docs/old_server_plugins/nginx_reverseproxy_plugin.inc.php

+<?php
+
+class nginx_reverseproxy_plugin {
+
+	var $plugin_name = 'nginx_reverseproxy_plugin';
+	var $class_name = 'nginx_reverseproxy_plugin';
+
+	// private variables
+	var $action = '';
+
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall() {
+		global $conf;
+
+		if(isset($conf['services']['proxy']) && $conf['services']['proxy'] == true && isset($conf['nginx']['installed']) && $conf['nginx']['installed'] == true) {
+			return true;
+		} else {
+			return false;
+		}
+
+	}
+
+
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+
+	function onLoad() {
+		global $app;
+
+		/*
+		Register for the events
+		*/
+
+		$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'ssl');
+		$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'ssl');
+		$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'ssl');
+
+		$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'insert');
+		$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'update');
+		$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'delete');
+
+		// $app->plugins->registerEvent('proxy_reverse_insert',$this->plugin_name,'rewrite_insert');
+		// $app->plugins->registerEvent('proxy_reverse_update',$this->plugin_name,'rewrite_update');
+		// $app->plugins->registerEvent('proxy_reverse_delete',$this->plugin_name,'rewrite_delete');
+
+
+
+	}
+
+
+	function insert($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->update($event_name, $data);
+	}
+
+
+	function update($event_name, $data) {
+		global $app, $conf;
+
+		if($this->action != 'insert') $this->action = 'update';
+
+		if($data['new']['type'] != 'vhost' && $data['new']['type'] != 'vhostsubdomain' && $data['new']['type'] != 'vhostalias' && $data['new']['parent_domain_id'] > 0) {
+
+			$old_parent_domain_id = intval($data['old']['parent_domain_id']);
+			$new_parent_domain_id = intval($data['new']['parent_domain_id']);
+
+			// If the parent_domain_id has been chenged, we will have to update the old site as well.
+			if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
+				$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
+				$data['new'] = $tmp;
+				$data['old'] = $tmp;
+				$this->action = 'update';
+				$this->update($event_name, $data);
+			}
+
+			// This is not a vhost, so we need to update the parent record instead.
+			$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
+			$data['new'] = $tmp;
+			$data['old'] = $tmp;
+			$this->action = 'update';
+		}
+
+
+
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+		// Create group and user, if not exist
+		$app->uses('system');
+
+		//* Create the vhost config file
+		$app->load('tpl');
+
+		$tpl = new tpl();
+		$tpl->newTemplate('nginx_reverseproxy_vhost.conf.master');
+
+		$vhost_data = $data['new'];
+		$vhost_data['config_dir'] = $config['nginx']['config_dir'];
+
+		$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
+		// Check if a SSL cert exists
+		$ssl_dir = $config['nginx']['config_dir'].'/ssl';
+		$domain = $data['new']['ssl_domain'];
+		$key_file = $ssl_dir.'/'.$domain.'.key';
+		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+		$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+
+		if($vhost_data['nginx_directives']) {
+			$vhost_data['nginx_directives'] = preg_replace("/\[IP\]/", $vhost_data['ip_address'], $vhost_data['nginx_directives']);
+		}
+
+
+		if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
+			$vhost_data['ssl_enabled'] = 1;
+			$app->log('Enable SSL for: '.$domain, LOGLEVEL_DEBUG);
+		} else {
+			$vhost_data['ssl_enabled'] = 0;
+			$app->log('Disable SSL for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+		if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
+
+
+		$tpl->setVar($vhost_data);
+
+
+
+		// get alias domains (co-domains and subdomains)
+		$aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);
+		$server_alias = array();
+		switch($data['new']['subdomain']) {
+		case 'www':
+			$server_alias[] .= 'www.'.$data['new']['domain'].' ';
+			break;
+		case '*':
+			$server_alias[] .= '*.'.$data['new']['domain'].' ';
+			break;
+		}
+		if(is_array($aliases)) {
+			foreach($aliases as $alias) {
+				switch($alias['subdomain']) {
+				case 'www':
+					$server_alias[] .= 'www.'.$alias['domain'].' '.$alias['domain'].' ';
+					break;
+				case '*':
+					$server_alias[] .= '*.'.$alias['domain'].' '.$alias['domain'].' ';
+					break;
+				default:
+					$server_alias[] .= $alias['domain'].' ';
+					break;
+				}
+				$app->log('Add server alias: '.$alias['domain'], LOGLEVEL_DEBUG);
+
+			}
+		}
+
+		//* If we have some alias records
+		if(count($server_alias) > 0) {
+			$server_alias_str = '';
+			$n = 0;
+
+			// begin a new ServerAlias line after 30 alias domains
+			foreach($server_alias as $tmp_alias) {
+				if($n % 30 == 0) $server_alias_str .= " ";
+				$server_alias_str .= $tmp_alias;
+			}
+			unset($tmp_alias);
+
+			$tpl->setVar('alias', trim($server_alias_str));
+		} else {
+			$tpl->setVar('alias', '');
+		}
+
+
+		$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost';
+		//* Make a backup copy of vhost file
+		copy($vhost_file, $vhost_file.'~');
+
+		//* Write vhost file
+		file_put_contents($vhost_file, $tpl->grab());
+		$app->log('Writing the vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
+		unset($tpl);
+
+
+		// Set the symlink to enable the vhost
+		$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost';
+		if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
+			symlink($vhost_file, $vhost_symlink);
+			$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+		}
+
+		// Remove the symlink, if site is inactive
+		if($data['new']['active'] == 'n' && is_link($vhost_symlink)) {
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+		}
+
+		if(!is_dir('/var/log/ispconfig/nginx/'.$data['new']['domain'])) $app->system->exec_safe('mkdir -p ?', '/var/log/ispconfig/nginx/'.$data['new']['domain']);
+
+		// remove old symlink and vhost file, if domain name of the site has changed
+		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_file);
+			$app->log('Removing file: '.$vhost_file, LOGLEVEL_DEBUG);
+
+			if(is_dir('/var/log/ispconfig/nginx/'.$data['old']['domain'])) $app->system->exec_safe('rm -rf ?', '/var/log/ispconfig/nginx/'.$data['old']['domain']);
+		}
+
+		// request a httpd reload when all records have been processed
+		$app->services->restartServiceDelayed('nginx', 'restart');
+
+		// Remove the backup copy of the config file.
+		if(@is_file($vhost_file.'~')) unlink($vhost_file.'~');
+
+
+		//* Unset action to clean it for next processed vhost.
+		$this->action = '';
+
+	}
+
+
+
+
+	// Handle the creation of SSL certificates
+	function ssl($event_name, $data) {
+		global $app, $conf;
+
+		if(!is_dir($conf['nginx']['config_dir'].'/ssl')) $app->system->exec_safe('mkdir -p ?', $conf['nginx']['config_dir'].'/ssl');
+		$ssl_dir = $conf['nginx']['config_dir'].'/ssl';
+		$domain = $data['new']['ssl_domain'];
+		$key_file = $ssl_dir.'/'.$domain.'.key.org';
+		$key_file2 = $ssl_dir.'/'.$domain.'.key';
+		$csr_file = $ssl_dir.'/'.$domain.'.csr';
+		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+
+
+		//* Save a SSL certificate to disk
+		if($data["new"]["ssl_action"] == 'save') {
+			$web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);
+
+			$src_ssl_dir = $web["document_root"]."/ssl";
+			//$domain = $data["new"]["ssl_domain"];
+			//$csr_file = $ssl_dir.'/'.$domain.".csr";
+			//$crt_file = $ssl_dir.'/'.$domain.".crt";
+			//$bundle_file = $ssl_dir.'/'.$domain.".bundle";
+			$app->system->exec_safe('rsync -v -e ssh root@?:? ?', $web['ip_address'], '~/'.$src_ssl_dir, $ssl_dir);
+
+			$app->log('Syncing SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+		//* Delete a SSL certificate
+		if($data['new']['ssl_action'] == 'del') {
+			//$ssl_dir = $data['new']['document_root'].'/ssl';
+			$domain = $data['new']['ssl_domain'];
+			$csr_file = $ssl_dir.'/'.$domain.'.csr';
+			$crt_file = $ssl_dir.'/'.$domain.'.crt';
+			$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+			unlink($csr_file);
+			unlink($crt_file);
+			unlink($bundle_file);
+			$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+
+	}
+
+
+	function delete($event_name, $data) {
+		global $app, $conf;
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+
+		if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {
+
+			//* This is a website
+			// Deleting the vhost file, symlink and the data directory
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_file);
+			$app->log('Removing vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
+
+
+
+			// Delete the log file directory
+			$vhost_logfile_dir = '/var/log/ispconfig/nginx/'.$data['old']['domain'];
+			if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir, '..')) $app->system->exec_safe('rm -rf ?', $vhost_logfile_dir);
+			$app->log('Removing website logfile directory: '.$vhost_logfile_dir, LOGLEVEL_DEBUG);
+
+		}
+	}
+
+	function rewrite_insert($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->update($event_name, $data);
+	}
+
+	function rewrite_update($event_name, $data) {
+		global $app, $conf;
+
+		$rules = $this->_getRewriteRules($app);
+
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+		$app->load('tpl');
+		$tpl = new tpl();
+		$tpl->newTemplate("nginx_reverseproxy_rewrites.conf.master");
+		if (!empty($rules))$tpl->setLoop('nginx_rewrite_rules', $rules);
+
+		$rewrites_file = $nginx_config['nginx_vhost_conf_dir'].'/default.rewrites.conf';
+		//* Make a backup copy of vhost file
+		copy($rewrites_file, $rewrites_file.'~');
+
+		//* Write vhost file
+		file_put_contents($rewrites_file, $tpl->grab());
+		$app->log('Writing the nginx rewrites file: '.$rewrites_file, LOGLEVEL_DEBUG);
+		unset($tpl);
+
+
+		// Set the symlink to enable the vhost
+		$rewrite_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/default.rewrites.conf';
+
+		if(!is_link($rewrite_symlink)) {
+			symlink($rewrites_file, $rewrite_symlink);
+			$app->log('Creating symlink for nginx rewrites: '.$rewrite_symlink.'->'.$rewrites_file, LOGLEVEL_DEBUG);
+		}
+	}
+
+	function rewrite_delete($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->rewrite_update($event_name, $data);
+	}
+
+
+	function _getRewriteRules($app)
+	{
+		$rules = array();
+		$rules = $app->db->queryAllRecords("SELECT rewrite_url_src, rewrite_url_dst FROM proxy_reverse ORDER BY rewrite_id ASC");
+		return $rules;
+	}
+
+} // end class
+
+?>

docs/under_development/CHROOTED_DEBIAN_5.0.txt

+#!/bin/sh
+#
+# rev 0.6
+#
+# dxr@brutalsec.net
+#    01-09-2009
+#
+# We can create a script for configure chroot environment but,
+# YOU MUST UNDERSTAND HOW TO WORK IT for can solve possible 
+# problems in the future.
+# 
+# Every service has its own chroot environment:
+# BIND -> chroot
+# Apache -> chroot
+# Dovecot -> chroot
+# Pureftpd -> Apache's chroot
+# 
+# Only apache and php packages aren't installed in real system,
+# only in chroot environment with symbolic links from real system.
+# 
+# PLEASE, CONFIGURE CHROOT ENVIROMENT IF SECURITY IS REALLY 
+# IMPORTANT FOR YOU AND YOU KNOWN HOW TO WORK IT!
+#
+
+exit 1
+
+1. BACKUP before changing anything on the system
+2. Create partitions
+3. Remove possible Apache or PHP installations on real system
+4. Prepare Chroot environment
+5. Linking Webserver aplication from real system
+6. mini_sendmail
+7. Test services
+8. Howto install ispconfig3
+9. Migration
+
+
+1. BACKUP before changing anything on the system 
+# If is not a new installation, then
+
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+
+
+2. Create partitions
+
+/var/www/ Chroot partition (ext3)
+/var/www/html/ Chroot system
+/var/www/html/var/log/apache2 Log partition (ext3)
+/var/www/html/var/www/html Webs partition (xfs)
+/var/www/html/tmp Temporal dir (tmpfs, options: )
+
+/dev/lvm_foobar1/chroot_lv      -> /var/www/ (ext3)
+/dev/lvm_foobar2/apachelogs_lv  -> /var/www/html/var/log/apache2 (ext3)
+/dev/lvm_foobar3/hosting_lv     -> /var/www/html/var/www/html (xfs)
+
+mount /dev/lvm_foobar1/chroot_lv /var/www/
+mkdir -p /var/www/html/var/log/apache2 /var/www/html/var/www/html
+mount /dev/lvm_foobar2/apachelogs_lv /var/www/html/var/log/apache2
+mount /dev/lvm_foobar3/hosting_lv /var/www/html/var/www/html
+
+
+3. Remove possible Apache or PHP installations on real system
+# We never wont install apache or php in non-chroot system, if we have installed, we only have do a backup of configurations, uninstall, and check every symbolic link
+dpkg -l|egrep --color -i 'apache|php'
+
+
+4. Prepare Chroot environment
+
+# Install packages in real system
+apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support patch make gcc mysql-server subversion ssh openssh-server ntp ntpdate vim libdbd-mysql libdbi-perl dnsutils
+# The non webserver will install outside of chroot
+apt-get install postfix postfix-mysql postfix-doc mysql-client openssl getmail4 rkhunter amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl pure-ftpd-common pure-ftpd-mysql quota quotatool
+# If you will use courier:
+apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql courier-maildrop
+# If you will use dovecot:
+#apt-get install dovecot-imapd dovecot-pop3d
+# If you will use BIND:
+apt-get install bind9 bind9utils
+
+#
+# If we want execute php from real system (crontabs for example) we need install php dependencies in real system:
+# libgd2-xpm libt1-5 libmagick10 libc-client2007b libmcrypt4
+# cat /var/log/ispconfig/cron.log
+# ldd /usr/lib/php5/20060613/mcrypt.so
+#
+
+time debootstrap --arch=amd64 lenny /var/www/html/ ftp://ftp.fr.debian.org/debian/
+
+echo "/proc         /var/www/html/proc               proc           defaults        0       0">>/etc/fstab
+echo "devpts      /var/www/html/dev/pts            devpts         defaults        0       0">>/etc/fstab
+
+mount -a
+
+# We must create sshusers group
+echo "@sshusers       -       chroot  /var/www/html/">>/etc/security/limits.conf
+
+chroot /var/www/html apt-get update
+chroot /var/www/html apt-get install fakeroot --force-yes -y
+chroot /var/www/html apt-get install locales
+chroot /var/www/html dpkg-reconfigure locales
+
+mv /usr/lib/apache2 /usr/lib/apache2_old
+mv /var/log/apache2 /var/log/apache2_old
+mv /var/lock/apache2 /var/lock/apache2_old
+mv /var/lib/apache2 /var/lib/apache2_old
+mv /usr/lib/php5 /usr/lib/php5_old
+mv /etc/apache2 /etc/apache2_old
+mv /etc/suphp /etc/suphp_old
+
+chroot /var/www/html apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-chroot php-apc libtimedate-perl
+
+chroot /var/www/html /etc/init.d/apache2 stop
+
+chroot /var/www/html a2enmod mod_chroot
+chroot /var/www/html a2enmod suexec
+echo "ChrootDir /var/www/html" > /var/www/html/etc/apache2/conf.d/mod_chroot.conf
+sed -i -e 's#DocumentRoot /var/www/#DocumentRoot /var/www/html/#' /var/www/html/etc/apache2/sites-enabled/000-default
+sed -i -e 's#x-httpd-php=php:/usr/bin/php-cgi#x-httpd-php=php:/usr/bin/php-cgi\nx-httpd-suphp=php:/usr/bin/php-cgi\nx-httpd-php=php:/usr/bin/php-cgi#' /var/www/html/etc/suphp/suphp.conf
+sed -i -e 's#/var/run/apache2.pid#/var/run/apache2/apache2.pid#' /var/www/html/etc/apache2/envvars
+sed -i -e 's/^"syntax on/syntax on/' /etc/vim/vimrc
+sed -i -e 's/^"syntax on/syntax on/' /var/www/html/etc/vim/vimrc
+
+# Protect apache configuration. ONLY root can read it
+chown root:root /var/www/html/etc/apache2/ && chmod 700 /var/www/html/etc/apache2/
+chmod 711 /var/www/html/etc/php5/
+
+
+5. # Is good idea to add Nagios alarm for check every symbolic link is correct.
+ln -s /var/www/html/etc/apache2 /etc/apache2
+ln -s /var/www/html/etc/suphp /etc/suphp
+ln -s /var/www/html/var/run/apache2 /var/run/apache2
+ln -s /var/www/html/var/run/apache2.pid /var/run/apache2.pid
+ln -s /var/www/html/usr/sbin/apache2ctl /usr/sbin/apache2ctl
+ln -s /var/www/html/usr/sbin/apache2 /usr/sbin/apache2
+ln -s /var/www/html/usr/lib/apache2 /usr/lib/apache2
+ln -s /var/www/html/usr/sbin/a2enmod /usr/sbin/a2enmod
+ln -s /var/www/html/usr/sbin/a2dismod /usr/sbin/a2dismod
+ln -s /var/www/html/usr/sbin/a2ensite /usr/sbin/a2ensite
+ln -s /var/www/html/usr/sbin/a2dissite /usr/sbin/a2dissite
+ln -s /var/www/html/var/log/apache2 /var/log/apache2
+ln -s /var/www/html/var/lock/apache2 /var/lock/apache2
+ln -s /var/www/html/var/lib/apache2 /var/lib/apache2
+ln -s /var/www/html/usr/lib/php5 /usr/lib/php5
+ln -s /var/www/html/etc/init.d/apache2 /etc/init.d/apache2
+# Neccessary for to install ispconfig3 from real system:
+ln -s /var/www/html/usr/bin/php5 /usr/bin/php5
+ln -s /var/www/html/etc/alternatives/php /etc/alternatives/php
+ln -s /var/www/html/usr/bin/php /usr/bin/php
+ln -s /var/www/html/etc/php5 /etc/php5
+
+6. # Install mini_sendmail for chroot
+# We can use mini_sendmail for delivery emails directy in remote servers, but i prefer to control it in central mailserver for check spammers and limit it.
+
+cd /tmp/
+wget http://acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
+tar xzf mini_sendmail-1.3.6.tar.gz
+wget http://users1.leipzig.freifunk.net/%7Efirmware-build/brcm_2_4_Broadcom_default/build/openwrt_packages/mail/mini_sendmail/patches/200-fullname.patch
+patch -p0 < 200-fullname.patch
+cd mini_sendmail-1.3.6
+make
+# 2e555b2573c3ea65a467a5960f0b51f6  mini_sendmail
+mv /var/www/html/usr/lib/sendmail /var/www/html/usr/lib/sendmail_old
+mv /var/www/html/usr/sbin/sendmail /var/www/html/usr/sbin/sendmail_old
+cp mini_sendmail /var/www/html/usr/sbin/mini_sendmail
+cd /var/www/html/usr/lib/ && ln -s ../sbin/mini_sendmail sendmail
+cd /var/www/html/usr/sbin && ln -s mini_sendmail sendmail
+
+# ./mini_sendmail -h
+# usage:  ./mini_sendmail [-f<name>] [-t] [-s<server>] [-p<port>] [-T<timeout>] [-v] [address ...]
+
+#add to php.ini (/var/www/html/etc/php5/apache2/php.ini /var/www2/etc/php5/cli/php.ini /var/www2/etc/php5/cgi/php.ini line :672)
+# sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+
+sed -i -e 's#^;sendmail_path =$#sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1#' /var/www/html/etc/php5/apache2/php.ini /var/www/html/etc/php5/cli/php.ini /var/www/html/etc/php5/cgi/php.ini
+
+
+7. 
+# Test
+apache2ctl restart
+
+# php -i|grep --color sendmail
+#sendmail_from => no value => no value
+#sendmail_path => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1 => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+#Path to sendmail => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+
+# Sould be good idea check /var/www/html/usr/lib/sendmail /var/www/html/usr/sbin/sendmail and /var/www/html/usr/sbin/mini_sendmail with nagios alarm ;)
+
+
+8. Install ispconfig ........
+
+cd /tmp/
+svn co svn://svn.ispconfig.org/ispconfig3 svn.ispconfig.org
+
+mv /usr/local/ispconfig /var/www/html/usr/local/
+ln -s /var/www/html/usr/local/ispconfig /usr/local/ispconfig
+mv /var/www/apps /var/www/html/var/www/
+mv /var/www/php-fcgi-scripts /var/www/html/var/www/
+mv /var/www/ispconfig /var/www/html/var/www/
+ln -s /var/www/html//var/www/ispconfig /var/www/ispconfig
+ln -s /var/www/html/var/www/php-fcgi-scripts /var/www/php-fcgi-scripts
+ln -s /var/www/html/var/www/apps /var/www/apps
+# After copy, we must clean unnecessary users and groups
+cp -r /etc/{passwd,group,apt} /var/www/html/etc/
+apache2ctl stop
+apache2ctl start
+
+
+### Migration to other server ###
+Really easy:
+
+Do step 1
+
+And after do a simple rsync:
+
+screen
+time rsync -a --progress root@host1:/var/www/ /var/www/
+
+# Install some apache's dependencies
+apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support
+
+Do step 5
+Do step 6
+

docs/under_development/DEV_CHROOTED_DEBIAN_5.0.txt

+
+
+Setting up a chrooted ispconfig 3 installation
+--------------------------------------------------------------------
+
+# Follow the steps 1 - 8 of the INSTALL_DEBIAN_5.0 Guide, then proceed
+# with the steps below.
+# 
+# This guide is experimental as there are a few changes necessary in
+# ispconfig to get it working. These changes will be part of ISPConfig 3.0.2
+
+# Install packages
+
+apt-get install debootstrap libapache2-mod-chroot
+
+# Create the chroot environment
+
+debootstrap lenny /var/www/ ftp://ftp.fr.debian.org/debian/
+
+# Add mountpoints for the chroot env into the fstab file
+
+echo "/proc         /var/www/proc               proc           defaults        0       0">>/etc/fstab
+echo "devpts      /var/www/dev/pts            devpts         defaults        0       0">>/etc/fstab
+
+# mount all the filesystems
+
+mount -a
+
+# add a default chroot dir for all users of the sshusers group
+
+echo "@sshusers       -       chroot  /var/www/">>/etc/security/limits.conf
+
+# copy passwd and group files to the chroot env
+
+cp -rf /etc/apt /etc/passwd /etc/group /var/www/etc/ # Cleaning unnecessary users and groups
+
+# Create symlinks
+
+cd /var/www/var/
+rm -rf /var/www/var/www
+ln -s / www
+
+# Enter the chroot
+
+chroot /var/www
+
+# Update files in the chroot environment and install some packages.
+# You can ignore warnings about locales, we will fix them in the next step.
+
+apt-get update
+apt-get install fakeroot --force-yes -y
+apt-get install locales
+
+# Reconfigure locales. Select e.g the en_US* locales.
+
+dpkg-reconfigure locales
+
+# run a dist-upgrade
+
+fakeroot apt-get dist-upgrade
+
+# Install Apache and PHP in the chroot environment
+
+apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby
+/etc/init.d/apache2 stop
+
+# Exit the chroot
+
+exit
+
+# Moving the apache configuration is not necessary, as Apache reads
+# the config files before it moves into the chroot
+# rm -rf /var/www/etc/apache2
+# mv -f /etc/apache2 /var/www/etc/
+# ln -s /var/www/etc/apache2 /etc/apache2
+
+rm -rf /var/www/etc/php5/cgi/
+mv -f /etc/php5/cgi/ /var/www/etc/php5/
+ln -s /var/www/etc/php5/cgi /etc/php5/
+
+rm -rf /var/www/etc/php5/apache2/
+mv -f /etc/php5/apache2/ /var/www/etc/php5/
+ln -s /var/www/etc/php5/apache2 /etc/php5/
+
+ln -s /var/www/var/run/apache2.pid /var/run/apache2.pid
+
+# enable mod_chroot
+
+a2enmod mod_chroot
+echo "ChrootDir /var/www" > /etc/apache2/conf.d/mod_chroot.conf
+
+# Start apache
+
+/etc/init.d/apache2 start
+
+# Install ISPConfig
+
+cd /tmp
+wget https://www.ispconfig.org/downloads/ISPConfig-3.0.1.4-beta-2.tar.gz
+tar xvfz ISPConfig-3.0.1.4-beta-2.tar.gz
+cd ispconfig3_install/install/
+php -q install.php
+cd /tmp/
+rm -rf ispconfig3_install
+rm -f ISPConfig-3.0.1.4-beta-2.tar.gz
+
+# Move the ispconfig interface part to the chroot environment and create a symlink
+
+mkdir /var/www/usr/local/ispconfig
+chown ispconfig:ispconfig /var/www/usr/local/ispconfig
+chmod 750 /var/www/usr/local/ispconfig
+mv /usr/local/ispconfig/interface /var/www/usr/local/ispconfig/
+ln -s /var/www/usr/local/ispconfig/interface /usr/local/ispconfig/interface
+chroot /var/www adduser www-data ispconfig
+
+# Create a link for the MySQL socket
+
+ln /var/run/mysqld/mysqld.sock /var/www/var/run/mysqld/mysqld.sock
+
+# As an alternative to making a hardlink to the MySQL socket, 
+# change the my.cnf file in the chroot to use TCP sockets.
+# This is more secure but a bit slower than using the mysqld.sock file.
+
+# Restart Apache
+
+/etc/init.d/apache2 restart
+
+
+

helper_scripts/cert_check.sh

+#!/bin/bash
+
+chkdata() {
+	F=$1
+	CRT=$2
+	KEY=$3
+	if [[ "$CRT" != "" && "$KEY" != "" ]] ; then
+		if [[ ! -f "$CRT" ]] ; then
+			echo "[WARN] CERTIFICATE FILE ${CRT} MISSING FOR ${F}" ;
+		else 
+			echo -n "Checking ${CRT}" ;
+			CHK=$(openssl x509 -in "${CRT}" -text -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		if [[ ! -f "$KEY" ]] ; then
+			echo "[WARN] KEY FILE ${KEY} MISSING FOR ${F}" ;
+		else
+			echo -n "Checking ${KEY}" ;
+			CHK=$(openssl rsa -in "${KEY}" -check -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+	
+		if [[ -f "$CRT" && -f "$KEY" ]] ; then
+			echo -n "Checking that key and certificate match";
+			MDCRT=$(openssl x509 -noout -modulus -in "${CRT}" | openssl md5) ;
+			MDKEY=$(openssl rsa -noout -modulus -in "${KEY}" | openssl md5) ;
+			if [[ "$MDCRT" != "$MDKEY" ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		echo "---" ;
+	elif [[ "$CRT" != ""  || "$KEY" != "" ]] ; then
+		echo "[WARN] Check SSL config of ${F}";
+		echo "---" ;
+	fi
+}
+
+if [[ -d /etc/apache2/sites-enabled ]] ; then
+	echo "Checking enabled apache vhosts" ;
+	for FIL in /etc/apache2/sites-enabled/* ; do
+		CRT=$(grep 'SSLCertificateFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=$(grep 'SSLCertificateKeyFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
+
+if [[ -d /etc/nginx/sites-enabled ]] ; then
+	echo "Checking enabled nginx vhosts" ;
+	for FIL in /etc/nginx/sites-enabled/* ; do
+		CRT=$(grep 'ssl_certificate' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		CRT=${CRT%;}
+		KEY=$(grep 'ssl_certificate_key' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=${KEY%;}
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
\ No newline at end of file

helper_scripts/debian_setup.sh

+#!/bin/sh
+
+apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4
+
+apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
+
+modprobe capability
+echo 'capability' >> /etc/modules
+
+apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
+
+echo 'yes' > /etc/pure-ftpd/conf/DontResolve
+
+apt-get install mydns-mysql
+
+apt-get install vlogger webalizer
+
+php -q ../install/install.php

helper_scripts/dns_export_to_bind.php

+<?php
+$host="IP_ADDRESS";
+$user="USERNAME";
+$password="PASSWORD";
+mysql_connect($host, $user, $password) or die(mysql_error());
+mysql_select_db("dbispconfig");
+$result = "";
+$result = mysql_query("SELECT id,origin,ns,ttl,mbox,serial,refresh,retry,expire,minimum FROM dns_soa;");
+function hostname2ipfunktion($tmp1, $timeout = 1)
+{
+	if ($tmp1 == 0)
+	{
+		$query = `nslookup -timeout=$timeout -retry=0 $tmp1`;
+		if(preg_match('/\nAddress: (.*)\n/', $query, $matches))
+			return trim($matches[1]);
+		return $tmp1;
+	}
+}
+
+$serialsearch=date("Ymd");
+$resultx12 = mysql_query("SELECT origin,serial FROM dns_soa WHERE serial LIKE '$serialsearch%' ORDER BY origin ASC;");
+while ($rowx12=mysql_fetch_array($resultx12)) {
+	$zone=substr($rowx12["origin"], 0, -1);
+	$filename_x1="/var/cache/bind/".$zone;
+	if (file_exists($filename_x1)) {
+		$serialvergleich[$zone]=exec("grep \";Serial\" /var/cache/bind/$zone |cut -d\" \" -f1 | awk '{print $1}'");
+	}
+}
+
+while($row = mysql_fetch_array($result))
+{
+	//## Hier ALLES Aktivieren bei Primary Nameserver TEIL 1 #################################################################################
+	$varx11=substr($row["origin"], 0, -1);
+	$filename="/var/cache/bind/".$varx11;
+	if (file_exists($filename)) {
+		unlink("/var/cache/bind/$varx11");
+	}
+	$arr1[$x11]="zone \"$varx11\" in { type master; file \"$varx11\"; };\n";
+	$x11=$x11+1;
+	$result2 = mysql_query("select name,type,aux,data from dns_rr where zone=$row[id] and active='Y' ORDER BY name ASC;");
+	$arr3[0]="\$TTL ".$row['ttl']."\n@ IN SOA ".$row['ns']." ".$row['mbox']." (\n           ".$row['serial']." ;Serial\n"."         ".$row['refresh']." ;Refresh\n"."               ".$row['retry']." ;Retry\n"."           ".$row['expire']." ;Expire\n"."         ".$row['minimum']." ) ;Minimum\n\n";
+
+	$xx1=1;
+	while($row2 = mysql_fetch_row($result2))
+	{
+		$arr2[$xx1]=$row2['0']." IN ".$row2['1']." ";
+
+		if ($row2['2']>0)
+		{
+			$arr3[$xx1]=$arr2[$xx1].$row2['2']." ".$row2['3']."\n";
+		}
+		else
+		{
+			$arr3[$xx1]=$arr2[$xx1].$row2['3']."\n";
+		}
+		$xx1=$xx1+1;
+	}
+	$f = fopen("/var/cache/bind/$varx11", "a+");
+	foreach($arr3 as $values) fputs($f, $values);
+	fclose($f);
+	$arr2=array();
+	$arr3=array();
+	//## ENDE Primärer Nameserver TEIL 2 #####################################################################################################
+
+	//## Hier ALLES Aktivieren bei Secondary Nameserver ######################################################################################
+	//       $tmp1 = substr($row["ns"],0,-1);
+	//       $tmp2 = substr($row["origin"],0,-1);
+
+	//       if (!isset($dnscache[$tmp1])) $nsip = hostname2ipfunktion($tmp1) ;
+	//       else $nsip=$dnscache[$tmp1] ;
+
+	//               if ($nsip == $tmp1)
+	//               {
+	//               echo "$tmp2 $tmp1 Not a valid Nameserver";
+	//               echo "\n";
+	//               }
+	//               else
+	//               {
+	//               $dnscache[$tmp1]=$nsip;
+	//               $arr1[$x11]="zone \"".$tmp2."\" in { type slave; file \"".$tmp2."\"; masters {".$nsip."; }; };\n";
+	//               $x11=$x11+1;
+	//               }
+	//## ENDE Secondary Nameserver ###########################################################################################################
+}
+
+unlink("/etc/bind/named.conf.local");
+$fx = fopen("/etc/bind/named.conf.local", "a+");
+foreach($arr1 as $values) fputs($fx, $values);
+fclose($fx);
+system("rndc reconfig >/dev/null 2>&1");
+
+//## ANFANG Primärer Namerserver TEIL 2 ##################################################################################################
+$serialsearch=date("Ymd");
+$resultx13 = mysql_query("SELECT origin,serial FROM dns_soa WHERE serial LIKE '$serialsearch%' ORDER BY origin ASC;");
+while ($rowx13=mysql_fetch_array($resultx13)) {
+	$serial_ist=($rowx13["serial"]);
+	$zone=substr($rowx13["origin"], 0, -1);
+	//       echo "zone: ".$zone." ist: ".$serial_ist." vergleich: ".$serialvergleich[$zone]."\n";
+	if ($serialvergleich[$zone] != $serial_ist) {
+		$reload=system("rndc reload $zone >/dev/null 2>&1");
+	}
+}
+//## ENDE Primärer NamerserverTEIL 2 ######################################################################################################
+?>

helper_scripts/dns_export_to_bind_retrans_daily.php

+<?php
+$host="IP_ADDRESS";
+$user="USERNAME";
+$password="PASSWORD";
+mysql_connect($host, $user, $password) or die(mysql_error());
+mysql_select_db("dbispconfig");
+$result = "";
+$result = mysql_query("SELECT origin FROM dns_soa ORDER BY origin ASC;");
+while($row = mysql_fetch_array($result))
+{
+	$zone=substr($row["origin"], 0, -1);
+	system("rndc retransfer ".$zone);
+}
+?>

helper_scripts/fixcerts

+ #!/bin/bash
+#####################################################################################
+#                                                                                   #
+# Syntax: fixcerts DOMAIN                                                           #
+#                                                                                   #
+# Use: Extend Letsencrypt SSl certificates for commonly grouped services such as    #
+#       Apache,Postfix,Dovecot using Certbot. Useful for keeping all client         #
+#       applications referencing the same virtual domain name, such as auto-config  #
+#       email clients on phones, i.e. mailuser@mydomain.TLD smtp.mydomain.TLD       #
+#       imaps.mydomain.TLD instead of mailuser@mydomain.TLD mail.ISPmaildomain.TLD  #
+#       Also useful when sending mail through services like Gmail that will         #
+#       validate sender through a negotiated TLS encrypted connection.              #
+#                                                                                   #
+#       Ex: sh fixcerts myhosteddomain.com                                          #
+#                                                                                   #
+# Prerequisites:                                                                    #
+#   - A Letsencrypt certificate for the DOMAIN must already exist                   #
+#   - A seperate certificate each for Dovecot and Postfix were previously generated #
+#   - All new host names to add MUST  already exist in DNS at least as a CNAME      #
+#   - Edit the Dovecot/Postfix conf to use the alternate certificate                #
+#   - Set the variable wr_file to a directory that certbot can read and write from  #
+#   - Set the dom_cert=,dv_cert=,pf_cert=,dv_file=, and pf_file= variables          #
+#                                                                                   #
+# In my case, I ran:                                                                #
+#   certbot certonly -webroot /usr/local/ispconfig/interface/acme -d dc.hrst.xyz    #
+#   certbot certonly -webroot /usr/local/ispconfig/interface/acme -d pf.hrst.xyz    #
+#   to create the separate Dovecot and Postscript certificates, then edited and     #
+#   ran the script to extend those certificate, once per hosted domain              #
+#                                                                                   #
+# If you use only one alternate certifcate for both mail services, set both dv_file #
+#     and pf_file to the same file name and set one of  _cert files=""  and         #
+#     use the other. If you don't wish to add to a particular certificate, set the  #
+#     variable ="", such as dom_cert                                                #
+# TODO: Pre-validate desired additions as already existing in DNS                   #
+#       Generate SRV Records and add to DNS to autoconfig clients                   #
+#                                                                                   #
+# Author: tad.hasse@gmail.com                                                       #
+#                                                                                   #
+#####################################################################################
+
+#bail out on error
+set -e
+
+# Hostnames to add to the main domain certificate
+dom_cert="webmail"
+
+# Hostnames to add to the Dovecot domain certificate
+dv_cert="pop3s imap"
+
+# Hostnames to add to the Postfix domain certificate
+pf_cert="mail smtp smtps"
+
+# Name of the certificate file that handles Dovecot
+dv_file="dc.hrst.xyz"
+
+# Name of the certificate file that handles Postfix
+pf_file="pf.hrst.xyz"
+
+# Writeable webroot for certbot (I use ISPConfig,
+wr_file="/usr/local/ispconfig/interface/acme"
+
+new_cert=""
+nanobot=""
+affected_services=""
+
+if [ -z "$1" ]                           # Is parameter #1 zero length?
+   then
+     echo "-No DOMAIN specified"          # Or no parameter passed.
+     exit 1
+   fi
+
+#live_check='/etc/letsencrypt/live/'$1
+if [[ ! -d '/etc/letsencrypt/live/'$1 ]]; then
+    echo "- DOMAIN certificate for \"$1\" not found -"
+    exit 1
+   fi
+
+if [[ ! -d '/etc/letsencrypt/live/'${dv_file} ]]; then
+    echo "- Dovecot/postoffice certificate" ${dv_file}" for \"$1\" not found -"
+    exit 1
+   fi
+
+if [[ ! -d '/etc/letsencrypt/live/'${pf_file} ]]; then
+    echo "- Postfix/mail certificate" ${pf_file}" for \"$1\" not found -"
+    exit 1
+   fi
+
+# Have certbot generate its current certificate list for use as input
+certbot certificates >~/certfile
+
+# Extend base domain certificate which typically only contains the domain.TLD and www.domain.TLD
+if [[ ! -z "${dom_cert}" ]]; then
+    echo
+    new_cert=$(echo $dom_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to "$1
+    nanobot=$(grep -A1 "Certificate Name: "$1 certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"A"
+else
+    echo "Domain Certificate unaffected"
+  fi
+
+# Extend the Dovecot certificate
+if [[ ! -z "${dv_cert}" ]]; then
+    echo
+    new_cert=$(echo $dv_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to "${dv_file}
+    nanobot=$(grep -A1 "Certificate Name: "${dv_file} certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"D"
+else
+    echo "Dovecot Certificate unaffected"
+  fi
+
+# Extend the Postscript certificate
+if [[ ! -z "{$pf_cert}" ]]; then
+    echo
+    new_cert=$(echo $pf_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to " ${pf_file}
+    nanobot=$(grep -A1 "Certificate Name: "${pf_file} certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"P"
+else
+    echo "Postfix Certificate unaffected"
+  fi
+
+  if [[ $affected_services == *"A"* ]]; then
+     echo "Remember to restart the httpd service"
+   fi
+  if [[ $affected_services == *"D"* ]]; then
+    echo "Remember to restart the dovecot/postoffice service"
+   fi
+  if [[ $affected_services == *"P"* ]]; then
+    echo "Remember to restart the postfix/sendmail  service"
+   fi
+
+echo
+echo
+echo "Add the following SRV records to DNS for client setup for "$1
+  if [[ $affected_services == *"D"* ]]; then
+    echo "_imaps._tcp."$1 "SRV 3600  4 60 993 imaps"
+    echo "_pop3s._tcp."$1 "SRV 3600  6 60 995 pop3s"
+    echo "_imap._tcp."$1 " SRV 3600  8 60 143 imap"
+  fi
+if [[ $affected_services == *"P"* ]]; then
+    echo "_smtps._tcp."$1 "SRV 3600  8 60 465 smtps"
+    echo "_smtp._tcp."$1 " SRV 3600 10 60 587 smtp"
+  fi
\ No newline at end of file

helper_scripts/import_dkim.php

+<?php
+
+/**
+ Copyright (c) 2015, Florian Schaal, schaal @it
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ */
+
+
+/* define your settings here */
+$username = 'admin';
+$password = 'admin';
+$soap_location = 'http://192.168.0.105:8080/remote/index.php';
+$soap_uri = 'http://192.168.0.105:8080/remote/';
+/* stop editing */
+
+
+error_reporting(E_ALL^ E_WARNING);
+
+exec('which amavisd-new 2> /dev/null', $tmp_output, $tmp_retval);
+if ($tmp_retval != 0) {
+	exec('which amavisd 2> /dev/null', $tmp_output, $tmp_retval);
+	if ($tmp_retval == 0) $amavis = $tmp_output[0];
+} else $amavis = $tmp_output[0];
+
+if (!isset($amavis)) die ("amavisd not found");
+
+
+echo "Importing dkim-settings from amavis.\n\nTo import the settings even when the public-key is not available, use ".$argv[0]." --force\nNOTE: In force-mode dkim will be set to 'no' if no public-key was found.\n\n";
+
+if ( isset($argv) && isset ($argv[1]) && $argv[1] == '--force' ) $force = true; else $force = false;
+
+$client = new SoapClient(null, array('location' => $soap_location,
+	'uri'      => $soap_uri,
+	'trace' => 1,
+	'exceptions' => 1));
+
+
+exec($amavis.' showkeys', $tmp_output, $tmp_retval);
+
+foreach ( $tmp_output as $line ) {
+	//* get domain and private key-file
+	if ( preg_match('#^; key#', $line) ) {
+		$line_array = explode(' ', $line);
+		if ( $line_array[2] = 'domain' ) {
+			$domain = rtrim($line_array[3], ',');
+			$private_keyfile = $line_array[4];
+			//* get the public-key from private-key
+			unset($public_key);
+			unset($pubkey);
+			unset($private_key);
+			$private_key = file_get_contents($private_keyfile);
+			if ( isset($private_key) && !empty($private_key)) {
+				exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
+				$public_key='';
+				foreach($pubkey as $values) $public_key=$public_key.$values."\n";
+			}
+		}
+	}
+
+	//* get selector
+	if ( isset($domain) ) {
+		if ( preg_match('/_domainkey.'.$domain.'.* TXT \(/', $line) ) {
+			$line_array = explode(' ', $line);
+			$selector = substr ( $line_array[0], 0, strpos($line_array[0], '.') );
+		}
+	}
+
+	if ( isset($domain) && isset($selector) && isset($private_keyfile) && isset($public_key) ) {
+		
+		try {
+			if ( !$session_id = $client->login($username, $password) ) {
+				echo 'SOAP-ERROR: Cant login';
+			}
+
+			echo "\nprocessing ".$domain."...\n";
+
+			$record = $client->mail_domain_get_by_domain($session_id, $domain);
+
+			if ( !empty($record) ) {
+				$record = $record[0];
+				echo "  OK: domain exists in the database\n";
+				//* check if the public-key is available
+				exec($amavis.' testkeys '.escapeshellarg($domain).'', $test_output, $test_retval);
+				$pub_key = false;
+				if ( preg_match('/^TESTING.*'.$selector.'._domainkey.'.$domain.'.*pass/',$test_output[0]) ) $pub_key = true;
+   				$client_id = $client->client_get_id($session_id, $record['sys_userid']);
+				unset($test_output);
+				if ( $pub_key ) {
+					$record['dkim_selector'] = $selector;
+					$record['dkim'] = 'y';
+					if ( preg_match("/(^-----BEGIN PUBLIC KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,221}(-----END PUBLIC KEY-----(\n|\r)?$)/", $record['dkim_public'] ) ) {
+						$record['dkim_public'] = $public_key;
+						echo "  OK: public key\n";
+					} else {
+						$record['dkim_public'] = '';
+						$record['dkim'] = 'n';
+						echo "  ERROR: public key invalid\n  disable dkim for ".$domain."\n";
+					}
+					if ( preg_match("/(^-----BEGIN RSA PRIVATE KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,850}(-----END RSA PRIVATE KEY-----(\n|\r)?$)/", $private_key) ) {
+						$record['dkim_private'] = $private_key;
+						echo "  OK: private key\n";
+					} else {
+						$record['dkim_private'] = '';
+						$record['dkim'] = 'n';
+						echo "  ERROR: private key invalid\n  disable dkim for ".$domain."\n";
+					}
+					$client->mail_domain_update($session_id, $client_id, $record['domain_id'], $record);
+					echo "  OK: updating database\n";
+				} else {
+					echo "  ERROR: no public-key available - skipping ".$domain."\n";
+				}
+			} else {
+				echo "  ERROR: domain not in the database - skipping ".$domain."\n";
+			}
+			$client->logout($session_id);
+		} catch (SoapFault $e) {
+			echo $client->__getLastResponse();
+			die('SOAP Error: '.$e->getMessage());
+		}
+		unset($domain);
+		unset($selector);
+	}
+}
+?>

helper_scripts/import_dkim.txt

+This scripts stores all dkim-keys from the amavis-config to the ispconfig-database
+
+Create a remote-user with at least rights for mail_domain and clients and adjust the settings for
+
+$username = 'admin';
+$password = 'admin';
+$soap_location = 'http://192.168.0.105:8080/remote/index.php';
+$soap_uri = 'http://192.168.0.105:8080/remote/';
+
+in import_dkim.php

helper_scripts/import_langfile.php

+<?php
+
+/*
+Copyright (c) 2007-2016, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require "/usr/local/ispconfig/interface/lib/config.inc.php";
+require "/usr/local/ispconfig/interface/lib/app.inc.php";
+
+set_time_limit(0);
+ini_set('error_reporting', E_ALL & ~E_NOTICE);
+
+//** Get commandline options
+$cmd_opt = getopt('', array('lng:','isppath::'));
+
+if(isset($cmd_opt['lng']) && is_file($cmd_opt['lng'])) {
+	// Language file that shall be imported
+	$lang_file = $cmd_opt['lng'];
+} else {
+	die('Usage example: php import_langfile.php --lng=de.lng --isppath=/usr/local/ispconfig'."\n");
+}
+
+if(isset($cmd_opt['isppath']) && is_dir($cmd_opt['isppath'])) {
+	$ispconfig_path = $cmd_opt['isppath'];
+} else {
+	$ispconfig_path = '/usr/local/ispconfig';
+}
+
+function normalize_string($string, $quote, $allow_special = false) {
+	$escaped = false;
+	$in_string = true;
+	$new_string = '';
+
+	for($c = 0; $c < mb_strlen($string); $c++) {
+		$char = mb_substr($string, $c, 1);
+
+		if($in_string === true && $escaped === false && $char === $quote) {
+			// this marks a string end (e.g. for concatenation)
+			$in_string = false;
+			continue;
+		} elseif($in_string === false) {
+			if($escaped === false && $char === $quote) {
+				$in_string = true;
+				continue;
+			} else {
+				continue; // we strip everything from outside the string!
+			}
+		}
+
+		if($char === '"' && $escaped === true && $quote === '"') {
+			// unescape this
+			$new_string .= $char;
+			$escaped = false;
+			continue;
+		} elseif($char === "'" && $escaped === false && $quote === '"') {
+			// escape this
+			$new_string .= '\\' . $char;
+			continue;
+		}
+
+		if($escaped === true) {
+			// the next character is the escaped one.
+			if($allow_special === true && ($char === 'n' || $char === 'r' || $char === 't')) {
+				$new_string .= '\' . "\\' . $char . '" . \'';
+			} else {
+				$new_string .= '\\' . $char;
+			}
+			$escaped = false;
+		} else {
+			if($char === '\\') {
+				$escaped = true;
+			} else {
+				$new_string .= $char;
+			}
+		}
+	}
+	return $new_string;
+}
+
+function validate_line($line) {
+	$line = trim($line);
+	if($line === '' || $line === '<?php' || $line === '?>') return $line; // don't treat empty lines as malicious
+
+	$ok = preg_match('/^\s*\$wb\[(["\'])(.*?)\\1\]\s*=\s*(["\'])(.*?)\\3\s*;\s*$/', $line, $matches);
+	if(!$ok) return false; // this line has invalid form and could lead to malfunction
+
+	$keyquote = $matches[1]; // ' or "
+	$key = $matches[2];
+	if(strpos($key, '"') !== false || strpos($key, "'") !== false) return false;
+
+	$textquote = $matches[3]; // ' or "
+	$text = $matches[4];
+
+	$new_line = '$wb[\'';
+
+	// validate the language key
+	$key = normalize_string($key, $keyquote);
+
+	$new_line .= $key . '\'] = \'';
+
+	// validate this text to avoid code injection
+	$text = normalize_string($text, $textquote, true);
+
+	$new_line .= $text . '\';';
+
+	return $new_line;
+}
+	
+$lines = file($lang_file);
+
+define('ISPC_ROOT_PATH', $ispconfig_path.'/interface');
+define('ISPC_LIB_PATH', ISPC_ROOT_PATH.'/lib');
+define('ISPC_WEB_PATH', ISPC_ROOT_PATH.'/web');
+
+// initial check
+$parts = explode('|', $lines[0]);
+if($parts[0] == '---' && $parts[1] == 'ISPConfig Language File') {
+	unset($lines[0]);
+
+	$buffer = '';
+	$langfile_path = '';
+	// all other lines
+	$ln = 1;
+	foreach($lines as $line) {
+		$ln++;
+		$parts = explode('|', $line);
+		if(is_array($parts) && count($parts) > 0 && $parts[0] == '--') {
+			// Write language file, if its not the first file
+			if($buffer != '' && $langfile_path != '') {
+				$buffer = trim($buffer)."\n";
+				$msg .= "File written: $langfile_path\n";
+				file_put_contents($langfile_path, $buffer);
+			}
+			// empty buffer and set variables
+			$buffer = '';
+			$module_name = trim($parts[1]);
+			$selected_language = trim($parts[2]);
+			$file_name = trim($parts[3]);
+			if(!preg_match("/^[a-z]{2}$/i", $selected_language)) die("unallowed characters in selected language name: $selected_language");
+			if(!preg_match("/^[a-z_]+$/i", $module_name)) die('unallowed characters in module name.');
+			if(!preg_match("/^[a-z\._\-]+$/i", $file_name) || stristr($file_name, '..')) die("unallowed characters in language file name: '$file_name'");
+			if($module_name == 'global') {
+				$langfile_path = trim(ISPC_LIB_PATH."/lang/".$selected_language.".lng");
+			} else {
+				$langfile_path = trim(ISPC_WEB_PATH.'/'.$module_name.'/lib/lang/'.$file_name);
+			}
+		} elseif(is_array($parts) && count($parts) > 1 && $parts[0] == '---' && $parts[1] == 'EOF') {
+			// EOF line, ignore it.
+		} else {
+			$line = validate_line($line);
+			if($line === false) $error .= "Language file contains invalid language entry on line $ln.\n";
+			else $buffer .= $line."\n";
+		}
+	}
+}
+
+echo $error;
+echo $msg;
+die("finished import.\n");
+
+?>

helper_scripts/multifile_add

+#!/bin/bash
+
+# Adding a new translation string to the files for all languages.
+# If you already added the string to your current language, be sure to deduplicate.
+
+new=$(cat << 'EOD'
+$wb['foo_txt'] = 'Some translation';
+EOD
+)
+
+if [ -z "$1" ]; then
+  echo "Usage: $0 <files>"
+  exit 1
+fi
+
+for f in $*; do
+	# Preserve a php close tag as the last line.
+	close='?>'
+	if [ "$(tail -n 1 $f)" == "$close" ]; then
+		(	
+			head -n -1 $f;
+			echo "$new";
+			echo "?>";
+		) > ${f}.new
+
+		mv ${f}.new $f
+			
+			
+	else
+		echo "$new" >> $f
+	fi
+done

helper_scripts/mydns_to_powerdns_migration.php

+<?php
+$host="localhost";
+$user="root";
+$password="MYSQL-ROOT-PASSWD";
+mysql_connect($host, $user, $password) or die(mysql_error());
+
+mysql_select_db("dbispconfig");
+$sql1 = mysql_query("SELECT id, substr(origin,1, LENGTH(origin)-1) AS origin, substr(ns,1, LENGTH(ns)-1) AS ns, substr(mbox,1, LENGTH(mbox)-1) AS mbox,ttl FROM dns_soa order by id asc;");
+mysql_select_db("powerdns");
+while($row1 = mysql_fetch_array($sql1))
+{
+	mysql_query("INSERT INTO domains (id,name,type,ispconfig_id) values ('$row1[id]','$row1[origin]','NATIVE','$row1[id]');");
+	mysql_query("INSERT INTO records (domain_id,name,content,ispconfig_id,type,ttl,prio,change_date) values ('$row1[id]','$row1[origin]','$row1[ns] $row1[mbox] 0','$row1[id]','SOA','$row1[ttl]','0','1260446221');");
+}
+
+mysql_select_db("dbispconfig");
+$sql2 = mysql_query("SELECT id,zone,name,data,aux,ttl,type FROM dns_rr order by id asc;");
+mysql_select_db("powerdns");
+while($row2 = mysql_fetch_array($sql2))
+{
+	if (strlen($row2['name']))
+	{
+		$file1=substr($row2['data'], -1);
+		if ($file1==".")
+		{
+			$text = $row2['data'];
+			$laenge = strlen($row2['data'])-1;
+			$file2 = substr($text, 0, strlen($text)-1);
+		}
+		else
+		{
+			$file2=$row2['data'];
+		}
+
+                //
+                // Fix for 'domain.ext.' apex notation
+                //
+                $record_name_end=substr($row2['name'], -1);
+                if ($record_name_end==".")
+                {
+                       // remove trailing dot from apex
+                       $record_name = substr($row2['name'], 0, strlen($row2['name'])-1);
+                }
+                else
+                {
+                       // add domain to make it a fqdn
+                       $record_name = $row2['name'] . "." . $row3['origin'];
+                }
+
+                print "$row2[name].$row3[origin]" . " $record_name\r\n"; 
+		mysql_select_db("dbispconfig");
+		$sql3 = mysql_query("SELECT substr(origin,1, LENGTH(origin)-1) AS origin FROM dns_soa where id=$row2[zone];");
+		$row3 = mysql_fetch_array($sql3);
+		mysql_select_db("powerdns");
+		mysql_query("INSERT INTO records (domain_id,name,content,ispconfig_id,type,ttl,prio,change_date) values ('$row2[zone]','$record_name','$file2','$row2[id]','$row2[type]','$row2[ttl]','$row2[aux]','1260446221');");
+	}
+	else
+	{
+		$file1=substr($row2['data'], -1);
+		if ($file1==".")
+		{
+			$text = $row2['data'];
+			$laenge = strlen($row2['data'])-1;
+			$file2 = substr($text, 0, strlen($text)-1);
+		}
+		else
+		{
+			$file2=$row2['data'];
+		}
+		mysql_select_db("dbispconfig");
+		$sql3 = mysql_query("SELECT substr(origin,1, LENGTH(origin)-1) AS origin FROM dns_soa where id=$row2[zone];");
+		$row3 = mysql_fetch_array($sql3);
+		mysql_select_db("powerdns");
+		mysql_query("INSERT INTO records (domain_id,name,content,ispconfig_id,type,ttl,prio,change_date) values ('$row2[zone]','$row3[origin]','$file2','$row2[id]','$row2[type]','$row2[ttl]','$row2[aux]','1260446221');");
+	}
+}
+
+mysql_select_db("powerdns");
+$sql4 = mysql_query("SELECT records.id,records.content,records.type,domains.name FROM records,domains where records.domain_id=domains.id and records.content NOT LIKE '%.%' and (records.type='CNAME' or records.type='NS' or records.type='MX') order by domain_id asc;");
+
+while($row4 = mysql_fetch_array($sql4))
+{
+	mysql_query("UPDATE records SET content = '$row4[content].$row4[name]' where id='$row4[id]';");
+}
+
+
+?>

helper_scripts/pdns-slave-zone-cleanup.sh

+#!/bin/bash
+#### Config ################################
+
+DBHOST="localhost"
+DBUSER="powerdns"
+DBPASS="password"
+DATABASE="powerdns"
+
+DEBUG="no"
+
+#### End of Config #########################
+
+REQUIRED_COMMANDS="
+mysql
+host
+grep
+awk
+tail
+"
+
+# print debug messages to STDERR
+function debug {
+        if [ "${DEBUG}" == "yes" ] ; then
+                echo "DEBUG: $@" >&2
+        fi
+}
+
+for CMD in ${REQUIRED_COMMANDS} ; do
+        CMDNAME=`echo ${CMD} | awk '{print toupper($1) }' | sed -e s@"-"@""@g`
+        export $(eval "echo ${CMDNAME}")=`which ${CMD} 2>/dev/null`
+        if [ -z "${!CMDNAME}" ] ; then
+                debug "Command: ${CMD} not found!"
+                exit 1
+        else
+                debug "Found command $(echo $CMDNAME) in ${!CMDNAME}"
+        fi
+done
+
+MYSQLCMD="${MYSQL} -h ${DBHOST} -u ${DBUSER} -p${DBPASS} --skip-column-name --silent -e"
+
+check() {
+	AUTH=`${HOST} -t SOA ${2} ${1} | ${TAIL} -n1 | ${GREP} "has no SOA record"`
+	if [ "${AUTH}" == "${2} has no SOA record" ]; then
+		debug "Server ${1} has no SOA for ${2} - removing zone..."
+		DOMAIN_ID=`${MYSQLCMD} "USE ${DATABASE}; SELECT id FROM domains WHERE name='${2}' AND type='SLAVE' AND master='${1}' LIMIT 1;"`
+		${MYSQLCMD} "USE ${DATABASE}; DELETE FROM records WHERE domain_id='${DOMAIN_ID}';"
+		${MYSQLCMD} "USE ${DATABASE}; DELETE FROM domains WHERE id='${DOMAIN_ID}';"
+	fi
+}
+
+MASTERS=(`${MYSQLCMD} "USE ${DATABASE}; SELECT DISTINCT ip FROM supermasters;"`)
+for m in "${MASTERS[@]}"; do
+	NAMES=(`${MYSQLCMD} "USE ${DATABASE}; SELECT name FROM domains WHERE type = 'SLAVE' AND master = '${m}';"`)
+	for d in "${NAMES[@]}"; do
+		check ${m} ${d}
+	done
+done

helper_scripts/recreate_webalizer_stats.php

+<?php
+
+//######################################################################################################
+// Re-Create webalizer statistics
+//######################################################################################################
+
+
+$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
+$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
+foreach($records as $rec) {
+	$domain = escapeshellcmd($rec["domain"]);
+	$logdir = escapeshellcmd($rec["document_root"].'/log');
+	$statsdir = escapeshellcmd($rec["document_root"].'/web/stats');
+	$webalizer = '/usr/bin/webalizer';
+
+	$webalizer_conf_main = '/etc/webalizer/webalizer.conf';
+	$webalizer_conf = escapeshellcmd($rec["document_root"].'/log/webalizer.conf');
+	exec("rm -rf $webalizer_conf");
+	if(!@is_file($webalizer_conf)) {
+		exec("cp $webalizer_conf_main $webalizer_conf");
+
+		setConfigVar($webalizer_conf, 'Incremental', 'yes');
+		setConfigVar($webalizer_conf, 'IncrementalName', $logdir.'/webalizer.current');
+		setConfigVar($webalizer_conf, 'HistoryName', $logdir.'/webalizer.hist');
+	}
+
+	if(!@is_dir($statsdir)) mkdir($statsdir);
+
+
+	echo "Remove stats dir $statsdir ...\n";
+	exec("rm -rf $statsdir/*");
+
+	echo "Re-Create stats for $domain...\n";
+	exec("for logfile in $logdir/*access*; do\n$webalizer -c $webalizer_conf -n $domain -s $domain -r $domain -q -T -p -o $statsdir ".'$logfile'."\ndone");
+	echo "done.\n";
+}
+
+die("finished.\n");
+?>

helper_scripts/setup_in_openvz/diff_openssl.cnf

+# diff openssl.cnf /usr/lib/ssl/openssl.cnf
+68c68
+< default_days	= 3653			# how long to certify for
+---
+> default_days	= 365			# how long to certify for
+125c125
+< countryName_default		= YOURCOUNTRY
+---
+> countryName_default		= AU
+130c130
+< stateOrProvinceName_default	= YOURPROVINCE
+---
+> stateOrProvinceName_default	= Some-State
+135c135
+< 0.organizationName_default	= YOURDOMAIN
+---
+> 0.organizationName_default	= Internet Widgits Pty Ltd
+142c142
+< organizationalUnitName_default	= ISP
+---
+> #organizationalUnitName_default	=
+145d144
+< commonName_default		= YOURHOSTNAME
+149d147
+< emailAddress_default		= postmaster@YOURDOMAIN

helper_scripts/setup_in_openvz/install_server.sh

+#!/bin/bash
+# Script to configuring an ispconfig3 server in a Debian VPS
+# by calocen [at] gmail [dot] com
+
+# getting some enviromment values
+myhostname=`hostname -f`
+mydomain=`hostname -d`
+myip=`hostname -i`
+[ ! -x /usr/bin/geoiplookup ] && apt-get --assume-yes install geoip-bin
+mycountry=`geoiplookup $myip | cut -f4 -d" " | cut -f1 -d","`
+myprovince=`geoiplookup $myip | cut -f5 -d" "`
+
+# reconfiguring webalizer, postfix
+# could be cool to modify here webalizer values
+dpkg-reconfigure -u webalizer
+postconf -e "myhostname =  $myhostname"
+postconf -e "mydestination =  $myhostname, localhost"
+echo $myhostname > /etc/mailname
+dpkg-reconfigure -u postfix
+
+# request new password
+oldpwd=`grep password /root/.my.cnf | tr "\t" " " | tr -s " " | cut -f3 -d" "`
+read -p "mysql password: [$oldpwd] " mysqlpwd
+[ -z $mysqlpwd ] && mysqlpwd=$oldpwd
+echo $mysqlpwd
+#read -p "Are you sure? (y/n) " sure
+## who said fear ##
+set -x
+mysqladmin -u root -p$oldpwd password $mysqlpwd
+mysqladmin -u root -p$mysqlpwd -h localhost password $mysqlpwd
+cat << EOF > /root/.my.cnf
+[client]
+password	= $mysqlpwd
+EOF
+chmod 600 /root/.my.cnf
+
+# changing mydns password
+mysql -e "SET PASSWORD FOR 'mydns'@'%' = PASSWORD( '$mysqlpwd' )"
+mysql -e "SET PASSWORD FOR 'mydns'@'localhost' = PASSWORD( '$mysqlpwd' )"
+cp -ax /etc/mydns.conf /etc/mydns.conf~
+sed s/$oldpwd/$mysqlpwd/g < /etc/mydns.conf~ > /etc/mydns.conf
+
+# enabling mydns
+mydns --create-tables > /tmp/mydns.sql
+mysql -e "CREATE DATABASE IF NOT EXISTS mydns ; USE mydns ; SOURCE /tmp/mydns.sql;"
+rm /tmp/mydns.*
+invoke-rc.d mydns restart
+
+# preparing server installation
+mv /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf~
+sed s/"YOURHOSTNAME"/"$myhostname"/g < /usr/local/bin/openssl.cnf |
+sed s/"YOURDOMAIN"/"$mydomain"/g | \
+sed s/"YOURCOUNTRY"/"$mycountry"/g | \
+sed s/"YOURPROVINCE"/"$myprovince"/g > /etc/ssl/openssl.cnf
+
+tar xfz /root/downloads/ISPConfig-3.0.0.7-beta.tar.gz -C /usr/local/src
+# here would be some stuff to update from SVN
+cd /usr/local/src/ispconfig3_install/install/
+php -q install.php
+
+

helper_scripts/setup_in_openvz/recreate_ssh_and_hostname.sh

+#!/bin/bash
+set -x
+echo "" > /etc/resolv.conf
+echo "" > /etc/hostname
+echo "" > /etc/mailname
+rm -f /etc/ssh/ssh_host_*
+cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
+#!/bin/bash
+ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
+ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
+dpkg-reconfigure -u webalizer
+postconf -e "myhostname =  $(hostname -f)"
+postconf -e "mydestination =  $(hostname -f), localhost"
+echo $(hostname -f) > /etc/mailname
+dpkg-reconfigure -u postfix
+rm -f \$0
+EOF
+chmod a+x /etc/rc2.d/S15ssh_gen_host_keys

helper_scripts/test_install_docker.sh

+#!/bin/sh
+
+# This script is used from .gitlab-ci.yml to do an automated installation inside a docker container for testing.
+
+if [ -f /usr/local/ispconfig/interface/lib/config.inc.php ]; then
+	echo "Found an existing configfile, bailing out!"
+  exit 1
+fi
+
+mysql_install_db
+service mysql start \
+&& echo "UPDATE mysql.user SET Password = PASSWORD('pass') WHERE User = 'root';" | mysql -u root \
+&& echo "UPDATE mysql.user SET plugin='mysql_native_password' where user='root';" | mysql -u root \
+&& echo "DELETE FROM mysql.user WHERE User='';" | mysql -u root \
+&& echo "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | mysql -u root \
+&& echo "DROP DATABASE IF EXISTS test;" | mysql -u root \
+&& echo "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" | mysql -u root \
+&& echo "FLUSH PRIVILEGES;" | mysql -u root
+sed -i "s/^hostname=server1.example.com$/hostname=$HOSTNAME/g" /root/ispconfig3_install/install/autoinstall.ini
+
+service mysql start && php -q $CI_PROJECT_DIR/install/install.php --autoinstall=/root/ispconfig3_install/install/autoinstall.ini