+		file_put_contents($vhost_file, $tpl->grab());
+		$app->log('Writing the vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
+		unset($tpl);
+
+
+		// Set the symlink to enable the vhost
+		$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost';
+		if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
+			symlink($vhost_file, $vhost_symlink);
+			$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+		}
+
+		// Remove the symlink, if site is inactive
+		if($data['new']['active'] == 'n' && is_link($vhost_symlink)) {
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+		}
+
+		if(!is_dir('/var/log/ispconfig/nginx/'.$data['new']['domain'])) $app->system->exec_safe('mkdir -p ?', '/var/log/ispconfig/nginx/'.$data['new']['domain']);
+
+		// remove old symlink and vhost file, if domain name of the site has changed
+		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_file);
+			$app->log('Removing file: '.$vhost_file, LOGLEVEL_DEBUG);
+
+			if(is_dir('/var/log/ispconfig/nginx/'.$data['old']['domain'])) $app->system->exec_safe('rm -rf ?', '/var/log/ispconfig/nginx/'.$data['old']['domain']);
+		}
+
+		// request a httpd reload when all records have been processed
+		$app->services->restartServiceDelayed('nginx', 'restart');
+
+		// Remove the backup copy of the config file.
+		if(@is_file($vhost_file.'~')) unlink($vhost_file.'~');
+
+
+		//* Unset action to clean it for next processed vhost.
+		$this->action = '';
+
+	}
+
+
+
+
+	// Handle the creation of SSL certificates
+	function ssl($event_name, $data) {
+		global $app, $conf;
+
+		if(!is_dir($conf['nginx']['config_dir'].'/ssl')) $app->system->exec_safe('mkdir -p ?', $conf['nginx']['config_dir'].'/ssl');
+		$ssl_dir = $conf['nginx']['config_dir'].'/ssl';
+		$domain = $data['new']['ssl_domain'];
+		$key_file = $ssl_dir.'/'.$domain.'.key.org';
+		$key_file2 = $ssl_dir.'/'.$domain.'.key';
+		$csr_file = $ssl_dir.'/'.$domain.'.csr';
+		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+
+
+		//* Save a SSL certificate to disk
+		if($data["new"]["ssl_action"] == 'save') {
+			$web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);
+
+			$src_ssl_dir = $web["document_root"]."/ssl";
+			//$domain = $data["new"]["ssl_domain"];
+			//$csr_file = $ssl_dir.'/'.$domain.".csr";
+			//$crt_file = $ssl_dir.'/'.$domain.".crt";
+			//$bundle_file = $ssl_dir.'/'.$domain.".bundle";
+			$app->system->exec_safe('rsync -v -e ssh root@?:? ?', $web['ip_address'], '~/'.$src_ssl_dir, $ssl_dir);
+
+			$app->log('Syncing SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+		//* Delete a SSL certificate
+		if($data['new']['ssl_action'] == 'del') {
+			//$ssl_dir = $data['new']['document_root'].'/ssl';
+			$domain = $data['new']['ssl_domain'];
+			$csr_file = $ssl_dir.'/'.$domain.'.csr';
+			$crt_file = $ssl_dir.'/'.$domain.'.crt';
+			$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+			unlink($csr_file);
+			unlink($crt_file);
+			unlink($bundle_file);
+			$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+
+	}
+
+
+	function delete($event_name, $data) {
+		global $app, $conf;
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+
+		if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {
+
+			//* This is a website
+			// Deleting the vhost file, symlink and the data directory
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_file);
+			$app->log('Removing vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
+
+
+
+			// Delete the log file directory
+			$vhost_logfile_dir = '/var/log/ispconfig/nginx/'.$data['old']['domain'];
+			if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir, '..')) $app->system->exec_safe('rm -rf ?', $vhost_logfile_dir);
+			$app->log('Removing website logfile directory: '.$vhost_logfile_dir, LOGLEVEL_DEBUG);
+
+		}
+	}
+
+	function rewrite_insert($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->update($event_name, $data);
+	}
+
+	function rewrite_update($event_name, $data) {
+		global $app, $conf;
+
+		$rules = $this->_getRewriteRules($app);
+
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+		$app->load('tpl');
+		$tpl = new tpl();
+		$tpl->newTemplate("nginx_reverseproxy_rewrites.conf.master");
+		if (!empty($rules))$tpl->setLoop('nginx_rewrite_rules', $rules);
+
+		$rewrites_file = $nginx_config['nginx_vhost_conf_dir'].'/default.rewrites.conf';
+		//* Make a backup copy of vhost file
+		copy($rewrites_file, $rewrites_file.'~');
+
+		//* Write vhost file
+		file_put_contents($rewrites_file, $tpl->grab());
+		$app->log('Writing the nginx rewrites file: '.$rewrites_file, LOGLEVEL_DEBUG);
+		unset($tpl);
+
+
+		// Set the symlink to enable the vhost
+		$rewrite_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/default.rewrites.conf';
+
+		if(!is_link($rewrite_symlink)) {
+			symlink($rewrites_file, $rewrite_symlink);
+			$app->log('Creating symlink for nginx rewrites: '.$rewrite_symlink.'->'.$rewrites_file, LOGLEVEL_DEBUG);
+		}
+	}
+
+	function rewrite_delete($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->rewrite_update($event_name, $data);
+	}
+
+
+	function _getRewriteRules($app)
+	{
+		$rules = array();
+		$rules = $app->db->queryAllRecords("SELECT rewrite_url_src, rewrite_url_dst FROM proxy_reverse ORDER BY rewrite_id ASC");
+		return $rules;
+	}
+
+} // end class
+
+?>

docs/under_development/CHROOTED_DEBIAN_5.0.txt

+#!/bin/sh
+#
+# rev 0.6
+#
+# dxr@brutalsec.net
+#    01-09-2009
+#
+# We can create a script for configure chroot environment but,
+# YOU MUST UNDERSTAND HOW TO WORK IT for can solve possible 
+# problems in the future.
+# 
+# Every service has its own chroot environment:
+# BIND -> chroot
+# Apache -> chroot
+# Dovecot -> chroot
+# Pureftpd -> Apache's chroot
+# 
+# Only apache and php packages aren't installed in real system,
+# only in chroot environment with symbolic links from real system.
+# 
+# PLEASE, CONFIGURE CHROOT ENVIROMENT IF SECURITY IS REALLY 
+# IMPORTANT FOR YOU AND YOU KNOWN HOW TO WORK IT!
+#
+
+exit 1
+
+1. BACKUP before changing anything on the system
+2. Create partitions
+3. Remove possible Apache or PHP installations on real system
+4. Prepare Chroot environment
+5. Linking Webserver aplication from real system
+6. mini_sendmail
+7. Test services
+8. Howto install ispconfig3
+9. Migration
+
+
+1. BACKUP before changing anything on the system 
+# If is not a new installation, then
+
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+
+
+2. Create partitions
+
+/var/www/ Chroot partition (ext3)
+/var/www/html/ Chroot system
+/var/www/html/var/log/apache2 Log partition (ext3)
+/var/www/html/var/www/html Webs partition (xfs)
+/var/www/html/tmp Temporal dir (tmpfs, options: )
+
+/dev/lvm_foobar1/chroot_lv      -> /var/www/ (ext3)
+/dev/lvm_foobar2/apachelogs_lv  -> /var/www/html/var/log/apache2 (ext3)
+/dev/lvm_foobar3/hosting_lv     -> /var/www/html/var/www/html (xfs)
+
+mount /dev/lvm_foobar1/chroot_lv /var/www/
+mkdir -p /var/www/html/var/log/apache2 /var/www/html/var/www/html
+mount /dev/lvm_foobar2/apachelogs_lv /var/www/html/var/log/apache2
+mount /dev/lvm_foobar3/hosting_lv /var/www/html/var/www/html
+
+
+3. Remove possible Apache or PHP installations on real system
+# We never wont install apache or php in non-chroot system, if we have installed, we only have do a backup of configurations, uninstall, and check every symbolic link
+dpkg -l|egrep --color -i 'apache|php'
+
+
+4. Prepare Chroot environment
+
+# Install packages in real system
+apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support patch make gcc mysql-server subversion ssh openssh-server ntp ntpdate vim libdbd-mysql libdbi-perl dnsutils
+# The non webserver will install outside of chroot
+apt-get install postfix postfix-mysql postfix-doc mysql-client openssl getmail4 rkhunter amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl pure-ftpd-common pure-ftpd-mysql quota quotatool
+# If you will use courier:
+apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql courier-maildrop
+# If you will use dovecot:
+#apt-get install dovecot-imapd dovecot-pop3d
+# If you will use BIND:
+apt-get install bind9 bind9utils
+
+#
+# If we want execute php from real system (crontabs for example) we need install php dependencies in real system:
+# libgd2-xpm libt1-5 libmagick10 libc-client2007b libmcrypt4
+# cat /var/log/ispconfig/cron.log
+# ldd /usr/lib/php5/20060613/mcrypt.so
+#
+
+time debootstrap --arch=amd64 lenny /var/www/html/ ftp://ftp.fr.debian.org/debian/
+
+echo "/proc         /var/www/html/proc               proc           defaults        0       0">>/etc/fstab
+echo "devpts      /var/www/html/dev/pts            devpts         defaults        0       0">>/etc/fstab
+
+mount -a
+
+# We must create sshusers group
+echo "@sshusers       -       chroot  /var/www/html/">>/etc/security/limits.conf
+
+chroot /var/www/html apt-get update
+chroot /var/www/html apt-get install fakeroot --force-yes -y
+chroot /var/www/html apt-get install locales
+chroot /var/www/html dpkg-reconfigure locales
+
+mv /usr/lib/apache2 /usr/lib/apache2_old
+mv /var/log/apache2 /var/log/apache2_old
+mv /var/lock/apache2 /var/lock/apache2_old
+mv /var/lib/apache2 /var/lib/apache2_old
+mv /usr/lib/php5 /usr/lib/php5_old
+mv /etc/apache2 /etc/apache2_old
+mv /etc/suphp /etc/suphp_old
+
+chroot /var/www/html apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-chroot php-apc libtimedate-perl
+
+chroot /var/www/html /etc/init.d/apache2 stop
+
+chroot /var/www/html a2enmod mod_chroot
+chroot /var/www/html a2enmod suexec
+echo "ChrootDir /var/www/html" > /var/www/html/etc/apache2/conf.d/mod_chroot.conf
+sed -i -e 's#DocumentRoot /var/www/#DocumentRoot /var/www/html/#' /var/www/html/etc/apache2/sites-enabled/000-default
+sed -i -e 's#x-httpd-php=php:/usr/bin/php-cgi#x-httpd-php=php:/usr/bin/php-cgi\nx-httpd-suphp=php:/usr/bin/php-cgi\nx-httpd-php=php:/usr/bin/php-cgi#' /var/www/html/etc/suphp/suphp.conf
+sed -i -e 's#/var/run/apache2.pid#/var/run/apache2/apache2.pid#' /var/www/html/etc/apache2/envvars
+sed -i -e 's/^"syntax on/syntax on/' /etc/vim/vimrc
+sed -i -e 's/^"syntax on/syntax on/' /var/www/html/etc/vim/vimrc
+
+# Protect apache configuration. ONLY root can read it
+chown root:root /var/www/html/etc/apache2/ && chmod 700 /var/www/html/etc/apache2/
+chmod 711 /var/www/html/etc/php5/
+
+
+5. # Is good idea to add Nagios alarm for check every symbolic link is correct.
+ln -s /var/www/html/etc/apache2 /etc/apache2
+ln -s /var/www/html/etc/suphp /etc/suphp
+ln -s /var/www/html/var/run/apache2 /var/run/apache2
+ln -s /var/www/html/var/run/apache2.pid /var/run/apache2.pid
+ln -s /var/www/html/usr/sbin/apache2ctl /usr/sbin/apache2ctl
+ln -s /var/www/html/usr/sbin/apache2 /usr/sbin/apache2
+ln -s /var/www/html/usr/lib/apache2 /usr/lib/apache2
+ln -s /var/www/html/usr/sbin/a2enmod /usr/sbin/a2enmod
+ln -s /var/www/html/usr/sbin/a2dismod /usr/sbin/a2dismod
+ln -s /var/www/html/usr/sbin/a2ensite /usr/sbin/a2ensite
+ln -s /var/www/html/usr/sbin/a2dissite /usr/sbin/a2dissite
+ln -s /var/www/html/var/log/apache2 /var/log/apache2
+ln -s /var/www/html/var/lock/apache2 /var/lock/apache2
+ln -s /var/www/html/var/lib/apache2 /var/lib/apache2
+ln -s /var/www/html/usr/lib/php5 /usr/lib/php5
+ln -s /var/www/html/etc/init.d/apache2 /etc/init.d/apache2
+# Neccessary for to install ispconfig3 from real system:
+ln -s /var/www/html/usr/bin/php5 /usr/bin/php5
+ln -s /var/www/html/etc/alternatives/php /etc/alternatives/php
+ln -s /var/www/html/usr/bin/php /usr/bin/php
+ln -s /var/www/html/etc/php5 /etc/php5
+
+6. # Install mini_sendmail for chroot
+# We can use mini_sendmail for delivery emails directy in remote servers, but i prefer to control it in central mailserver for check spammers and limit it.
+
+cd /tmp/
+wget http://acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
+tar xzf mini_sendmail-1.3.6.tar.gz
+wget http://users1.leipzig.freifunk.net/%7Efirmware-build/brcm_2_4_Broadcom_default/build/openwrt_packages/mail/mini_sendmail/patches/200-fullname.patch
+patch -p0 < 200-fullname.patch
+cd mini_sendmail-1.3.6
+make
+# 2e555b2573c3ea65a467a5960f0b51f6  mini_sendmail
+mv /var/www/html/usr/lib/sendmail /var/www/html/usr/lib/sendmail_old
+mv /var/www/html/usr/sbin/sendmail /var/www/html/usr/sbin/sendmail_old
+cp mini_sendmail /var/www/html/usr/sbin/mini_sendmail
+cd /var/www/html/usr/lib/ && ln -s ../sbin/mini_sendmail sendmail
+cd /var/www/html/usr/sbin && ln -s mini_sendmail sendmail
+
+# ./mini_sendmail -h
+# usage:  ./mini_sendmail [-f<name>] [-t] [-s<server>] [-p<port>] [-T<timeout>] [-v] [address ...]
+
+#add to php.ini (/var/www/html/etc/php5/apache2/php.ini /var/www2/etc/php5/cli/php.ini /var/www2/etc/php5/cgi/php.ini line :672)
+# sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+
+sed -i -e 's#^;sendmail_path =$#sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1#' /var/www/html/etc/php5/apache2/php.ini /var/www/html/etc/php5/cli/php.ini /var/www/html/etc/php5/cgi/php.ini
+
+
+7. 
+# Test
+apache2ctl restart
+
+# php -i|grep --color sendmail
+#sendmail_from => no value => no value
+#sendmail_path => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1 => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+#Path to sendmail => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+
+# Sould be good idea check /var/www/html/usr/lib/sendmail /var/www/html/usr/sbin/sendmail and /var/www/html/usr/sbin/mini_sendmail with nagios alarm ;)
+
+
+8. Install ispconfig ........
+
+cd /tmp/
+svn co svn://svn.ispconfig.org/ispconfig3 svn.ispconfig.org
+
+mv /usr/local/ispconfig /var/www/html/usr/local/
+ln -s /var/www/html/usr/local/ispconfig /usr/local/ispconfig
+mv /var/www/apps /var/www/html/var/www/
+mv /var/www/php-fcgi-scripts /var/www/html/var/www/
+mv /var/www/ispconfig /var/www/html/var/www/
+ln -s /var/www/html//var/www/ispconfig /var/www/ispconfig
+ln -s /var/www/html/var/www/php-fcgi-scripts /var/www/php-fcgi-scripts
+ln -s /var/www/html/var/www/apps /var/www/apps
+# After copy, we must clean unnecessary users and groups
+cp -r /etc/{passwd,group,apt} /var/www/html/etc/
+apache2ctl stop
+apache2ctl start
+
+
+### Migration to other server ###
+Really easy:
+
+Do step 1
+
+And after do a simple rsync:
+
+screen
+time rsync -a --progress root@host1:/var/www/ /var/www/
+
+# Install some apache's dependencies
+apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support
+
+Do step 5
+Do step 6
+

docs/under_development/DEV_CHROOTED_DEBIAN_5.0.txt

+
+
+Setting up a chrooted ispconfig 3 installation
+--------------------------------------------------------------------
+
+# Follow the steps 1 - 8 of the INSTALL_DEBIAN_5.0 Guide, then proceed
+# with the steps below.
+# 
+# This guide is experimental as there are a few changes necessary in
+# ispconfig to get it working. These changes will be part of ISPConfig 3.0.2
+
+# Install packages
+
+apt-get install debootstrap libapache2-mod-chroot
+
+# Create the chroot environment
+
+debootstrap lenny /var/www/ ftp://ftp.fr.debian.org/debian/
+
+# Add mountpoints for the chroot env into the fstab file
+
+echo "/proc         /var/www/proc               proc           defaults        0       0">>/etc/fstab
+echo "devpts      /var/www/dev/pts            devpts         defaults        0       0">>/etc/fstab
+
+# mount all the filesystems
+
+mount -a
+
+# add a default chroot dir for all users of the sshusers group
+
+echo "@sshusers       -       chroot  /var/www/">>/etc/security/limits.conf
+
+# copy passwd and group files to the chroot env
+
+cp -rf /etc/apt /etc/passwd /etc/group /var/www/etc/ # Cleaning unnecessary users and groups
+
+# Create symlinks
+
+cd /var/www/var/
+rm -rf /var/www/var/www
+ln -s / www
+
+# Enter the chroot
+
+chroot /var/www
+
+# Update files in the chroot environment and install some packages.
+# You can ignore warnings about locales, we will fix them in the next step.
+
+apt-get update
+apt-get install fakeroot --force-yes -y
+apt-get install locales
+
+# Reconfigure locales. Select e.g the en_US* locales.
+
+dpkg-reconfigure locales
+
+# run a dist-upgrade
+
+fakeroot apt-get dist-upgrade
+
+# Install Apache and PHP in the chroot environment
+
+apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby
+/etc/init.d/apache2 stop
+
+# Exit the chroot
+
+exit
+
+# Moving the apache configuration is not necessary, as Apache reads
+# the config files before it moves into the chroot
+# rm -rf /var/www/etc/apache2
+# mv -f /etc/apache2 /var/www/etc/
+# ln -s /var/www/etc/apache2 /etc/apache2
+
+rm -rf /var/www/etc/php5/cgi/
+mv -f /etc/php5/cgi/ /var/www/etc/php5/
+ln -s /var/www/etc/php5/cgi /etc/php5/
+
+rm -rf /var/www/etc/php5/apache2/
+mv -f /etc/php5/apache2/ /var/www/etc/php5/
+ln -s /var/www/etc/php5/apache2 /etc/php5/
+
+ln -s /var/www/var/run/apache2.pid /var/run/apache2.pid
+
+# enable mod_chroot
+
+a2enmod mod_chroot
+echo "ChrootDir /var/www" > /etc/apache2/conf.d/mod_chroot.conf
+
+# Start apache
+
+/etc/init.d/apache2 start
+
+# Install ISPConfig
+
+cd /tmp
+wget https://www.ispconfig.org/downloads/ISPConfig-3.0.1.4-beta-2.tar.gz
+tar xvfz ISPConfig-3.0.1.4-beta-2.tar.gz
+cd ispconfig3_install/install/
+php -q install.php
+cd /tmp/
+rm -rf ispconfig3_install
+rm -f ISPConfig-3.0.1.4-beta-2.tar.gz
+
+# Move the ispconfig interface part to the chroot environment and create a symlink
+
+mkdir /var/www/usr/local/ispconfig
+chown ispconfig:ispconfig /var/www/usr/local/ispconfig
+chmod 750 /var/www/usr/local/ispconfig
+mv /usr/local/ispconfig/interface /var/www/usr/local/ispconfig/
+ln -s /var/www/usr/local/ispconfig/interface /usr/local/ispconfig/interface
+chroot /var/www adduser www-data ispconfig
+
+# Create a link for the MySQL socket
+
+ln /var/run/mysqld/mysqld.sock /var/www/var/run/mysqld/mysqld.sock
+
+# As an alternative to making a hardlink to the MySQL socket, 
+# change the my.cnf file in the chroot to use TCP sockets.
+# This is more secure but a bit slower than using the mysqld.sock file.
+
+# Restart Apache
+
+/etc/init.d/apache2 restart
+
+
+

helper_scripts/dns_export_to_bind_retrans_daily.php

+<?php
+$host="IP_ADDRESS";
+$user="USERNAME";
+$password="PASSWORD";
+mysql_connect($host, $user, $password) or die(mysql_error());
+mysql_select_db("dbispconfig");
+$result = "";
+$result = mysql_query("SELECT origin FROM dns_soa ORDER BY origin ASC;");
+while($row = mysql_fetch_array($result))
+{
+	$zone=substr($row["origin"], 0, -1);
+	system("rndc retransfer ".$zone);
+}
+?>