diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 95be196417fd2a0e47aa9c9b9decdfd5b08af8e1..9ac5c788f0f7169527c6b096e757a40738e607b8 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -2553,7 +2553,7 @@ class installer_base { } // comment out the listen directive if port is 80 or 443 - if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) { + if($conf['web']['apps_vhost_port'] == 80 or $conf['web']['apps_vhost_port'] == 443) { $tpl->setVar('vhost_port_listen','#'); } else { $tpl->setVar('vhost_port_listen',''); diff --git a/install/tpl/apache_apps.vhost.master b/install/tpl/apache_apps.vhost.master index b07bb03f41e73d8cca958bd283b8ab0c23b96094..8d6df71b7da0cf2c07e7e57cce50c77d04787b2e 100644 --- a/install/tpl/apache_apps.vhost.master +++ b/install/tpl/apache_apps.vhost.master @@ -122,3 +122,9 @@ {/tmpl_if} + + + + SSLStaplingCache shmcb:/var/run/ocsp(128000) + + diff --git a/install/tpl/nginx_apps.vhost.master b/install/tpl/nginx_apps.vhost.master index 2680b209a2522b8ef4455ffb73f4f835c3e66477..b91d1a16c5f05344b0d6c863e28c4043334d5414 100644 --- a/install/tpl/nginx_apps.vhost.master +++ b/install/tpl/nginx_apps.vhost.master @@ -1,5 +1,5 @@ server { - listen {apps_vhost_port} {ssl_on}; + listen {apps_vhost_ip}{apps_vhost_port} {ssl_on}; listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on; {ssl_comment}ssl_protocols TLSv1.2; @@ -99,7 +99,7 @@ server { fastcgi_param REDIRECT_STATUS 200; # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used {use_tcp}fastcgi_pass 127.0.0.1:9000; - {use_socket}fastcgi_pass unix:/var/run/php5-fpm.sock; + {use_socket}fastcgi_pass unix:{fpm_socket}; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; @@ -149,7 +149,7 @@ server { fastcgi_param REDIRECT_STATUS 200; # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used {use_tcp}fastcgi_pass 127.0.0.1:9000; - {use_socket}fastcgi_pass unix:/var/run/php5-fpm.sock; + {use_socket}fastcgi_pass unix:{fpm_socket}; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; diff --git a/server/conf/nginx_apps.vhost.master b/server/conf/nginx_apps.vhost.master index 0c82c4631e0a41d0888a811b9f3097db63fd326a..b91d1a16c5f05344b0d6c863e28c4043334d5414 100644 --- a/server/conf/nginx_apps.vhost.master +++ b/server/conf/nginx_apps.vhost.master @@ -1,5 +1,13 @@ server { - listen {apps_vhost_ip}{apps_vhost_port}; + listen {apps_vhost_ip}{apps_vhost_port} {ssl_on}; + listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on; + + {ssl_comment}ssl_protocols TLSv1.2; + {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; + {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; + + # redirect to https if accessed with http + {ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri; server_name {apps_vhost_servername}; @@ -12,7 +20,7 @@ server { } # serve static files directly - location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { + location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { access_log off; } @@ -165,6 +173,7 @@ server { fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; @@ -223,5 +232,4 @@ server { {use_rspamd}alias /usr/share/rspamd/www/$1; {use_rspamd}} {use_rspamd}} - }