Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • ispconfig/ispconfig3
  • RealOpty/ispconfig3
  • Horfic/ispconfig3
  • kingcody/ispconfig3
  • mbethke/ispconfig3
  • harkman/ispconfig3
  • stefanheinen/ispconfig3
  • JanKraljic/ispconfig3
  • pulsweb/ispconfig3
  • kayyy/ispconfig3
  • mwacht/ispconfig3
  • schuetzm/ispconfig3
  • gbg/ispconfig3
  • jproxx/ispconfig3
  • Nilpo/ispconfig3
  • Cambra/ispconfig3
  • crackerizer/ispconfig3
  • simonswine/ispconfig3
  • zbuzanic/ispconfig3
  • alexalouit/ispconfig3
  • guilhermefilippo/ispconfig3
  • kotishe/ispconfig3
  • Rescue9/ispconfig3
  • DmitriyLyalyuev/ispconfig3
  • simon.levesque/ispconfig3
  • Viktor/ispconfig3
  • Dr4c0/ispconfig3
  • stefanmcds-mnt/ispconfig3
  • Konflikted/ispconfig3
  • Schoene/ispconfig3
  • stefan.eertwegh/ispconfig3
  • Quest/ispconfig3
  • bst2002/ispconfig3
  • jphustman/ispconfig3
  • lepirlouit/ispconfig3
  • lolo888/ispconfig3
  • Quetzal/ispconfig3
  • kolorafa/ispconfig3
  • jdsn/ispconfig3
  • mk/ispconfig3
  • jnorell/ispconfig3
  • madalin/ispconfig3
  • edspiner/ispconfig3
  • blu3bird/ispconfig3
  • ITManager/ispconfig3
  • virtualweb/ispconfig3
  • dirkd/ispconfig3
  • jcdirks/ispconfig3
  • bvbmedia/ispconfig3
  • CSoellinger/ispconfig3
  • lutacon/ispconfig3
  • armsby/ispconfig3
  • psantos/ispconfig3
  • pkdevbox_y/ispconfig3
  • tlanger/ispconfig3
  • Krauser/ispconfig3
  • ochorocho/ispconfig3
  • aisfrond/ispconfig3
  • ldrrp/ispconfig3
  • steglicd/ispconfig3
  • darkalex/ispconfig3
  • b.dokimakis/ispconfig3
  • MarioSteinitz/ispconfig3
  • bweston/ispconfig3
  • bob/ispconfig3
  • HHGAG/ispconfig3
  • ark74/ispconfig3
  • fuerni/ispconfig3
  • hexblot/ispconfig3
  • maxxer/ispconfig3
  • JustDevZero/ispconfig3
  • habeggerl/ispconfig3
  • phpexpert/ispconfig3
  • Questler/ispconfig3
  • JanThiel/ispconfig3
  • joni_1993/ispconfig3
  • MePha/ispconfig3
  • flies/ispconfig3
  • macjohnny/ispconfig3
  • csegarra/ispconfig3
  • Tibius/ispconfig3
  • wairuru/ispconfig3
  • pdreissen/ispconfig3
  • mgiworx/ispconfig3
  • michielp/ispconfig3
  • ZarToK/ispconfig3
  • x-f/ispconfig3
  • tomlankhorst/ispconfig3
  • olivier.br/ispconfig3
  • hajti/ispconfig3
  • JaviSabalete/ispconfig3
  • dharman/ispconfig3
  • Martin-enavn/ispconfig3
  • Fr3k4Life/ispconfig3
  • Caldeira/ispconfig3
  • enavn/ispconfig3
  • cybernet2u/ispconfig3
  • Denny/ispconfig3
  • jbbr/ispconfig3
  • kakohari/ispconfig3
  • almere/ispconfig3
  • Kyokata/ispconfig3
  • burn/ispconfig3
  • feldsam/ispconfig3
  • woutervddn/ispconfig3
  • tm/ispconfig3
  • blount/ispconfig3
  • pravdomil/ispconfig3
  • manyk/ispconfig3
  • Poppabear/ispconfig3
  • t1st3/ispconfig3
  • scrat14/ispconfig3
  • ncomputers.org/ispconfig3
  • wlisik/ispconfig3
  • CupOfTea696/ispconfig3
  • ogmelch/ispconfig3
  • techwolf12/ispconfig3
  • timo.boldt/ispconfig3
  • DemoFreak/ispconfig3
  • EndelWar/ispconfig3
  • maanus/ispconfig3
  • ms217/ispconfig3
  • luisvivasb/ispconfig3
  • Ismir/ispconfig3
  • truongld/ispconfig3
  • nhutphan/ispconfig3
  • ram/ispconfig3
  • josemorenoasix/ispconfig3
  • onestepp/ispconfig3
  • gguglielmetti/ispconfig3
  • andre/ispconfig3
  • omig/ispconfig3
  • liane/ispconfig3
  • PVasileff/ispconfig3
  • mattanja/ispconfig3
  • dnl-jst/ispconfig3
  • jkalousek/ispconfig3
  • lgg42/ispconfig3
  • ispcomm/ispconfig3
  • moglgasy/ispconfig3
  • natanfelles/ispconfig3
  • cristiandeluxe/ispconfig3
  • pete/ispconfig3
  • Sosha/ispconfig3
  • shr3k/ispconfig3
  • niceit/ispconfig3
  • dani/ispconfig3
  • Ongaro/ispconfig3
  • Djidel/ispconfig3
  • andre.ballensiefen/ispconfig3
  • qroac/ispconfig3
  • magenbrot/ispconfig3
  • doekia/ispconfig3
  • edersonmora/ispconfig3
  • zucha.imz/ispconfig3
  • ckc/ispconfig3
  • Sroka/ispconfig3
  • batgau/ispconfig3
  • isp/ispconfig3
  • oboumati/ispconfig3
  • mscholz/ispconfig3
  • katiak/ispconfig3
  • jamiroph/ispconfig3
  • buhlerax/ispconfig3
  • johan/ispconfig3
  • KordianBruck/ispconfig3
  • trs997/ispconfig3
  • Funclineal/ispconfig3
  • xals/ispconfig3
  • sververda/ispconfig3
  • presure/ispconfig3
  • vojtech.myslivec/ispconfig3
  • helmo/ispconfig3
  • brody/ispconfig3
  • GameO7er/ispconfig3
  • webslice/ispconfig3
  • ufoonline/ispconfig3
  • alwin/ispconfig3
  • t.heller/ispconfig3
  • philipp/ispconfig3
  • andrzejs/ispconfig3
  • pixcept/ispconfig3
  • tgmedia/ispconfig3
  • Nardol/ispconfig3
  • m42e/ispconfig3
  • condless/ispconfig3
  • alesak/ispconfig3
  • MasonChase/ispconfig3
  • brt/ispconfig3
  • Rusek/ispconfig3
  • credz/ispconfig3
  • fiftyz/ispconfig3
  • dciancu/ispconfig3
  • thom/ispconfig3
  • florian030/ispconfig3
  • Mixasik/ispconfig3
  • SimonSparks/ispconfig3
  • eurodomenii/ispconfig3
  • vitex/ispconfig3
  • mitho/ispconfig3
  • CaptainStarbuck/ispconfig3
  • renky/ispconfig3
  • d--j/ispconfig3
  • inetspec/ispconfig3
  • Christian/ispconfig3
  • lukav/ispconfig3
  • galgenjunge/ispconfig3
  • gody/ispconfig3
  • kpendic/ispconfig3
  • diciannove/ispconfig3
  • tbasler/ispconfig3
  • logifech/ispconfig3
  • maximaweb/ispconfig3
  • tommaso-perondi/ispconfig3
  • francoisPE/ispconfig3
  • elgeorge2k/ispconfig3
  • francoisgrizzlydev/ispconfig3
  • Chris_UK/ispconfig3
  • mrutkowski/ispconfig3
  • mladen074/ispconfig3
  • trogper/ispconfig3
  • Lokutos/ispconfig3
  • manoaratefy/ispconfig3
  • GwynethLlewelyn/ispconfig3
  • tim427/ispconfig3
  • mapreri/ispconfig3
  • gsubiron/ispconfig3
  • eriam/ispconfig3
  • Steveorevo/ispconfig3
  • Jens/ispconfig3
  • ebela/ispconfig3
  • typoworx/ispconfig3
  • teuto.net/ispconfig3
  • sonority/ispconfig3
  • element/ispconfig3
  • Petar/ispconfig3
  • ewsp/ispconfig3
  • bicisteadm/ispconfig3
  • ivmm/ispconfig3
  • blinkenbox/ispconfig3
  • Samgarr/ispconfig3
  • B.Richard/ispconfig3
  • ahrasis/ispconfig3
  • nephi.aust/ispconfig3
  • beastycoding/ispconfig3
  • luttje/ispconfig3
  • hairy/ispconfig3
  • styxtdo/ispconfig3
  • SGr33n/ispconfig3
  • mepstein/ispconfig3
  • kobuki/ispconfig3
  • dachris/ispconfig3
  • mina/ispconfig3
253 results
Show changes
Commits on Source (9884)
9,784 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 2027 additions and 0 deletions
.editorconfig 0 → 100644
View file @ d7960adc
; top-most EditorConfig file
root = true
; Unix-style newlines
[*]
charset = utf-8
end_of_line = LF
insert_final_newline = true
trim_trailing_whitespace = true
indent_style = tab
[*.{htm,html}]
indent_style = space
indent_size = 4
.git-scripts/syntax.sh 0 → 100644
View file @ d7960adc
#!/bin/bash
IFS=$'\n'
EX=0
ERRS="" ;
WARNS="" ;
ERRCNT=0 ;
WARNCNT=0 ;
OUTCNT=0 ;
FILECNT=0 ;
DONECNT=0 ;
CMD="find . -type f \( -name \"*.php\" -o -name \"*.lng\" \) -print" ;
if [[ "$1" == "commit" ]] ; then
CMD="git diff-tree --no-commit-id --name-only -r ${CI_COMMIT_SHA} | grep -E '\.(php|lng)$'" ;
fi
FILECNT=$(eval "${CMD} | wc -l") ;
for F in $(eval "$CMD") ; do
if [[ ! -e "${F}" || ! -f "${F}" ]] ; then
continue ;
fi
R=$(php -d error_reporting=E_ALL -d display_errors=On -l "$F" 2>/dev/null) ;
RET=$? ;
R=$(echo "${R}" | sed "/^$/d")
if [ $RET -gt 0 ] ; then
EX=1 ;
echo -n "E" ;
ERRS="${ERRS}${F}:"$'\n'"${R}"$'\n\n' ;
ERRCNT=$((ERRCNT + 1)) ;
else
if [[ "$R" == "Deprecated: "* ]] ; then
echo -n "W" ;
WARNS="${WARNS}${F}:"$'\n'"${R}"$'\n\n' ;
WARNCNT=$((WARNCNT + 1)) ;
else
echo -n "." ;
fi
fi
OUTCNT=$((OUTCNT + 1)) ;
DONECNT=$((DONECNT + 1)) ;
if [ $OUTCNT -ge 40 ] ; then
OUTCNT=0 ;
echo "[${DONECNT}/${FILECNT}]" ;
fi
done
echo ""
echo "--------------------------";
echo "${DONECNT} Files done"
echo "${ERRCNT} Errors"
if [ $ERRCNT -gt 0 ] ; then
echo "${ERRS}"
echo ""
fi
echo "${WARNCNT} Warnings"
if [ $WARNCNT -gt 0 ] ; then
echo ""
echo "${WARNS}"
echo ""
fi
exit $EX
.gitattributes 0 → 100644
View file @ d7960adc
* text=auto
*.php text eol=lf
\ No newline at end of file
.gitignore 0 → 100644
View file @ d7960adc
.idea
/nbproject/private/
.phplint-cache
# Vim and patch specific excludes
*.swp
*.orig
*.rej
# macOS-specific things to exclude
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
Icon?
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# Configuration for the Nova editor
.nova
# VS Code files for those working on multiple tools
.vscode/*
*.code-workspace
# Local History for Visual Studio Code
.history/
# Built Visual Studio Code Extensions
*.vsix
# Visual Studio code coverage results
*.coverage
*.coveragexml
# Visual Studio IDE cache/options directory
.vs/
# do not version control generated config files
/server/lib/mysql_clientdb.conf
/server/lib/config.inc.php
/server/lib/config.inc.local.php
/interface/lib/config.inc.local.php
/install/existing_db.sql
.gitlab-ci.yml 0 → 100644
View file @ d7960adc
# Defines stages which are to be executed
stages:
- syntax
- syntax_diff
- test
- build
#
### Stage syntax
#
syntax:lint:
stage: syntax
image: edbizarro/gitlab-ci-pipeline-php:7.2
allow_failure: false
only:
- schedules
- web
- merge_requests
- /^\d+\.\d+\.\d+([p|b]\d+)?$/
script:
- echo "Syntax checking PHP files"
- bash ./.git-scripts/syntax.sh
syntax_diff:lint:
stage: syntax
image: edbizarro/gitlab-ci-pipeline-php:7.2
allow_failure: false
only:
- web
- pushes
- branches
except:
- schedules
- web
- merge_requests
- /^\d+\.\d+\.\d+([p|b]\d+)?$/
script:
- echo "Syntax checking PHP files"
- bash ./.git-scripts/syntax.sh commit
#syntax:lint:
# stage: syntax
# image: edbizarro/gitlab-ci-pipeline-php:7.2
# allow_failure: false
# only:
# - schedules
# - web
# - merge_requests
#
# script:
# - composer require overtrue/phplint
# - echo "Syntax checking PHP files"
# - echo "For more information http://www.icosaedro.it/phplint/"
# - vendor/bin/phplint
#test:install:
# stage: test
# image: jerob/docker-ispconfig
# only:
# - schedules
# - web
# - /^\d+\.\d+\.\d+$/
#
# script:
# - $CI_PROJECT_DIR/helper_scripts/test_install_docker.sh
# - apt-get update
# - apt-get --yes install curl
# - curl --insecure https://127.0.0.1:8080/login/
# - ps xaf
#
# needs: ["syntax:lint"]
build:package:
stage: build
image: edbizarro/gitlab-ci-pipeline-php:7.2
only:
refs:
- /^\d+\.\d+\.\d+([p|b]\d+)?$/
- web
script:
- echo "Building release."
- if [[ "$VER" == "" ]] ; then VER="$CI_COMMIT_TAG" ; fi
- if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
- if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
- RET=0
- tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' --mode='0775' ./* || RET=$?
- if [[ $RET > 1 ]] ; then exit $RET ; fi
- echo "Listing tar contents for verification"
- tar -tvf ISPConfig-${VER}.tar.gz
- echo "Uploading file to download server"
- curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/
- if [[ "$VER" =~ ^[0-9]+\.[0-9]+\.[0-9]+(p[0-9]+)?$ ]] ; then echo "Stable release ${VER}" ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/ISPConfig-3-stable.tar.gz ; echo -n "${VER}" > ispconfig3_version.txt ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ispconfig3_version.txt ftp://${DEPLOY_FTP_SERVER}/web/ ; else echo "Dev release ${VER}" ; fi
- rm ISPConfig-${VER}.tar.gz
- echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
needs: ["syntax:lint"]
allow_failure: false
.gitlab/issue_templates/Bug.md 0 → 100644
View file @ d7960adc
<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
## Steps to reproduce
1. [First step]
2. [Second step]
3. [and so on...]
## Correct behaviour
<!-- What should happen instead? -->
## Environment
Server OS + version: (Debian 10/Ubuntu 20.04/CentOS 8/...) \
ISPConfig version: (3.1.15p3/3.2.3/3.2dev/...)
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
Software version of the related software:
<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
```
Output of the command
```
## Proposed fix
optional, of course.
if you want to post code snippets, please use
```
your code
```
or attach a code file. Best is to create a merge request of course.
## References
if you know of related bugs or feature requests, please reference them by using `#<issuenumber>`, e. g. #6105
if you have done a merge request already, please reference it by using `!<mergenumber>`, e. g. !1444
if you know of a forum post on howtoforge.com that deals with this topic, just add the link to the forum topic here
## Screenshots
optional, of course.
Add screenshots of the problem by clicking "Attach a file" on the bottom right.
## Related log entries
.phplint.yml 0 → 100644
View file @ d7960adc
path: ./
jobs: 5
cache: .phplint-cache
extensions:
- php
- lng
exclude:
- vendor
CONTRIBUTING.md 0 → 100644
View file @ d7960adc
# Contributing to ISPConfig
ISPConfig is a open source project and community contributions are very welcome. To contribute, please stick to the guidelines.
This document is under development and will be continuously improved.
Please do not refactor existing code and do not change the signature or the behaviour of central functions or libraries. Such changes may only be made by the core development team. We have had many bad experiences with such changes affecting the stability of ISPConfig, so we no longer accept submissions containing such changes. Merge requests containing such changes will be closed and not merged.
# Issues
* Before opening a new issue, use the search function to check if there isn't a bug report / feature request already.
* If you are reporting a bug, please share your OS and PHP (CLI) version.
* If you want to report several bugs or request several features, open a separate issue for each one of them.
* Do note re-open issues that were closed by the core dev team unless something new and important that is not mentioned in the original issue needs to be added. Permanently re-opening issues that we commented on and closed will get your account banned. You may add comments to issues without re-opening them though.
# Branches
* If you are a new user, please send an email to: dev [at] ispconfig [dot] org to receive rights to fork the project.
* Please create an issue for each contribution you want to make.
* Do not put multiple contributions into a single branch and merge request. Each contribution should have it's own branch.
* Do not use the develop branch in your forked project for your contribution. Create a separate branch for each issue.
* Give your branch a name, e. g. `6049-update-the-contributing-doc ` where 6049 is the issue number.
# Merge requests
Please give your merge request a description that shortly states what it is about. Merge requests without a good title or with missing description will get delayed because it is more effort for us to check the meaning of the changes made.
Once again: Do not put multiple things into a single merge request. If you for example fix two issues where one affects apache and one mail users, use separate issues and separate merge requests.
You can group multiple issues in a single merge request if they have the same specific topic, e. g. if you have one issue stating that a language entry in mail users is missing and a second issue that a language entry for server config is missing, you can put both issues into a single branch and merge request. Be sure to include all issue ids (if multiple) into the merge request's description in this case.
* Open a issue for the bug you want to fix / the feature you want to implement
* After opening the issue, commit your changes to your branch
* Note the issue # in every commit
* Update the documentation (New devs will not have access to this. Please send a email to docs@ispconfig.org)
* Add translations for every language
* Use a short title
* Write a clear description - for example, when updating the contributing guidelines with issue #6049: \
"Update of our contributing guidelines \
Closes #6049"
* Please be aware that we are not able to accept merge request that do not stick to the coding guidelines. We need to insist on that to keep the code clean and maintainable.
# Some guidelines for web development with php.
-----------------------------------------------------
* Don't use features that are not supported in PHP 5.4, for compatibility with LTS OS releases, ISPConfig must support PHP 5.4+
* Don't use shorttags. A Shorttag is `<?` and that is confusing with `<?xml` -> always use `<?php`
* Don't use namespaces
* Column names in database tables and database table names are in lowercase
* Classes for the interface are located in interface/lib/classes/ and loaded with $app->uses() or $app->load() functions.
* Classes for the server are located in server/lib/classes/ and loaded with $app->uses() or $app->load() functions.
### Indentations
Indentations are always done with tabs. Do **not** use spaces.
It is recommended to set your IDE to display tabs with a width of 4 spaces.
### Variable and method / function names
Methods and functions should always be written in camel-case. Variables and properties should always be lowercase instead.
**Correct:**
```php
class MyClass {
private $issue_list = [];
private function getMyValue() {
}
}
```
**Wrong:**
```php
class my_class {
private $IssueList = [];
private function get_my_value() {
}
}
```
### Blocks
#### Curly braces
Opening curly braces always have to be in the same line as the preceding condition. They are separated by a single space from the closing paranthesis.
Closing curly braces are always on a separate line after the last statement in the block. The only exception is a do-while block where the logic is inverted.
Curly braces are **always** to be used. Do not leave them out, even if there is only a single statement in the corresponding block.
**Correct:**
```php
if($variable === true) {
}
while($condition) {
}
do {
} while($condition);
```
**Wrong:**
```php
if($variable === true){
}
if($variable === true)
{
}
if($variable === true)
$x = 'no braces';
while($condition) { }
```
#### Short style
The short style of conditional assignments is allowed to be used, but it must not affect readability, e. g. they shall not be nested.
**Allowed:**
```php
$a = 0;
if($condition === true) {
$a = 1;
}
$a = ($condition === true ? 1 : 0);
```
**Disallowed:**
```php
$x = ($condition === true ? ($further == 'foo' ? true : false) : true);
```
#### Spaces and paranthesis
The rules for using spaces are:
- no space after `if`/`while` etc. and the following opening paranthesis
- single space after closing paranthesis and before opening curly brace
- no spaces at the end of a line
- no spaces after opening paranthesis and before closing paranthesis
- single space before and after comparators
**Correct:**
```php
if($variable === $condition) {
}
while(($condition !== false || $condition2 === true) && $n <= 15) {
$n++;
}
```
**Wrong:**
```php
if ($variable===$condition) {
}
while(($condition!==false||$condition2===true))&&$n<=15){
}
```
#### Newlines inside of conditions
Breaking up conditions into separate lines can be done if it positively affects readability.
```php
if($condition === true && ($state === 'completed' || $state === 'pending') && ($processed_by !== null || $process_time < time())) {
}
```
can also be written as
```php
if($condition === true
&& ($state === 'completed' || $state === 'pending')
&& ($processed_by !== null || $process_time < time())
) {
}
```
This must not be abused, e. g. the following is not allowed:
```php
if($a == 1
|| $b == 2) {
}
```
### Arrays
#### Short syntax
Please **do** use short array syntax. We have deprecated the old-style array syntax.
**Correct**:
```php
$var = [];
$var2 = [
'conf' => [
'setting1' => 'value1'
]
];
```
**Wrong:**
```php
$var = array();
$var2 = array(
'conf' => array(
'setting1' => 'value1'
)
);
```
#### Spaces and newlines
When defining an empty array, both brackets shall be on the same line. When defining an array with values, the style depends on the values you are going to assign.
##### List of values
When defining an array with a list of values, e. g. numbers or names, they should be on the same line as the brackets without using new lines, as long as the line does not exceed a total number of characters of about 90. After each comma there has to be a single space.
##### Nested array
When defining a nested array onle the opening bracket is to be on the same line. The closing bracket has to be on a separate line indented by `tabs * level of array`.
##### Examples
```php
// empty array
$a = [];
// array with list of values
$array = [4, 3, 76, 12];
// array with long list of values
$array = [
'This is one entry', 'This is a second one', 'Another one', 'Further entries', 'foo', 'bar', 34, 42, $variable, // newline here for better readability
'Next entry', 'the last entry'
];
// nested array
$array = [
'conf' => [
'level' => 1,
'settings' => [
'window' => 'open',
'door' => 'closed
]
]
];
```
**Not-to-dos:**
```php
$array=[
];
$array = [
1,
4,
35,
23,
345,
11,
221,
'further',
'...'
];
$array=['conf'=>['settings'=>['window' => 'open', 'door' => 'closed]]];
```
### Strings
Whenever possible use single quotes `'` instead of double qoutes `"`. Try not to embedd variables in string. Concatenate them instead.
**Correct:**
```php
// simple text
$var = 'This is a text';
// array index
$array['index'] = 'value';
// text with variables
$var = 'This is a text with ' . $value . ' values inside and at the end: ' . $sum_value;
// dynamic array index
$idx = 'index' . $key;
$value = $array[$idx];
```
**Wrong:**
```php
// simple text
$var = "This is a text";
// array index
$array["index"] = 'value';
// text with variables
$var = "This is a text with $value values inside and at the end: {$sum_value}";
// dynamic array index
$value = $array['index' . $key];
$value = $array["index{$key}"];
```
# Where to store custom settings
## Interface settings
The recommended place to store global interface settings is the ini style global config system
(see system.ini.master file in install/tpl/ to set defaults). The settings file
gets stored inside the ispconfig database. Settings can be accessed with the function:
```
$app->uses('ini_parser,getconf');
$interface_settings = $app->getconf->get_global_config('modulename');
```
where modulename corresponds to the config section in the system.ini.master file.
To make the settings editable under System > interface config, add the new configuration
fields to the file interface/web/admin/form/system_config.tform.php and the corresponding
tempalte file in the templates subfolder of the admin module.
## Server settings
Server settings are stored in the ini style server config system (see server.ini.master template file)
The settings file gets stored inside the ispconfig database in the server table. Settings can be
accessed with the function $app->getconf->get_server_config(....)
Example to access the web configuration:
```
$app->uses('ini_parser,getconf');
$web_config = $app->getconf->get_server_config($server_id,'web');
```
# Learn about the form validators
There are form validators in interface/lib/classes/tform.inc.php to make validating forms easier.
Read about: REGEX,UNIQUE,NOTEMPTY,ISEMAIL,ISINT,ISPOSITIVE,ISIPV4,ISIPV6,ISIP,CUSTOM
LICENSE 0 → 100644
View file @ d7960adc
Copyright (c) 2007-2020, Till Brehm, ISPConfig UG
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
README.md 0 → 100644
View file @ d7960adc
# ISPConfig - Hosting Control Panel
![ISPConfig logo](https://www.ispconfig.org/wp-content/themes/ispconfig/images/ispconfig_logo.png "") \
Development branch: [![pipeline status](https://git.ispconfig.org/ispconfig/ispconfig3/badges/develop/pipeline.svg)](https://git.ispconfig.org/ispconfig/ispconfig3/commits/develop)
## Functions
- Manage multiple servers from one control panel
- Single server, multiserver and mirrored clusters.
- Webserver management
- Mailserver management
- DNS server management
- Virtualization (OpenVZ)
- Administrator, reseller, client and mailuser login
- Open Source software ([BSD license](LICENSE))
## Supported daemons
- HTTP: Apache2 and NGINX
- HTTP stats: Webalizer, GoAccess and AWStats
- Let's Encrypt: Acme.sh and certbot
- SMTP: Postfix
- POP3/IMAP: Dovecot
- Spamfilter: Rspamd and Amavis
- FTP: PureFTPD
- DNS: BIND9 and PowerDNS[^1]
- Database: MariaDB and MySQL
[^1]: not actively tested
## Supported operating systems
- Debian 9 - 12, and testing
- Ubuntu 16.04 - 22.04
- CentOS 7 and 8
## Auto-install script
You can install the "Perfect Server" with ISPConfig using [our official autoinstaller](https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/)
## Migration tool
The Migration Tool helps you to import data from other control panels (currently ISPConfig 2 and 3 – 3.2, Plesk 10 – 12.5, Plesk Onyx, CPanel[^2] and Confixx 3). For more information, see https://www.ispconfig.org/add-ons/ispconfig-migration-tool/
[^2]: The Migration Toolkit now contains beta support for migrating CPanel to ISPConfig.
## Documentation
You can support ISPConfig development by buying the manual: https://www.ispconfig.org/documentation/
## Contributing
If you like to contribute to the ISPConfig development, please read the contributing guidelines: [CONTRIBUTING.MD](CONTRIBUTING.md)
TODO.txt 0 → 100644
View file @ d7960adc
Please see our GitLab issues for feature requests and bug reports.
https://git.ispconfig.org/ispconfig/ispconfig3/issues
docs/INSTALL.txt 0 → 100644
View file @ d7960adc
The installation instructions for ISPConfig can be found here:
https://www.ispconfig.org/page/en/documentation.html
docs/Remote_API_docs.txt 0 → 100644
View file @ d7960adc
The remote API documentation is in the remoting_client/API-docs subfolder.
docs/autoinstall_samples/autoinstall.conf_sample.php 0 → 100644
View file @ d7960adc
<?php
$autoinstall['language'] = 'en'; // de, en (default)
$autoinstall['install_mode'] = 'standard'; // standard (default), expert
$autoinstall['hostname'] = 'server1.example.com'; // default
$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
$autoinstall['mysql_port'] = '3306'; // default: 3306
$autoinstall['mysql_root_user'] = 'root'; // default: root
$autoinstall['mysql_root_password'] = 'howtoforge';
$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
$autoinstall['http_server'] = 'nginx'; // apache (default), nginx
$autoinstall['ispconfig_port'] = '8080'; // default: 8080
$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
$autoinstall['ispconfig_admin_password'] = 'admin'; // default: admin
$autoinstall['create_ssl_server_certs'] = 'y';
$autoinstall['ignore_hostname_dns'] = 'n';
$autoinstall['ispconfig_postfix_ssl_symlink'] = 'y';
$autoinstall['ispconfig_pureftpd_ssl_symlink'] = 'y';
/* SSL Settings */
$autoinstall['ssl_cert_country'] = 'AU';
$autoinstall['ssl_cert_state'] = 'Some-State';
$autoinstall['ssl_cert_locality'] = 'Chicago';
$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
$autoinstall['ssl_cert_common_name'] = $autoinstall['hostname'];
$autoinstall['ssl_cert_email'] = 'hostmaster@'.$autoinstall['hostname'];
/* optional expert mode settings, needed only for expert mode */
$autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
$autoinstall['mysql_ispconfig_password'] = bin2hex(random_bytes(20));
$autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
$autoinstall['mysql_master_hostname'] = 'master.example.com';
$autoinstall['mysql_master_root_user'] = 'root';
$autoinstall['mysql_master_root_password'] = 'howtoforge';
$autoinstall['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
$autoinstall['configure_mail'] = 'y'; // y (default), n
$autoinstall['configure_jailkit'] = 'y'; // y (default), n
$autoinstall['configure_ftp'] = 'y'; // y (default), n
$autoinstall['configure_dns'] = 'y'; // y (default), n
$autoinstall['configure_apache'] = 'y'; // y (default), n
$autoinstall['configure_nginx'] = 'y'; // y (default), n
$autoinstall['configure_firewall'] = 'y'; // y (default), n
$autoinstall['install_ispconfig_web_interface'] = 'y'; // y (default), n
/* optional update settings, needed only for updates */
$autoupdate['do_backup'] = 'yes'; // yes (default), no
$autoupdate['mysql_root_password'] = 'howtoforge';
$autoupdate['mysql_master_hostname'] = 'master.example.com';
$autoupdate['mysql_master_root_user'] = 'root';
$autoupdate['mysql_master_root_password'] = 'howtoforge';
$autoupdate['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
$autoupdate['reconfigure_permissions_in_master_database'] = 'no'; // no (default), yes
$autoupdate['reconfigure_services'] = 'yes'; // yes (default), no
$autoupdate['ispconfig_port'] = '8080'; // default: 8080
$autoupdate['create_new_ispconfig_ssl_cert'] = 'no'; // no (default), yes
$autoupdate['reconfigure_crontab'] = 'yes'; // yes (default), no
$autoupdate['create_ssl_server_certs'] = 'y';
$autoupdate['ignore_hostname_dns'] = 'n';
$autoupdate['ispconfig_postfix_ssl_symlink'] = 'y';
$autoupdate['ispconfig_pureftpd_ssl_symlink'] = 'y';
/* These are for service-detection (defaulting to old behaviour where all changes were automatically accepted) */
$autoupdate['svc_detect_change_mail_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_web_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_dns_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_xmpp_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_firewall_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_vserver_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_db_server'] = 'yes'; // yes (default), no
?>
docs/autoinstall_samples/autoinstall.ini.sample 0 → 100644
View file @ d7960adc
[install]
language=en
install_mode=standard
hostname=server1.example.com
mysql_hostname=localhost
mysql_port=3306
mysql_root_user=root
mysql_root_password=ispconfig
mysql_database=dbispconfig
mysql_charset=utf8
http_server=apache
ispconfig_port=8080
ispconfig_use_ssl=y
ispconfig_admin_password=admin
create_ssl_server_certs=y
ignore_hostname_dns=n
ispconfig_postfix_ssl_symlink=y
ispconfig_pureftpd_ssl_symlink=y
[ssl_cert]
ssl_cert_country=AU
ssl_cert_state=Some-State
ssl_cert_locality=Chicago
ssl_cert_organisation=Internet Widgits Pty Ltd
ssl_cert_organisation_unit=IT department
ssl_cert_common_name=server1.example.com
ssl_cert_email=hostmaster@example.com
[expert]
mysql_ispconfig_user=ispconfig
mysql_ispconfig_password=afStEratXBsgatRtsa42CadwhQ
join_multiserver_setup=n
mysql_master_hostname=master.example.com
mysql_master_root_user=root
mysql_master_root_password=ispconfig
mysql_master_database=dbispconfig
configure_mail=y
configure_jailkit=y
configure_ftp=y
configure_dns=y
configure_apache=y
configure_nginx=y
configure_firewall=y
install_ispconfig_web_interface=y
[update]
do_backup=yes
mysql_root_password=ispconfig
mysql_master_hostname=master.example.com
mysql_master_root_user=root
mysql_master_root_password=ispconfig
mysql_master_database=dbispconfig
reconfigure_permissions_in_master_database=no
reconfigure_services=yes
ispconfig_port=8080
create_new_ispconfig_ssl_cert=no
reconfigure_crontab=yes
create_ssl_server_certs=y
ignore_hostname_dns=n
ispconfig_postfix_ssl_symlink=y
ispconfig_pureftpd_ssl_symlink=y
; These are for service-detection (defaulting to old behaviour where all changes were automatically accepted)
svc_detect_change_mail_server=yes
svc_detect_change_web_server=yes
svc_detect_change_dns_server=yes
svc_detect_change_xmpp_server=yes
svc_detect_change_firewall_server=yes
svc_detect_change_vserver_server=yes
svc_detect_change_db_server=yes
docs/examples/blacklist_helo.master 0 → 100644
View file @ d7960adc
# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
#
# This file can be used to block hostnames used in smtp HELO command which are known bad.
# Occasionally you will run into legitimate mail servers which are misconfigured and end
# up blocked here, so this is not enabled by default, but it is useful if you are prepared
# to address those cases. .local is particularly problematic, and commented out by default.
#
# Note that any server hitting this check is misconfigured, all of the names below are bogus
# and not allowed per RFC 2821.
#
# If your own users are blocked by this, they are not authenticating to your server when
# sending (this check is after permit_sasl, which permits authenticated senders).
#
# Instructions:
#
# Copy this file to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
# as well as /etc/postfix/blacklist_helo, so your changes are not overwritten with ispconfig
# updates.
# probably just put REJECT lines in here,
# as OK lines will bypass a lot of other checks you may want done
# (use DUNNO instead of OK)
#
# common for spammers (check https://data.iana.org/TLD/tlds-alpha-by-domain.txt and remove valid tld's occasionally)
/.*\.administrator$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.admin$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.bac$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.coma$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dlink$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dns$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.domain$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dynamic$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dyndns\.org$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dyn$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.firewall$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.gateway$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.home$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.internal$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.intern$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.janak$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.kornet$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.lab$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.lan$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.localdomain$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.localhost$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
# .local is used by spammers a lot, but too many otherwise legit servers hit it
# (instead of REJECT, should send to greylisting)
#/.*\.local$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.loc$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.lokal$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.mail$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.nat$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.netzwerk$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.pc$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.privat$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.private$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.router$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.setup$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.119$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.beeline$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.cici$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.gt_3g$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.gt-3g$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.hananet$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.skbroadband$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.tbroad$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
docs/old_server_plugins/bind_dlz_plugin.inc.php 0 → 100644
View file @ d7960adc
<?php
/*
Copyright (c) 2009, Falko Timme, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
TABLE STRUCTURE of the "named" database:
CREATE TABLE IF NOT EXISTS `records` (
`id` int(10) unsigned NOT NULL auto_increment,
`zone` varchar(255) NOT NULL,
`ttl` int(11) NOT NULL default '3600',
`type` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL default '@',
`mx_priority` int(11) default NULL,
`data` text,
`primary_ns` varchar(255) default NULL,
`resp_contact` varchar(255) default NULL,
`serial` bigint(20) default NULL,
`refresh` int(11) default NULL,
`retry` int(11) default NULL,
`expire` int(11) default NULL,
`minimum` int(11) default NULL,
`ispconfig_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `xfr` (
`id` int(11) NOT NULL auto_increment,
`zone` varchar(255) NOT NULL,
`client` varchar(255) NOT NULL,
`ispconfig_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `zone` (`zone`),
KEY `client` (`client`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
*/
class bind_dlz_plugin {
var $plugin_name = 'bind_dlz_plugin';
var $class_name = 'bind_dlz_plugin';
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall()
{
global $conf;
if(isset($conf['bind']['installed']) && $conf['bind']['installed'] == true) {
// Temporarily disabled until the installer supports the automatic creation of the necessary
// database or at least to select between filebased nd db based bind, as not all bind versions
// support dlz out of the box. To enable this plugin manually, create a symlink from the plugins-enabled
// directory to this file in the plugins-available directory.
return false;
//return true;
} else {
return false;
}
}
/*
This function is called when the plugin is loaded
*/
function onLoad()
{
global $app;
/*
Register for the events
*/
//* SOA
$app->plugins->registerEvent('dns_soa_insert', $this->plugin_name, 'soa_insert');
$app->plugins->registerEvent('dns_soa_update', $this->plugin_name, 'soa_update');
$app->plugins->registerEvent('dns_soa_delete', $this->plugin_name, 'soa_delete');
//* RR
$app->plugins->registerEvent('dns_rr_insert', $this->plugin_name, 'rr_insert');
$app->plugins->registerEvent('dns_rr_update', $this->plugin_name, 'rr_update');
$app->plugins->registerEvent('dns_rr_delete', $this->plugin_name, 'rr_delete');
}
function soa_insert($event_name, $data)
{
global $app, $conf;
if($data["new"]["active"] != 'Y') return;
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$ttl = $data["new"]["ttl"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
$app->db->query("INSERT INTO named.records (zone, ttl, type, primary_ns, resp_contact, serial, refresh, retry, expire, minimum, ispconfig_id) VALUES ".
"(?, ?, 'SOA', ?, ?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $ispconfig_id);
//unset($_db);
}
function soa_update($event_name, $data)
{
global $app, $conf;
if($data["new"]["active"] != 'Y')
{
if($data["old"]["active"] != 'Y') return;
$this->soa_delete($event_name, $data);
}
else
{
if($data["old"]["active"] == 'Y')
{
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$ttl = $data["new"]["ttl"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, primary_ns = ?, resp_contact = ?, serial = ?, refresh = ?, retry = ?, expire = ?, minimum = ? WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $data["new"]["id"]);
//unset($_db);
}
else
{
$this->soa_insert($event_name, $data);
$ispconfig_id = $data["new"]["id"];
if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id))
{
foreach($records as $record)
{
foreach ($record as $key => $val) {
$data["new"][$key] = $val;
}
$this->rr_insert("dns_rr_insert", $data);
}
}
}
}
}
function soa_delete($event_name, $data)
{
global $app, $conf;
//$_db = clone $app->db;
//$_db->dbName = 'named';
$app->db->query( "DELETE FROM named.dns_records WHERE zone = ?", substr($data['old']['origin'], 0, -1));
//unset($_db);
}
function rr_insert($event_name, $data)
{
global $app, $conf;
if($data["new"]["active"] != 'Y') return;
$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
$type = $data["new"]["type"];
if (substr($data["new"]["name"], -1) == '.') {
$name = substr($data["new"]["name"], 0, -1);
} else {
$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
}
if ($name == $origin || $name == '') {
$name = '@';
}
switch ($type)
{
case "CNAME":
case "MX":
case "NS":
case "ALIAS":
case "PTR":
case "SRV":
if(substr($data["new"]["data"], -1) != '.'){
$content = $data["new"]["data"] . '.';
} else {
$content = $data["new"]["data"];
}
break;
case "HINFO":
$content = $data["new"]["data"];
$quote1 = strpos($content, '"');
if($quote1 !== FALSE) {
$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
}
if ($quote1 !== FALSE && $quote2 !== FALSE) {
$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
$content = $text_between_quotes.substr($content, ($quote2 + 2));
}
break;
default:
$content = $data["new"]["data"];
}
$ttl = $data["new"]["ttl"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
if ($type == 'MX') {
$app->db->query("INSERT INTO named.records (zone, ttl, type, host, mx_priority, data, ispconfig_id)".
" VALUES (?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $data["new"]["aux"], $content, $ispconfig_id);
} elseif ($type == 'SRV') {
$app->db->query("INSERT INTO named.records (zone, ttl, type, data, ispconfig_id)".
" VALUES (?, ?, ?, ?, ?)", $origin, $ttl, $type, $data["new"]["aux"] . ' ' . $content, $ispconfig_id);
} else {
$app->db->query("INSERT INTO named.records (zone, ttl, type, host, data, ispconfig_id)".
" VALUES (?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $content, $ispconfig_id);
}
//unset($_db);
}
function rr_update($event_name, $data)
{
global $app, $conf;
if ($data["new"]["active"] != 'Y')
{
if($data["old"]["active"] != 'Y') return;
$this->rr_delete($event_name, $data);
}
else
{
if ($data["old"]["active"] == 'Y')
{
$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
$type = $data["new"]["type"];
if (substr($data["new"]["name"], -1) == '.') {
$name = substr($data["new"]["name"], 0, -1);
} else {
$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
}
if ($name == $origin || $name == '') {
$name = '@';
}
switch ($type)
{
case "CNAME":
case "MX":
case "NS":
case "ALIAS":
case "PTR":
case "SRV":
if(substr($data["new"]["data"], -1) != '.'){
$content = $data["new"]["data"] . '.';
} else {
$content = $data["new"]["data"];
}
break;
case "HINFO":
$content = $data["new"]["data"];
$quote1 = strpos($content, '"');
if($quote1 !== FALSE){
$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
}
if($quote1 !== FALSE && $quote2 !== FALSE){
$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
$content = $text_between_quotes.substr($content, ($quote2 + 2));
}
break;
default:
$content = $data["new"]["data"];
}
$ttl = $data["new"]["ttl"];
$prio = (int)$data["new"]["aux"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
if ($type == 'MX') {
$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, mx_priority = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $prio, $content, $ispconfig_id);
} elseif ($type == 'SRV') {
$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $prio . ' ' . $content, $ispconfig_id);
} else {
$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $content, $ispconfig_id);
}
//unset($_db);
} else {
$this->rr_insert($event_name, $data);
}
}
}
function rr_delete($event_name, $data) {
global $app, $conf;
//$_db = clone $app->db;
//$_db->dbName = 'named';
$app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = ?", substr($data['old']['origin'], 0, -1));
//unset($_db);
}
} // end class
?>
docs/old_server_plugins/nginx_reverseproxy_plugin.inc.php 0 → 100644
View file @ d7960adc
<?php
class nginx_reverseproxy_plugin {
var $plugin_name = 'nginx_reverseproxy_plugin';
var $class_name = 'nginx_reverseproxy_plugin';
// private variables
var $action = '';
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall() {
global $conf;
if(isset($conf['services']['proxy']) && $conf['services']['proxy'] == true && isset($conf['nginx']['installed']) && $conf['nginx']['installed'] == true) {
return true;
} else {
return false;
}
}
/*
This function is called when the plugin is loaded
*/
function onLoad() {
global $app;
/*
Register for the events
*/
$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'ssl');
$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'ssl');
$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'ssl');
$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'insert');
$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'update');
$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'delete');
// $app->plugins->registerEvent('proxy_reverse_insert',$this->plugin_name,'rewrite_insert');
// $app->plugins->registerEvent('proxy_reverse_update',$this->plugin_name,'rewrite_update');
// $app->plugins->registerEvent('proxy_reverse_delete',$this->plugin_name,'rewrite_delete');
}
function insert($event_name, $data) {
global $app, $conf;
// just run the update function
$this->update($event_name, $data);
}
function update($event_name, $data) {
global $app, $conf;
if($this->action != 'insert') $this->action = 'update';
if($data['new']['type'] != 'vhost' && $data['new']['type'] != 'vhostsubdomain' && $data['new']['type'] != 'vhostalias' && $data['new']['parent_domain_id'] > 0) {
$old_parent_domain_id = intval($data['old']['parent_domain_id']);
$new_parent_domain_id = intval($data['new']['parent_domain_id']);
// If the parent_domain_id has been chenged, we will have to update the old site as well.
if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
$this->update($event_name, $data);
}
// This is not a vhost, so we need to update the parent record instead.
$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
}
// load the server configuration options
$app->uses('getconf');
$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
// Create group and user, if not exist
$app->uses('system');
//* Create the vhost config file
$app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate('nginx_reverseproxy_vhost.conf.master');
$vhost_data = $data['new'];
$vhost_data['config_dir'] = $config['nginx']['config_dir'];
$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
// Check if a SSL cert exists
$ssl_dir = $config['nginx']['config_dir'].'/ssl';
$domain = $data['new']['ssl_domain'];
$key_file = $ssl_dir.'/'.$domain.'.key';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
if($vhost_data['nginx_directives']) {
$vhost_data['nginx_directives'] = preg_replace("/\[IP\]/", $vhost_data['ip_address'], $vhost_data['nginx_directives']);
}
if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
$vhost_data['ssl_enabled'] = 1;
$app->log('Enable SSL for: '.$domain, LOGLEVEL_DEBUG);
} else {
$vhost_data['ssl_enabled'] = 0;
$app->log('Disable SSL for: '.$domain, LOGLEVEL_DEBUG);
}
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
$tpl->setVar($vhost_data);
// get alias domains (co-domains and subdomains)
$aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);
$server_alias = array();
switch($data['new']['subdomain']) {
case 'www':
$server_alias[] .= 'www.'.$data['new']['domain'].' ';
break;
case '*':
$server_alias[] .= '*.'.$data['new']['domain'].' ';
break;
}
if(is_array($aliases)) {
foreach($aliases as $alias) {
switch($alias['subdomain']) {
case 'www':
$server_alias[] .= 'www.'.$alias['domain'].' '.$alias['domain'].' ';
break;
case '*':
$server_alias[] .= '*.'.$alias['domain'].' '.$alias['domain'].' ';
break;
default:
$server_alias[] .= $alias['domain'].' ';
break;
}
$app->log('Add server alias: '.$alias['domain'], LOGLEVEL_DEBUG);
}
}
//* If we have some alias records
if(count($server_alias) > 0) {
$server_alias_str = '';
$n = 0;
// begin a new ServerAlias line after 30 alias domains
foreach($server_alias as $tmp_alias) {
if($n % 30 == 0) $server_alias_str .= " ";
$server_alias_str .= $tmp_alias;
}
unset($tmp_alias);
$tpl->setVar('alias', trim($server_alias_str));
} else {
$tpl->setVar('alias', '');
}
$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost';
//* Make a backup copy of vhost file
copy($vhost_file, $vhost_file.'~');
//* Write vhost file
file_put_contents($vhost_file, $tpl->grab());
$app->log('Writing the vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
unset($tpl);
// Set the symlink to enable the vhost
$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost';
if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
symlink($vhost_file, $vhost_symlink);
$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
}
// Remove the symlink, if site is inactive
if($data['new']['active'] == 'n' && is_link($vhost_symlink)) {
unlink($vhost_symlink);
$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
}
if(!is_dir('/var/log/ispconfig/nginx/'.$data['new']['domain'])) $app->system->exec_safe('mkdir -p ?', '/var/log/ispconfig/nginx/'.$data['new']['domain']);
// remove old symlink and vhost file, if domain name of the site has changed
if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
unlink($vhost_symlink);
$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
unlink($vhost_file);
$app->log('Removing file: '.$vhost_file, LOGLEVEL_DEBUG);
if(is_dir('/var/log/ispconfig/nginx/'.$data['old']['domain'])) $app->system->exec_safe('rm -rf ?', '/var/log/ispconfig/nginx/'.$data['old']['domain']);
}
// request a httpd reload when all records have been processed
$app->services->restartServiceDelayed('nginx', 'restart');
// Remove the backup copy of the config file.
if(@is_file($vhost_file.'~')) unlink($vhost_file.'~');
//* Unset action to clean it for next processed vhost.
$this->action = '';
}
// Handle the creation of SSL certificates
function ssl($event_name, $data) {
global $app, $conf;
if(!is_dir($conf['nginx']['config_dir'].'/ssl')) $app->system->exec_safe('mkdir -p ?', $conf['nginx']['config_dir'].'/ssl');
$ssl_dir = $conf['nginx']['config_dir'].'/ssl';
$domain = $data['new']['ssl_domain'];
$key_file = $ssl_dir.'/'.$domain.'.key.org';
$key_file2 = $ssl_dir.'/'.$domain.'.key';
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
$web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);
$src_ssl_dir = $web["document_root"]."/ssl";
//$domain = $data["new"]["ssl_domain"];
//$csr_file = $ssl_dir.'/'.$domain.".csr";
//$crt_file = $ssl_dir.'/'.$domain.".crt";
//$bundle_file = $ssl_dir.'/'.$domain.".bundle";
$app->system->exec_safe('rsync -v -e ssh root@?:? ?', $web['ip_address'], '~/'.$src_ssl_dir, $ssl_dir);
$app->log('Syncing SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
//* Delete a SSL certificate
if($data['new']['ssl_action'] == 'del') {
//$ssl_dir = $data['new']['document_root'].'/ssl';
$domain = $data['new']['ssl_domain'];
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
unlink($csr_file);
unlink($crt_file);
unlink($bundle_file);
$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
}
function delete($event_name, $data) {
global $app, $conf;
// load the server configuration options
$app->uses('getconf');
$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {
//* This is a website
// Deleting the vhost file, symlink and the data directory
$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
unlink($vhost_symlink);
$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
unlink($vhost_file);
$app->log('Removing vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
// Delete the log file directory
$vhost_logfile_dir = '/var/log/ispconfig/nginx/'.$data['old']['domain'];
if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir, '..')) $app->system->exec_safe('rm -rf ?', $vhost_logfile_dir);
$app->log('Removing website logfile directory: '.$vhost_logfile_dir, LOGLEVEL_DEBUG);
}
}
function rewrite_insert($event_name, $data) {
global $app, $conf;
// just run the update function
$this->update($event_name, $data);
}
function rewrite_update($event_name, $data) {
global $app, $conf;
$rules = $this->_getRewriteRules($app);
$app->uses('getconf');
$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
$app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate("nginx_reverseproxy_rewrites.conf.master");
if (!empty($rules))$tpl->setLoop('nginx_rewrite_rules', $rules);
$rewrites_file = $nginx_config['nginx_vhost_conf_dir'].'/default.rewrites.conf';
//* Make a backup copy of vhost file
copy($rewrites_file, $rewrites_file.'~');
//* Write vhost file
file_put_contents($rewrites_file, $tpl->grab());
$app->log('Writing the nginx rewrites file: '.$rewrites_file, LOGLEVEL_DEBUG);
unset($tpl);
// Set the symlink to enable the vhost
$rewrite_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/default.rewrites.conf';
if(!is_link($rewrite_symlink)) {
symlink($rewrites_file, $rewrite_symlink);
$app->log('Creating symlink for nginx rewrites: '.$rewrite_symlink.'->'.$rewrites_file, LOGLEVEL_DEBUG);
}
}
function rewrite_delete($event_name, $data) {
global $app, $conf;
// just run the update function
$this->rewrite_update($event_name, $data);
}
function _getRewriteRules($app)
{
$rules = array();
$rules = $app->db->queryAllRecords("SELECT rewrite_url_src, rewrite_url_dst FROM proxy_reverse ORDER BY rewrite_id ASC");
return $rules;
}
} // end class
?>
docs/under_development/CHROOTED_DEBIAN_5.0.txt 0 → 100644
View file @ d7960adc
#!/bin/sh
#
# rev 0.6
#
# dxr@brutalsec.net
# 01-09-2009
#
# We can create a script for configure chroot environment but,
# YOU MUST UNDERSTAND HOW TO WORK IT for can solve possible
# problems in the future.
#
# Every service has its own chroot environment:
# BIND -> chroot
# Apache -> chroot
# Dovecot -> chroot
# Pureftpd -> Apache's chroot
#
# Only apache and php packages aren't installed in real system,
# only in chroot environment with symbolic links from real system.
#
# PLEASE, CONFIGURE CHROOT ENVIROMENT IF SECURITY IS REALLY
# IMPORTANT FOR YOU AND YOU KNOWN HOW TO WORK IT!
#
exit 1
1. BACKUP before changing anything on the system
2. Create partitions
3. Remove possible Apache or PHP installations on real system
4. Prepare Chroot environment
5. Linking Webserver aplication from real system
6. mini_sendmail
7. Test services
8. Howto install ispconfig3
9. Migration
1. BACKUP before changing anything on the system
# If is not a new installation, then
BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
2. Create partitions
/var/www/ Chroot partition (ext3)
/var/www/html/ Chroot system
/var/www/html/var/log/apache2 Log partition (ext3)
/var/www/html/var/www/html Webs partition (xfs)
/var/www/html/tmp Temporal dir (tmpfs, options: )
/dev/lvm_foobar1/chroot_lv -> /var/www/ (ext3)
/dev/lvm_foobar2/apachelogs_lv -> /var/www/html/var/log/apache2 (ext3)
/dev/lvm_foobar3/hosting_lv -> /var/www/html/var/www/html (xfs)
mount /dev/lvm_foobar1/chroot_lv /var/www/
mkdir -p /var/www/html/var/log/apache2 /var/www/html/var/www/html
mount /dev/lvm_foobar2/apachelogs_lv /var/www/html/var/log/apache2
mount /dev/lvm_foobar3/hosting_lv /var/www/html/var/www/html
3. Remove possible Apache or PHP installations on real system
# We never wont install apache or php in non-chroot system, if we have installed, we only have do a backup of configurations, uninstall, and check every symbolic link
dpkg -l|egrep --color -i 'apache|php'
4. Prepare Chroot environment
# Install packages in real system
apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support patch make gcc mysql-server subversion ssh openssh-server ntp ntpdate vim libdbd-mysql libdbi-perl dnsutils
# The non webserver will install outside of chroot
apt-get install postfix postfix-mysql postfix-doc mysql-client openssl getmail4 rkhunter amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl pure-ftpd-common pure-ftpd-mysql quota quotatool
# If you will use courier:
apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql courier-maildrop
# If you will use dovecot:
#apt-get install dovecot-imapd dovecot-pop3d
# If you will use BIND:
apt-get install bind9 bind9utils
#
# If we want execute php from real system (crontabs for example) we need install php dependencies in real system:
# libgd2-xpm libt1-5 libmagick10 libc-client2007b libmcrypt4
# cat /var/log/ispconfig/cron.log
# ldd /usr/lib/php5/20060613/mcrypt.so
#
time debootstrap --arch=amd64 lenny /var/www/html/ ftp://ftp.fr.debian.org/debian/
echo "/proc /var/www/html/proc proc defaults 0 0">>/etc/fstab
echo "devpts /var/www/html/dev/pts devpts defaults 0 0">>/etc/fstab
mount -a
# We must create sshusers group
echo "@sshusers - chroot /var/www/html/">>/etc/security/limits.conf
chroot /var/www/html apt-get update
chroot /var/www/html apt-get install fakeroot --force-yes -y
chroot /var/www/html apt-get install locales
chroot /var/www/html dpkg-reconfigure locales
mv /usr/lib/apache2 /usr/lib/apache2_old
mv /var/log/apache2 /var/log/apache2_old
mv /var/lock/apache2 /var/lock/apache2_old
mv /var/lib/apache2 /var/lib/apache2_old
mv /usr/lib/php5 /usr/lib/php5_old
mv /etc/apache2 /etc/apache2_old
mv /etc/suphp /etc/suphp_old
chroot /var/www/html apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-chroot php-apc libtimedate-perl
chroot /var/www/html /etc/init.d/apache2 stop
chroot /var/www/html a2enmod mod_chroot
chroot /var/www/html a2enmod suexec
echo "ChrootDir /var/www/html" > /var/www/html/etc/apache2/conf.d/mod_chroot.conf
sed -i -e 's#DocumentRoot /var/www/#DocumentRoot /var/www/html/#' /var/www/html/etc/apache2/sites-enabled/000-default
sed -i -e 's#x-httpd-php=php:/usr/bin/php-cgi#x-httpd-php=php:/usr/bin/php-cgi\nx-httpd-suphp=php:/usr/bin/php-cgi\nx-httpd-php=php:/usr/bin/php-cgi#' /var/www/html/etc/suphp/suphp.conf
sed -i -e 's#/var/run/apache2.pid#/var/run/apache2/apache2.pid#' /var/www/html/etc/apache2/envvars
sed -i -e 's/^"syntax on/syntax on/' /etc/vim/vimrc
sed -i -e 's/^"syntax on/syntax on/' /var/www/html/etc/vim/vimrc
# Protect apache configuration. ONLY root can read it
chown root:root /var/www/html/etc/apache2/ && chmod 700 /var/www/html/etc/apache2/
chmod 711 /var/www/html/etc/php5/
5. # Is good idea to add Nagios alarm for check every symbolic link is correct.
ln -s /var/www/html/etc/apache2 /etc/apache2
ln -s /var/www/html/etc/suphp /etc/suphp
ln -s /var/www/html/var/run/apache2 /var/run/apache2
ln -s /var/www/html/var/run/apache2.pid /var/run/apache2.pid
ln -s /var/www/html/usr/sbin/apache2ctl /usr/sbin/apache2ctl
ln -s /var/www/html/usr/sbin/apache2 /usr/sbin/apache2
ln -s /var/www/html/usr/lib/apache2 /usr/lib/apache2
ln -s /var/www/html/usr/sbin/a2enmod /usr/sbin/a2enmod
ln -s /var/www/html/usr/sbin/a2dismod /usr/sbin/a2dismod
ln -s /var/www/html/usr/sbin/a2ensite /usr/sbin/a2ensite
ln -s /var/www/html/usr/sbin/a2dissite /usr/sbin/a2dissite
ln -s /var/www/html/var/log/apache2 /var/log/apache2
ln -s /var/www/html/var/lock/apache2 /var/lock/apache2
ln -s /var/www/html/var/lib/apache2 /var/lib/apache2
ln -s /var/www/html/usr/lib/php5 /usr/lib/php5
ln -s /var/www/html/etc/init.d/apache2 /etc/init.d/apache2
# Neccessary for to install ispconfig3 from real system:
ln -s /var/www/html/usr/bin/php5 /usr/bin/php5
ln -s /var/www/html/etc/alternatives/php /etc/alternatives/php
ln -s /var/www/html/usr/bin/php /usr/bin/php
ln -s /var/www/html/etc/php5 /etc/php5
6. # Install mini_sendmail for chroot
# We can use mini_sendmail for delivery emails directy in remote servers, but i prefer to control it in central mailserver for check spammers and limit it.
cd /tmp/
wget http://acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
tar xzf mini_sendmail-1.3.6.tar.gz
wget http://users1.leipzig.freifunk.net/%7Efirmware-build/brcm_2_4_Broadcom_default/build/openwrt_packages/mail/mini_sendmail/patches/200-fullname.patch
patch -p0 < 200-fullname.patch
cd mini_sendmail-1.3.6
make
# 2e555b2573c3ea65a467a5960f0b51f6 mini_sendmail
mv /var/www/html/usr/lib/sendmail /var/www/html/usr/lib/sendmail_old
mv /var/www/html/usr/sbin/sendmail /var/www/html/usr/sbin/sendmail_old
cp mini_sendmail /var/www/html/usr/sbin/mini_sendmail
cd /var/www/html/usr/lib/ && ln -s ../sbin/mini_sendmail sendmail
cd /var/www/html/usr/sbin && ln -s mini_sendmail sendmail
# ./mini_sendmail -h
# usage: ./mini_sendmail [-f<name>] [-t] [-s<server>] [-p<port>] [-T<timeout>] [-v] [address ...]
#add to php.ini (/var/www/html/etc/php5/apache2/php.ini /var/www2/etc/php5/cli/php.ini /var/www2/etc/php5/cgi/php.ini line :672)
# sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
sed -i -e 's#^;sendmail_path =$#sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1#' /var/www/html/etc/php5/apache2/php.ini /var/www/html/etc/php5/cli/php.ini /var/www/html/etc/php5/cgi/php.ini
7.
# Test
apache2ctl restart
# php -i|grep --color sendmail
#sendmail_from => no value => no value
#sendmail_path => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1 => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
#Path to sendmail => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
# Sould be good idea check /var/www/html/usr/lib/sendmail /var/www/html/usr/sbin/sendmail and /var/www/html/usr/sbin/mini_sendmail with nagios alarm ;)
8. Install ispconfig ........
cd /tmp/
svn co svn://svn.ispconfig.org/ispconfig3 svn.ispconfig.org
mv /usr/local/ispconfig /var/www/html/usr/local/
ln -s /var/www/html/usr/local/ispconfig /usr/local/ispconfig
mv /var/www/apps /var/www/html/var/www/
mv /var/www/php-fcgi-scripts /var/www/html/var/www/
mv /var/www/ispconfig /var/www/html/var/www/
ln -s /var/www/html//var/www/ispconfig /var/www/ispconfig
ln -s /var/www/html/var/www/php-fcgi-scripts /var/www/php-fcgi-scripts
ln -s /var/www/html/var/www/apps /var/www/apps
# After copy, we must clean unnecessary users and groups
cp -r /etc/{passwd,group,apt} /var/www/html/etc/
apache2ctl stop
apache2ctl start
### Migration to other server ###
Really easy:
Do step 1
And after do a simple rsync:
screen
time rsync -a --progress root@host1:/var/www/ /var/www/
# Install some apache's dependencies
apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support
Do step 5
Do step 6
docs/under_development/DEV_CHROOTED_DEBIAN_5.0.txt 0 → 100644
View file @ d7960adc
Setting up a chrooted ispconfig 3 installation
--------------------------------------------------------------------
# Follow the steps 1 - 8 of the INSTALL_DEBIAN_5.0 Guide, then proceed
# with the steps below.
#
# This guide is experimental as there are a few changes necessary in
# ispconfig to get it working. These changes will be part of ISPConfig 3.0.2
# Install packages
apt-get install debootstrap libapache2-mod-chroot
# Create the chroot environment
debootstrap lenny /var/www/ ftp://ftp.fr.debian.org/debian/
# Add mountpoints for the chroot env into the fstab file
echo "/proc /var/www/proc proc defaults 0 0">>/etc/fstab
echo "devpts /var/www/dev/pts devpts defaults 0 0">>/etc/fstab
# mount all the filesystems
mount -a
# add a default chroot dir for all users of the sshusers group
echo "@sshusers - chroot /var/www/">>/etc/security/limits.conf
# copy passwd and group files to the chroot env
cp -rf /etc/apt /etc/passwd /etc/group /var/www/etc/ # Cleaning unnecessary users and groups
# Create symlinks
cd /var/www/var/
rm -rf /var/www/var/www
ln -s / www
# Enter the chroot
chroot /var/www
# Update files in the chroot environment and install some packages.
# You can ignore warnings about locales, we will fix them in the next step.
apt-get update
apt-get install fakeroot --force-yes -y
apt-get install locales
# Reconfigure locales. Select e.g the en_US* locales.
dpkg-reconfigure locales
# run a dist-upgrade
fakeroot apt-get dist-upgrade
# Install Apache and PHP in the chroot environment
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby
/etc/init.d/apache2 stop
# Exit the chroot
exit
# Moving the apache configuration is not necessary, as Apache reads
# the config files before it moves into the chroot
# rm -rf /var/www/etc/apache2
# mv -f /etc/apache2 /var/www/etc/
# ln -s /var/www/etc/apache2 /etc/apache2
rm -rf /var/www/etc/php5/cgi/
mv -f /etc/php5/cgi/ /var/www/etc/php5/
ln -s /var/www/etc/php5/cgi /etc/php5/
rm -rf /var/www/etc/php5/apache2/
mv -f /etc/php5/apache2/ /var/www/etc/php5/
ln -s /var/www/etc/php5/apache2 /etc/php5/
ln -s /var/www/var/run/apache2.pid /var/run/apache2.pid
# enable mod_chroot
a2enmod mod_chroot
echo "ChrootDir /var/www" > /etc/apache2/conf.d/mod_chroot.conf
# Start apache
/etc/init.d/apache2 start
# Install ISPConfig
cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.0.1.4-beta-2.tar.gz
tar xvfz ISPConfig-3.0.1.4-beta-2.tar.gz
cd ispconfig3_install/install/
php -q install.php
cd /tmp/
rm -rf ispconfig3_install
rm -f ISPConfig-3.0.1.4-beta-2.tar.gz
# Move the ispconfig interface part to the chroot environment and create a symlink
mkdir /var/www/usr/local/ispconfig
chown ispconfig:ispconfig /var/www/usr/local/ispconfig
chmod 750 /var/www/usr/local/ispconfig
mv /usr/local/ispconfig/interface /var/www/usr/local/ispconfig/
ln -s /var/www/usr/local/ispconfig/interface /usr/local/ispconfig/interface
chroot /var/www adduser www-data ispconfig
# Create a link for the MySQL socket
ln /var/run/mysqld/mysqld.sock /var/www/var/run/mysqld/mysqld.sock
# As an alternative to making a hardlink to the MySQL socket,
# change the my.cnf file in the chroot to use TCP sockets.
# This is more secure but a bit slower than using the mysqld.sock file.
# Restart Apache
/etc/init.d/apache2 restart