From 9fec0ce26bce4c4f4298a214cc44c362e75a44e1 Mon Sep 17 00:00:00 2001
From: Thom <thom@amsterdamtech.nl>
Date: Tue, 29 Mar 2022 14:58:01 +0000
Subject: [PATCH 1/2] Port apps vhost from install/ to server/ (#6321)

---
 server/conf/apache_apps.vhost.master | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/server/conf/apache_apps.vhost.master b/server/conf/apache_apps.vhost.master
index 8d6df71b7d..6957ed5eb8 100644
--- a/server/conf/apache_apps.vhost.master
+++ b/server/conf/apache_apps.vhost.master
@@ -9,10 +9,12 @@
 <VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
   ServerAdmin webmaster@localhost
   {tmpl_var name='apps_vhost_servername'}
-
-  <FilesMatch "\.ph(p3?|tml)$">
-    SetHandler None
-  </FilesMatch>
+  
+  <Directory {tmpl_var name='apps_vhost_dir'}>
+    <FilesMatch "\.ph(p3?|tml)$">
+      SetHandler None
+    </FilesMatch>
+  </Directory>
 
   # SSL Configuration
   <tmpl_var name="ssl_comment">SSLEngine On
@@ -96,7 +98,7 @@
     DocumentRoot {tmpl_var name='apps_vhost_dir'}
     SuexecUserGroup ispapps ispapps
     <Directory {tmpl_var name='apps_vhost_dir'}>
-		Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
+		Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
 		AllowOverride AuthConfig Indexes Limit Options FileInfo
 	    <FilesMatch "\.php$">
 		  SetHandler fcgid-script
@@ -109,6 +111,8 @@
 		Allow from all
 		</tmpl_if>
     </Directory>
+    IPCCommTimeout  7200
+    MaxRequestLen 15728640 
   </IfModule>
 
 {tmpl_if name="use_rspamd"}
-- 
GitLab


From d76a5f15e848dacc4e4baff84ab01fa333bcdfe8 Mon Sep 17 00:00:00 2001
From: Thom Pol <thom@amsterdamtech.nl>
Date: Sun, 25 Sep 2022 21:25:36 +0200
Subject: [PATCH 2/2] Symlink apps vhost from install/ to file in server/

---
 install/tpl/apache_apps.vhost.master | 135 +--------------------------
 1 file changed, 1 insertion(+), 134 deletions(-)
 mode change 100644 => 120000 install/tpl/apache_apps.vhost.master

diff --git a/install/tpl/apache_apps.vhost.master b/install/tpl/apache_apps.vhost.master
deleted file mode 100644
index 6957ed5eb8..0000000000
--- a/install/tpl/apache_apps.vhost.master
+++ /dev/null
@@ -1,134 +0,0 @@
-######################################################
-# This virtual host contains the configuration
-# for the ISPConfig apps vhost
-######################################################
-
-{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
-# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
-
-<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
-  ServerAdmin webmaster@localhost
-  {tmpl_var name='apps_vhost_servername'}
-  
-  <Directory {tmpl_var name='apps_vhost_dir'}>
-    <FilesMatch "\.ph(p3?|tml)$">
-      SetHandler None
-    </FilesMatch>
-  </Directory>
-
-  # SSL Configuration
-  <tmpl_var name="ssl_comment">SSLEngine On
-  <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
-  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
-  <tmpl_else>
-  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
-  </tmpl_if>
-  <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
-  <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
-  <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
-
-  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-  <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
-  <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
-  <tmpl_var name="ssl_comment">SSLCompression Off
-  </tmpl_if>
-  <tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
-  <tmpl_var name="ssl_comment">SSLSessionTickets Off
-  </tmpl_if>
-
-  <IfModule mod_headers.c>
-    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
-    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
-    <tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
-    Header set X-Content-Type-Options: nosniff
-    Header set X-Frame-Options: SAMEORIGIN
-    Header set X-XSS-Protection: "1; mode=block"
-    Header always edit Set-Cookie (.*) "$1; HTTPOnly"
-    <tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
-    <IfVersion >= 2.4.7>
-        Header setifempty Strict-Transport-Security "max-age=15768000"
-    </IfVersion>
-    <IfVersion < 2.4.7>
-        Header set Strict-Transport-Security "max-age=15768000"
-    </IfVersion>
-    RequestHeader unset Proxy early
-  </IfModule>
-
-  <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
-  <tmpl_var name="ssl_comment">SSLUseStapling On
-  <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
-  <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
-  </tmpl_if>
-
-  <IfModule mod_headers.c>
-	RequestHeader unset Proxy early
-  </IfModule>
-
-  <IfModule mod_php5.c>
-    DocumentRoot {tmpl_var name='apps_vhost_dir'}
-    AddType application/x-httpd-php .php
-    <Directory {tmpl_var name='apps_vhost_dir'}>
-		Options FollowSymLinks
-		AllowOverride None
-		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-		Require all granted
-		<tmpl_else>
-		Order allow,deny
-		Allow from all
-		</tmpl_if>
-    </Directory>
-  </IfModule>
-
-  <IfModule mod_php7.c>
-    DocumentRoot {tmpl_var name='apps_vhost_dir'}
-    AddType application/x-httpd-php .php
-    <Directory {tmpl_var name='apps_vhost_dir'}>
-		Options FollowSymLinks
-		AllowOverride None
-		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-		Require all granted
-		<tmpl_else>
-		Order allow,deny
-		Allow from all
-		</tmpl_if>
-    </Directory>
-  </IfModule>
-
-  <IfModule mod_fcgid.c>
-    DocumentRoot {tmpl_var name='apps_vhost_dir'}
-    SuexecUserGroup ispapps ispapps
-    <Directory {tmpl_var name='apps_vhost_dir'}>
-		Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
-		AllowOverride AuthConfig Indexes Limit Options FileInfo
-	    <FilesMatch "\.php$">
-		  SetHandler fcgid-script
-	    </FilesMatch>
-		FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
-		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-		Require all granted
-		<tmpl_else>
-		Order allow,deny
-		Allow from all
-		</tmpl_if>
-    </Directory>
-    IPCCommTimeout  7200
-    MaxRequestLen 15728640 
-  </IfModule>
-
-{tmpl_if name="use_rspamd"}
-  <Location /rspamd>
-        Order allow,deny
-        Allow from all
-  </Location>
-  RewriteEngine On
-  RewriteRule ^/rspamd$ /rspamd/ [R,L]
-  RewriteRule ^/rspamd/(.*) http://127.0.0.1:11334/$1 [P]
-{/tmpl_if}
-
-</VirtualHost>
-
-<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
-<IfModule mod_ssl.c>
-  <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
-</IfModule>
-</tmpl_if>
diff --git a/install/tpl/apache_apps.vhost.master b/install/tpl/apache_apps.vhost.master
new file mode 120000
index 0000000000..a2fefe5c92
--- /dev/null
+++ b/install/tpl/apache_apps.vhost.master
@@ -0,0 +1 @@
+server/conf/apache_apps.vhost.master
\ No newline at end of file
-- 
GitLab