docs/Remote_API_docs.txt

+
+
+The remote API documentation is in the remoting_client/API-docs subfolder.

docs/autoinstall_samples/autoinstall.conf_sample.php

+<?php
+$autoinstall['language'] = 'en'; // de, en (default)
+$autoinstall['install_mode'] = 'standard'; // standard (default), expert
+
+$autoinstall['hostname'] = 'server1.example.com'; // default
+$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
+$autoinstall['mysql_port'] = '3306'; // default: 3306
+$autoinstall['mysql_root_user'] = 'root'; // default: root
+$autoinstall['mysql_root_password'] = 'howtoforge';
+$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
+$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
+$autoinstall['http_server'] = 'nginx'; // apache (default), nginx
+$autoinstall['ispconfig_port'] = '8080'; // default: 8080
+$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
+$autoinstall['ispconfig_admin_password'] = 'admin'; // default: admin
+$autoinstall['create_ssl_server_certs'] = 'y';
+$autoinstall['ignore_hostname_dns'] = 'n';
+$autoinstall['ispconfig_postfix_ssl_symlink'] = 'y';
+$autoinstall['ispconfig_pureftpd_ssl_symlink'] = 'y';
+
+/* SSL Settings */
+$autoinstall['ssl_cert_country'] = 'AU';
+$autoinstall['ssl_cert_state'] = 'Some-State';
+$autoinstall['ssl_cert_locality'] = 'Chicago';
+$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
+$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
+$autoinstall['ssl_cert_common_name'] = $autoinstall['hostname'];
+$autoinstall['ssl_cert_email'] = 'hostmaster@'.$autoinstall['hostname'];
+
+/* optional expert mode settings, needed only for expert mode */
+$autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
+$autoinstall['mysql_ispconfig_password'] = bin2hex(random_bytes(20));
+$autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
+$autoinstall['mysql_master_hostname'] = 'master.example.com';
+$autoinstall['mysql_master_root_user'] = 'root';
+$autoinstall['mysql_master_root_password'] = 'howtoforge';
+$autoinstall['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
+$autoinstall['configure_mail'] = 'y'; // y (default), n
+$autoinstall['configure_jailkit'] = 'y'; // y (default), n
+$autoinstall['configure_ftp'] = 'y'; // y (default), n
+$autoinstall['configure_dns'] = 'y'; // y (default), n
+$autoinstall['configure_apache'] = 'y'; // y (default), n
+$autoinstall['configure_nginx'] = 'y'; // y (default), n
+$autoinstall['configure_firewall'] = 'y'; // y (default), n
+$autoinstall['install_ispconfig_web_interface'] = 'y'; // y (default), n
+
+/* optional update settings, needed only for updates */
+$autoupdate['do_backup'] = 'yes'; // yes (default), no
+$autoupdate['mysql_root_password'] = 'howtoforge';
+$autoupdate['mysql_master_hostname'] = 'master.example.com';
+$autoupdate['mysql_master_root_user'] = 'root';
+$autoupdate['mysql_master_root_password'] = 'howtoforge';
+$autoupdate['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
+$autoupdate['reconfigure_permissions_in_master_database'] = 'no'; // no (default), yes
+$autoupdate['reconfigure_services'] = 'yes'; // yes (default), no
+$autoupdate['ispconfig_port'] = '8080'; // default: 8080
+$autoupdate['create_new_ispconfig_ssl_cert'] = 'no'; // no (default), yes
+$autoupdate['reconfigure_crontab'] = 'yes'; // yes (default), no
+$autoupdate['create_ssl_server_certs'] = 'y';
+$autoupdate['ignore_hostname_dns'] = 'n';
+$autoupdate['ispconfig_postfix_ssl_symlink'] = 'y';
+$autoupdate['ispconfig_pureftpd_ssl_symlink'] = 'y';
+
+/* These are for service-detection (defaulting to old behaviour where all changes were automatically accepted) */
+$autoupdate['svc_detect_change_mail_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_web_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_dns_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_xmpp_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_firewall_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_vserver_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_db_server'] = 'yes'; // yes (default), no
+
+?>

docs/autoinstall_samples/autoinstall.ini.sample

+[install]
+language=en
+install_mode=standard
+hostname=server1.example.com
+mysql_hostname=localhost
+mysql_port=3306
+mysql_root_user=root
+mysql_root_password=ispconfig
+mysql_database=dbispconfig
+mysql_charset=utf8
+http_server=apache
+ispconfig_port=8080
+ispconfig_use_ssl=y
+ispconfig_admin_password=admin
+create_ssl_server_certs=y
+ignore_hostname_dns=n
+ispconfig_postfix_ssl_symlink=y
+ispconfig_pureftpd_ssl_symlink=y
+
+[ssl_cert]
+ssl_cert_country=AU
+ssl_cert_state=Some-State
+ssl_cert_locality=Chicago
+ssl_cert_organisation=Internet Widgits Pty Ltd
+ssl_cert_organisation_unit=IT department
+ssl_cert_common_name=server1.example.com
+ssl_cert_email=hostmaster@example.com
+
+[expert]
+mysql_ispconfig_user=ispconfig
+mysql_ispconfig_password=afStEratXBsgatRtsa42CadwhQ
+join_multiserver_setup=n
+mysql_master_hostname=master.example.com
+mysql_master_root_user=root
+mysql_master_root_password=ispconfig
+mysql_master_database=dbispconfig
+configure_mail=y
+configure_jailkit=y
+configure_ftp=y
+configure_dns=y
+configure_apache=y
+configure_nginx=y
+configure_firewall=y
+install_ispconfig_web_interface=y
+
+[update]
+do_backup=yes
+mysql_root_password=ispconfig
+mysql_master_hostname=master.example.com
+mysql_master_root_user=root
+mysql_master_root_password=ispconfig
+mysql_master_database=dbispconfig
+reconfigure_permissions_in_master_database=no
+reconfigure_services=yes
+ispconfig_port=8080
+create_new_ispconfig_ssl_cert=no
+reconfigure_crontab=yes
+create_ssl_server_certs=y
+ignore_hostname_dns=n
+ispconfig_postfix_ssl_symlink=y
+ispconfig_pureftpd_ssl_symlink=y
+
+; These are for service-detection (defaulting to old behaviour where all changes were automatically accepted)
+svc_detect_change_mail_server=yes
+svc_detect_change_web_server=yes
+svc_detect_change_dns_server=yes
+svc_detect_change_xmpp_server=yes
+svc_detect_change_firewall_server=yes
+svc_detect_change_vserver_server=yes
+svc_detect_change_db_server=yes

docs/examples/blacklist_helo.master

+# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
+#
+# This file can be used to block hostnames used in smtp HELO command which are known bad.
+# Occasionally you will run into legitimate mail servers which are misconfigured and end
+# up blocked here, so this is not enabled by default, but it is useful if you are prepared
+# to address those cases.  .local is particularly problematic, and commented out by default.
+#
+# Note that any server hitting this check is misconfigured, all of the names below are bogus
+# and not allowed per RFC 2821.
+#
+# If your own users are blocked by this, they are not authenticating to your server when
+# sending (this check is after permit_sasl, which permits authenticated senders).
+#
+# Instructions:
+#
+# Copy this file to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
+# as well as /etc/postfix/blacklist_helo, so your changes are not overwritten with ispconfig
+# updates.
+
+# probably just put REJECT lines in here,
+# as OK lines will bypass a lot of other checks you may want done
+# (use DUNNO instead of OK)
+#
+
+# common for spammers (check https://data.iana.org/TLD/tlds-alpha-by-domain.txt and remove valid tld's occasionally)
+/.*\.administrator$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.admin$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.bac$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.coma$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dlink$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dns$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.domain$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dynamic$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyndns\.org$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyn$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.firewall$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gateway$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.home$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.internal$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.intern$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.janak$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.kornet$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lab$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lan$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localdomain$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localhost$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+# .local is used by spammers a lot, but too many otherwise legit servers hit it
+# (instead of REJECT, should send to greylisting)
+#/.*\.local$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.loc$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lokal$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.mail$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.nat$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.netzwerk$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.pc$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.privat$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.private$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.router$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.setup$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.119$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.beeline$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.cici$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt_3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt-3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.hananet$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.skbroadband$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.tbroad$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+

docs/old_server_plugins/bind_dlz_plugin.inc.php

+<?php
+
+/*
+Copyright (c) 2009, Falko Timme, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/*
+TABLE STRUCTURE of the "named" database:
+
+CREATE TABLE IF NOT EXISTS `records` (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `zone` varchar(255) NOT NULL,
+  `ttl` int(11) NOT NULL default '3600',
+  `type` varchar(255) NOT NULL,
+  `host` varchar(255) NOT NULL default '@',
+  `mx_priority` int(11) default NULL,
+  `data` text,
+  `primary_ns` varchar(255) default NULL,
+  `resp_contact` varchar(255) default NULL,
+  `serial` bigint(20) default NULL,
+  `refresh` int(11) default NULL,
+  `retry` int(11) default NULL,
+  `expire` int(11) default NULL,
+  `minimum` int(11) default NULL,
+  `ispconfig_id` int(11) NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `type` (`type`),
+  KEY `host` (`host`),
+  KEY `zone` (`zone`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+
+CREATE TABLE IF NOT EXISTS `xfr` (
+  `id` int(11) NOT NULL auto_increment,
+  `zone` varchar(255) NOT NULL,
+  `client` varchar(255) NOT NULL,
+  `ispconfig_id` int(11) NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `zone` (`zone`),
+  KEY `client` (`client`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+
+*/
+
+class bind_dlz_plugin {
+
+	var $plugin_name = 'bind_dlz_plugin';
+	var $class_name  = 'bind_dlz_plugin';
+
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall()
+	{
+		global $conf;
+
+		if(isset($conf['bind']['installed']) && $conf['bind']['installed'] == true) {
+			// Temporarily disabled until the installer supports the automatic creation of the necessary
+			// database or at least to select between filebased nd db based bind, as not all bind versions
+			// support dlz out of the box. To enable this plugin manually, create a symlink from the plugins-enabled
+			// directory to this file in the plugins-available directory.
+			return false;
+			//return true;
+		} else {
+			return false;
+		}
+
+	}
+
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+
+	function onLoad()
+	{
+		global $app;
+
+		/*
+		Register for the events
+		*/
+
+		//* SOA
+		$app->plugins->registerEvent('dns_soa_insert', $this->plugin_name, 'soa_insert');
+		$app->plugins->registerEvent('dns_soa_update', $this->plugin_name, 'soa_update');
+		$app->plugins->registerEvent('dns_soa_delete', $this->plugin_name, 'soa_delete');
+
+		//* RR
+		$app->plugins->registerEvent('dns_rr_insert', $this->plugin_name, 'rr_insert');
+		$app->plugins->registerEvent('dns_rr_update', $this->plugin_name, 'rr_update');
+		$app->plugins->registerEvent('dns_rr_delete', $this->plugin_name, 'rr_delete');
+	}
+
+
+	function soa_insert($event_name, $data)
+	{
+		global $app, $conf;
+
+		if($data["new"]["active"] != 'Y') return;
+
+		$origin = substr($data["new"]["origin"], 0, -1);
+		$ispconfig_id = $data["new"]["id"];
+		$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
+
+		$ttl = $data["new"]["ttl"];
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query("INSERT INTO named.records (zone, ttl, type, primary_ns, resp_contact, serial, refresh, retry, expire, minimum, ispconfig_id) VALUES ".
+			"(?, ?, 'SOA', ?, ?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $ispconfig_id);
+		//unset($_db);
+	}
+
+	function soa_update($event_name, $data)
+	{
+		global $app, $conf;
+
+		if($data["new"]["active"] != 'Y')
+		{
+			if($data["old"]["active"] != 'Y') return;
+			$this->soa_delete($event_name, $data);
+		}
+		else
+		{
+			if($data["old"]["active"] == 'Y')
+			{
+				$origin = substr($data["new"]["origin"], 0, -1);
+				$ispconfig_id = $data["new"]["id"];
+				$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
+
+				$ttl = $data["new"]["ttl"];
+
+				//$_db = clone $app->db;
+				//$_db->dbName = 'named';
+
+				$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, primary_ns = ?, resp_contact = ?, serial = ?, refresh = ?, retry = ?, expire = ?, minimum = ? WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $data["new"]["id"]);
+				//unset($_db);
+			}
+			else
+			{
+				$this->soa_insert($event_name, $data);
+				$ispconfig_id = $data["new"]["id"];
+
+				if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id))
+				{
+					foreach($records as $record)
+					{
+						foreach ($record as $key => $val) {
+							$data["new"][$key] = $val;
+						}
+						$this->rr_insert("dns_rr_insert", $data);
+					}
+				}
+			}
+		}
+
+	}
+
+	function soa_delete($event_name, $data)
+	{
+		global $app, $conf;
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query( "DELETE FROM named.dns_records WHERE zone = ?", substr($data['old']['origin'], 0, -1));
+		//unset($_db);
+	}
+
+	function rr_insert($event_name, $data)
+	{
+		global $app, $conf;
+		if($data["new"]["active"] != 'Y') return;
+
+		$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
+		$origin = substr($zone["origin"], 0, -1);
+		$ispconfig_id = $data["new"]["id"];
+
+		$type = $data["new"]["type"];
+
+		if (substr($data["new"]["name"], -1) == '.') {
+			$name = substr($data["new"]["name"], 0, -1);
+		} else {
+			$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
+		}
+
+		if ($name == $origin || $name == '') {
+			$name = '@';
+		}
+
+		switch ($type)
+		{
+		case "CNAME":
+		case "MX":
+		case "NS":
+		case "ALIAS":
+		case "PTR":
+		case "SRV":
+			if(substr($data["new"]["data"], -1) != '.'){
+				$content = $data["new"]["data"] . '.';
+			} else {
+				$content = $data["new"]["data"];
+			}
+			break;
+		case "HINFO":
+			$content = $data["new"]["data"];
+			$quote1 = strpos($content, '"');
+
+			if($quote1 !== FALSE) {
+				$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
+			}
+
+			if ($quote1 !== FALSE && $quote2 !== FALSE) {
+				$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
+				$content = $text_between_quotes.substr($content, ($quote2 + 2));
+			}
+			break;
+		default:
+			$content = $data["new"]["data"];
+		}
+
+		$ttl = $data["new"]["ttl"];
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		if ($type == 'MX') {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, host, mx_priority, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $data["new"]["aux"], $content, $ispconfig_id);
+		} elseif ($type == 'SRV') {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?)", $origin, $ttl, $type, $data["new"]["aux"] . ' ' . $content, $ispconfig_id);
+		} else {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, host, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $content, $ispconfig_id);
+		}
+
+		//unset($_db);
+	}
+
+	function rr_update($event_name, $data)
+	{
+		global $app, $conf;
+
+		if ($data["new"]["active"] != 'Y')
+		{
+			if($data["old"]["active"] != 'Y') return;
+			$this->rr_delete($event_name, $data);
+		}
+		else
+		{
+			if ($data["old"]["active"] == 'Y')
+			{
+				$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
+				$origin = substr($zone["origin"], 0, -1);
+				$ispconfig_id = $data["new"]["id"];
+
+				$type = $data["new"]["type"];
+
+				if (substr($data["new"]["name"], -1) == '.') {
+					$name = substr($data["new"]["name"], 0, -1);
+				} else {
+					$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
+				}
+
+				if ($name == $origin || $name == '') {
+					$name = '@';
+				}
+
+				switch ($type)
+				{
+				case "CNAME":
+				case "MX":
+				case "NS":
+				case "ALIAS":
+				case "PTR":
+				case "SRV":
+					if(substr($data["new"]["data"], -1) != '.'){
+						$content = $data["new"]["data"] . '.';
+					} else {
+						$content = $data["new"]["data"];
+					}
+					break;
+				case "HINFO":
+					$content = $data["new"]["data"];
+					$quote1 = strpos($content, '"');
+					if($quote1 !== FALSE){
+						$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
+					}
+					if($quote1 !== FALSE && $quote2 !== FALSE){
+						$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
+						$content = $text_between_quotes.substr($content, ($quote2 + 2));
+					}
+					break;
+				default:
+					$content = $data["new"]["data"];
+				}
+
+				$ttl = $data["new"]["ttl"];
+				$prio = (int)$data["new"]["aux"];
+
+				//$_db = clone $app->db;
+				//$_db->dbName = 'named';
+
+				if ($type == 'MX') {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, mx_priority = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $prio, $content, $ispconfig_id);
+				} elseif ($type == 'SRV') {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $prio . ' ' . $content, $ispconfig_id);
+				} else {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $content, $ispconfig_id);
+				}
+
+				//unset($_db);
+			} else {
+				$this->rr_insert($event_name, $data);
+			}
+		}
+	}
+
+	function rr_delete($event_name, $data) {
+		global $app, $conf;
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = ?", substr($data['old']['origin'], 0, -1));
+		//unset($_db);
+	}
+
+} // end class
+?>

docs/old_server_plugins/nginx_reverseproxy_plugin.inc.php

+<?php
+
+class nginx_reverseproxy_plugin {
+
+	var $plugin_name = 'nginx_reverseproxy_plugin';
+	var $class_name = 'nginx_reverseproxy_plugin';
+
+	// private variables
+	var $action = '';
+
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall() {
+		global $conf;
+
+		if(isset($conf['services']['proxy']) && $conf['services']['proxy'] == true && isset($conf['nginx']['installed']) && $conf['nginx']['installed'] == true) {
+			return true;
+		} else {
+			return false;
+		}
+
+	}
+
+
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+
+	function onLoad() {
+		global $app;
+
+		/*
+		Register for the events
+		*/
+
+		$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'ssl');
+		$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'ssl');
+		$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'ssl');
+
+		$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'insert');
+		$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'update');
+		$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'delete');
+
+		// $app->plugins->registerEvent('proxy_reverse_insert',$this->plugin_name,'rewrite_insert');
+		// $app->plugins->registerEvent('proxy_reverse_update',$this->plugin_name,'rewrite_update');
+		// $app->plugins->registerEvent('proxy_reverse_delete',$this->plugin_name,'rewrite_delete');
+
+
+
+	}
+
+
+	function insert($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->update($event_name, $data);
+	}
+
+
+	function update($event_name, $data) {
+		global $app, $conf;
+
+		if($this->action != 'insert') $this->action = 'update';
+
+		if($data['new']['type'] != 'vhost' && $data['new']['type'] != 'vhostsubdomain' && $data['new']['type'] != 'vhostalias' && $data['new']['parent_domain_id'] > 0) {
+
+			$old_parent_domain_id = intval($data['old']['parent_domain_id']);
+			$new_parent_domain_id = intval($data['new']['parent_domain_id']);
+
+			// If the parent_domain_id has been chenged, we will have to update the old site as well.
+			if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
+				$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
+				$data['new'] = $tmp;
+				$data['old'] = $tmp;
+				$this->action = 'update';
+				$this->update($event_name, $data);
+			}
+
+			// This is not a vhost, so we need to update the parent record instead.
+			$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
+			$data['new'] = $tmp;
+			$data['old'] = $tmp;
+			$this->action = 'update';
+		}
+
+
+
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+		// Create group and user, if not exist
+		$app->uses('system');
+
+		//* Create the vhost config file
+		$app->load('tpl');
+
+		$tpl = new tpl();
+		$tpl->newTemplate('nginx_reverseproxy_vhost.conf.master');
+
+		$vhost_data = $data['new'];
+		$vhost_data['config_dir'] = $config['nginx']['config_dir'];
+
+		$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
+		// Check if a SSL cert exists
+		$ssl_dir = $config['nginx']['config_dir'].'/ssl';
+		$domain = $data['new']['ssl_domain'];
+		$key_file = $ssl_dir.'/'.$domain.'.key';
+		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+		$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+
+		if($vhost_data['nginx_directives']) {
+			$vhost_data['nginx_directives'] = preg_replace("/\[IP\]/", $vhost_data['ip_address'], $vhost_data['nginx_directives']);
+		}
+
+
+		if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
+			$vhost_data['ssl_enabled'] = 1;
+			$app->log('Enable SSL for: '.$domain, LOGLEVEL_DEBUG);
+		} else {
+			$vhost_data['ssl_enabled'] = 0;
+			$app->log('Disable SSL for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+		if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
+
+
+		$tpl->setVar($vhost_data);
+
+
+
+		// get alias domains (co-domains and subdomains)
+		$aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);
+		$server_alias = array();
+		switch($data['new']['subdomain']) {
+		case 'www':
+			$server_alias[] .= 'www.'.$data['new']['domain'].' ';
+			break;
+		case '*':
+			$server_alias[] .= '*.'.$data['new']['domain'].' ';
+			break;
+		}
+		if(is_array($aliases)) {
+			foreach($aliases as $alias) {
+				switch($alias['subdomain']) {
+				case 'www':
+					$server_alias[] .= 'www.'.$alias['domain'].' '.$alias['domain'].' ';
+					break;
+				case '*':
+					$server_alias[] .= '*.'.$alias['domain'].' '.$alias['domain'].' ';
+					break;
+				default:
+					$server_alias[] .= $alias['domain'].' ';
+					break;
+				}
+				$app->log('Add server alias: '.$alias['domain'], LOGLEVEL_DEBUG);
+
+			}
+		}
+
+		//* If we have some alias records
+		if(count($server_alias) > 0) {
+			$server_alias_str = '';
+			$n = 0;
+
+			// begin a new ServerAlias line after 30 alias domains
+			foreach($server_alias as $tmp_alias) {
+				if($n % 30 == 0) $server_alias_str .= " ";
+				$server_alias_str .= $tmp_alias;
+			}
+			unset($tmp_alias);
+
+			$tpl->setVar('alias', trim($server_alias_str));
+		} else {
+			$tpl->setVar('alias', '');
+		}
+
+
+		$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost';
+		//* Make a backup copy of vhost file
+		copy($vhost_file, $vhost_file.'~');
+
+		//* Write vhost file
+		file_put_contents($vhost_file, $tpl->grab());
+		$app->log('Writing the vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
+		unset($tpl);
+
+
+		// Set the symlink to enable the vhost
+		$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost';
+		if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
+			symlink($vhost_file, $vhost_symlink);
+			$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+		}
+
+		// Remove the symlink, if site is inactive
+		if($data['new']['active'] == 'n' && is_link($vhost_symlink)) {
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+		}
+
+		if(!is_dir('/var/log/ispconfig/nginx/'.$data['new']['domain'])) $app->system->exec_safe('mkdir -p ?', '/var/log/ispconfig/nginx/'.$data['new']['domain']);
+
+		// remove old symlink and vhost file, if domain name of the site has changed
+		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_file);
+			$app->log('Removing file: '.$vhost_file, LOGLEVEL_DEBUG);
+
+			if(is_dir('/var/log/ispconfig/nginx/'.$data['old']['domain'])) $app->system->exec_safe('rm -rf ?', '/var/log/ispconfig/nginx/'.$data['old']['domain']);
+		}
+
+		// request a httpd reload when all records have been processed
+		$app->services->restartServiceDelayed('nginx', 'restart');
+
+		// Remove the backup copy of the config file.
+		if(@is_file($vhost_file.'~')) unlink($vhost_file.'~');
+
+
+		//* Unset action to clean it for next processed vhost.
+		$this->action = '';
+
+	}
+
+
+
+
+	// Handle the creation of SSL certificates
+	function ssl($event_name, $data) {
+		global $app, $conf;
+
+		if(!is_dir($conf['nginx']['config_dir'].'/ssl')) $app->system->exec_safe('mkdir -p ?', $conf['nginx']['config_dir'].'/ssl');
+		$ssl_dir = $conf['nginx']['config_dir'].'/ssl';
+		$domain = $data['new']['ssl_domain'];
+		$key_file = $ssl_dir.'/'.$domain.'.key.org';
+		$key_file2 = $ssl_dir.'/'.$domain.'.key';
+		$csr_file = $ssl_dir.'/'.$domain.'.csr';
+		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+
+
+		//* Save a SSL certificate to disk
+		if($data["new"]["ssl_action"] == 'save') {
+			$web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);
+
+			$src_ssl_dir = $web["document_root"]."/ssl";
+			//$domain = $data["new"]["ssl_domain"];
+			//$csr_file = $ssl_dir.'/'.$domain.".csr";
+			//$crt_file = $ssl_dir.'/'.$domain.".crt";
+			//$bundle_file = $ssl_dir.'/'.$domain.".bundle";
+			$app->system->exec_safe('rsync -v -e ssh root@?:? ?', $web['ip_address'], '~/'.$src_ssl_dir, $ssl_dir);
+
+			$app->log('Syncing SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+		//* Delete a SSL certificate
+		if($data['new']['ssl_action'] == 'del') {
+			//$ssl_dir = $data['new']['document_root'].'/ssl';
+			$domain = $data['new']['ssl_domain'];
+			$csr_file = $ssl_dir.'/'.$domain.'.csr';
+			$crt_file = $ssl_dir.'/'.$domain.'.crt';
+			$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+			unlink($csr_file);
+			unlink($crt_file);
+			unlink($bundle_file);
+			$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+
+	}
+
+
+	function delete($event_name, $data) {
+		global $app, $conf;
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+
+		if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {
+
+			//* This is a website
+			// Deleting the vhost file, symlink and the data directory
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_file);
+			$app->log('Removing vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
+
+
+
+			// Delete the log file directory
+			$vhost_logfile_dir = '/var/log/ispconfig/nginx/'.$data['old']['domain'];
+			if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir, '..')) $app->system->exec_safe('rm -rf ?', $vhost_logfile_dir);
+			$app->log('Removing website logfile directory: '.$vhost_logfile_dir, LOGLEVEL_DEBUG);
+
+		}
+	}
+
+	function rewrite_insert($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->update($event_name, $data);
+	}
+
+	function rewrite_update($event_name, $data) {
+		global $app, $conf;
+
+		$rules = $this->_getRewriteRules($app);
+
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+		$app->load('tpl');
+		$tpl = new tpl();
+		$tpl->newTemplate("nginx_reverseproxy_rewrites.conf.master");
+		if (!empty($rules))$tpl->setLoop('nginx_rewrite_rules', $rules);
+
+		$rewrites_file = $nginx_config['nginx_vhost_conf_dir'].'/default.rewrites.conf';
+		//* Make a backup copy of vhost file
+		copy($rewrites_file, $rewrites_file.'~');
+
+		//* Write vhost file
+		file_put_contents($rewrites_file, $tpl->grab());
+		$app->log('Writing the nginx rewrites file: '.$rewrites_file, LOGLEVEL_DEBUG);
+		unset($tpl);
+
+
+		// Set the symlink to enable the vhost
+		$rewrite_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/default.rewrites.conf';
+
+		if(!is_link($rewrite_symlink)) {
+			symlink($rewrites_file, $rewrite_symlink);
+			$app->log('Creating symlink for nginx rewrites: '.$rewrite_symlink.'->'.$rewrites_file, LOGLEVEL_DEBUG);
+		}
+	}
+
+	function rewrite_delete($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->rewrite_update($event_name, $data);
+	}
+
+
+	function _getRewriteRules($app)
+	{
+		$rules = array();
+		$rules = $app->db->queryAllRecords("SELECT rewrite_url_src, rewrite_url_dst FROM proxy_reverse ORDER BY rewrite_id ASC");
+		return $rules;
+	}
+
+} // end class
+
+?>

helper_scripts/cert_check.sh

+#!/bin/bash
+
+chkdata() {
+	F=$1
+	CRT=$2
+	KEY=$3
+	if [[ "$CRT" != "" && "$KEY" != "" ]] ; then
+		if [[ ! -f "$CRT" ]] ; then
+			echo "[WARN] CERTIFICATE FILE ${CRT} MISSING FOR ${F}" ;
+		else 
+			echo -n "Checking ${CRT}" ;
+			CHK=$(openssl x509 -in "${CRT}" -text -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		if [[ ! -f "$KEY" ]] ; then
+			echo "[WARN] KEY FILE ${KEY} MISSING FOR ${F}" ;
+		else
+			echo -n "Checking ${KEY}" ;
+			CHK=$(openssl rsa -in "${KEY}" -check -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+	
+		if [[ -f "$CRT" && -f "$KEY" ]] ; then
+			echo -n "Checking that key and certificate match";
+			MDCRT=$(openssl x509 -noout -modulus -in "${CRT}" | openssl md5) ;
+			MDKEY=$(openssl rsa -noout -modulus -in "${KEY}" | openssl md5) ;
+			if [[ "$MDCRT" != "$MDKEY" ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		echo "---" ;
+	elif [[ "$CRT" != ""  || "$KEY" != "" ]] ; then
+		echo "[WARN] Check SSL config of ${F}";
+		echo "---" ;
+	fi
+}
+
+if [[ -d /etc/apache2/sites-enabled ]] ; then
+	echo "Checking enabled apache vhosts" ;
+	for FIL in /etc/apache2/sites-enabled/* ; do
+		CRT=$(grep 'SSLCertificateFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=$(grep 'SSLCertificateKeyFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
+
+if [[ -d /etc/nginx/sites-enabled ]] ; then
+	echo "Checking enabled nginx vhosts" ;
+	for FIL in /etc/nginx/sites-enabled/* ; do
+		CRT=$(grep 'ssl_certificate' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		CRT=${CRT%;}
+		KEY=$(grep 'ssl_certificate_key' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=${KEY%;}
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
\ No newline at end of file

helper_scripts/debian_setup.sh

+#!/bin/sh
+
+apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4
+
+apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
+
+modprobe capability
+echo 'capability' >> /etc/modules
+
+apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
+
+echo 'yes' > /etc/pure-ftpd/conf/DontResolve
+
+apt-get install mydns-mysql
+
+apt-get install vlogger webalizer
+
+php -q ../install/install.php