From 69c1d56fd2dece891c2d4291c1fc69084998e1dd Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Tue, 22 Sep 2020 11:25:07 -0600 Subject: [PATCH 1/4] consistent app vhost template for install/server --- install/tpl/apache_apps.vhost.master | 6 ++++++ install/tpl/nginx_apps.vhost.master | 4 ++-- server/conf/nginx_apps.vhost.master | 14 +++++++++++--- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/install/tpl/apache_apps.vhost.master b/install/tpl/apache_apps.vhost.master index b07bb03f41..8d6df71b7d 100644 --- a/install/tpl/apache_apps.vhost.master +++ b/install/tpl/apache_apps.vhost.master @@ -122,3 +122,9 @@ {/tmpl_if} + + + + SSLStaplingCache shmcb:/var/run/ocsp(128000) + + diff --git a/install/tpl/nginx_apps.vhost.master b/install/tpl/nginx_apps.vhost.master index 2680b209a2..b8c1a8abd7 100644 --- a/install/tpl/nginx_apps.vhost.master +++ b/install/tpl/nginx_apps.vhost.master @@ -99,7 +99,7 @@ server { fastcgi_param REDIRECT_STATUS 200; # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used {use_tcp}fastcgi_pass 127.0.0.1:9000; - {use_socket}fastcgi_pass unix:/var/run/php5-fpm.sock; + {use_socket}fastcgi_pass unix:{fpm_socket}; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; @@ -149,7 +149,7 @@ server { fastcgi_param REDIRECT_STATUS 200; # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used {use_tcp}fastcgi_pass 127.0.0.1:9000; - {use_socket}fastcgi_pass unix:/var/run/php5-fpm.sock; + {use_socket}fastcgi_pass unix:{fpm_socket}; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; diff --git a/server/conf/nginx_apps.vhost.master b/server/conf/nginx_apps.vhost.master index 0c82c4631e..b8c1a8abd7 100644 --- a/server/conf/nginx_apps.vhost.master +++ b/server/conf/nginx_apps.vhost.master @@ -1,5 +1,13 @@ server { - listen {apps_vhost_ip}{apps_vhost_port}; + listen {apps_vhost_port} {ssl_on}; + listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on; + + {ssl_comment}ssl_protocols TLSv1.2; + {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; + {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; + + # redirect to https if accessed with http + {ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri; server_name {apps_vhost_servername}; @@ -12,7 +20,7 @@ server { } # serve static files directly - location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { + location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { access_log off; } @@ -165,6 +173,7 @@ server { fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; @@ -223,5 +232,4 @@ server { {use_rspamd}alias /usr/share/rspamd/www/$1; {use_rspamd}} {use_rspamd}} - } -- GitLab From 7b94621d2c48922d343974cade8e9e89d30ded92 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Tue, 22 Sep 2020 11:58:46 -0600 Subject: [PATCH 2/4] check correct setting --- install/lib/installer_base.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 95be196417..9ac5c788f0 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -2553,7 +2553,7 @@ class installer_base { } // comment out the listen directive if port is 80 or 443 - if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) { + if($conf['web']['apps_vhost_port'] == 80 or $conf['web']['apps_vhost_port'] == 443) { $tpl->setVar('vhost_port_listen','#'); } else { $tpl->setVar('vhost_port_listen',''); -- GitLab From 11e79088d97c2cd724079ede1bc95b4692dac97d Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Wed, 23 Sep 2020 12:25:03 +0200 Subject: [PATCH 3/4] Update nginx_apps.vhost.master --- server/conf/nginx_apps.vhost.master | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/conf/nginx_apps.vhost.master b/server/conf/nginx_apps.vhost.master index b8c1a8abd7..b91d1a16c5 100644 --- a/server/conf/nginx_apps.vhost.master +++ b/server/conf/nginx_apps.vhost.master @@ -1,5 +1,5 @@ server { - listen {apps_vhost_port} {ssl_on}; + listen {apps_vhost_ip}{apps_vhost_port} {ssl_on}; listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on; {ssl_comment}ssl_protocols TLSv1.2; -- GitLab From 81743c06935e99bdbbd60f8861cf6daac64affec Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Wed, 23 Sep 2020 12:25:48 +0200 Subject: [PATCH 4/4] Update nginx_apps.vhost.master --- install/tpl/nginx_apps.vhost.master | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/tpl/nginx_apps.vhost.master b/install/tpl/nginx_apps.vhost.master index b8c1a8abd7..b91d1a16c5 100644 --- a/install/tpl/nginx_apps.vhost.master +++ b/install/tpl/nginx_apps.vhost.master @@ -1,5 +1,5 @@ server { - listen {apps_vhost_port} {ssl_on}; + listen {apps_vhost_ip}{apps_vhost_port} {ssl_on}; listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on; {ssl_comment}ssl_protocols TLSv1.2; -- GitLab