Commit cda177a2 authored by Marius Burkard's avatar Marius Burkard

- fixed vhost settings for nginx

- fixed rspamd settings
- fixed errors in webserver plugin
- fixed error in dkim domain handling
parent 41b988f3
Pipeline #449 passed with stage
in 2 minutes and 15 seconds
...@@ -2,7 +2,7 @@ server { ...@@ -2,7 +2,7 @@ server {
listen {vhost_port}{ssl_on}; listen {vhost_port}{ssl_on};
listen [::]:{vhost_port} ipv6only=on{ssl_on}; listen [::]:{vhost_port} ipv6only=on{ssl_on};
{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
{ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
{ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
{ssl_comment}ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; {ssl_comment}ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
......
...@@ -4,10 +4,10 @@ settings { ...@@ -4,10 +4,10 @@ settings {
authenticated = yes; authenticated = yes;
#apply "default" { groups_disabled = ["rbl", "spf"]; } #apply "default" { groups_disabled = ["rbl", "spf"]; }
apply "default" { apply "default" {
symbols_enabled = []; #symbols_enabled = [];
symbols_disabled = []; symbols_disabled = [];
groups_enabled = []; #groups_enabled = [];
groups_disabled = []; groups_disabled = ["rbl"];
} }
} }
whitelist { whitelist {
......
...@@ -318,7 +318,7 @@ class page_action extends tform_actions { ...@@ -318,7 +318,7 @@ class page_action extends tform_actions {
$soaDomain = $this->dataRecord['domain'].'.'; $soaDomain = $this->dataRecord['domain'].'.';
while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) { while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) {
$soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain); $soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain);
$soaDomain = preg_replace("/^\w+\./","",$soaDomain); $soaDomain = preg_replace("/^[^\.]+\./","",$soaDomain);
} }
if ( isset($soa) && !empty($soa) ) $this->update_dns($this->dataRecord, $soa); if ( isset($soa) && !empty($soa) ) $this->update_dns($this->dataRecord, $soa);
} }
...@@ -444,7 +444,7 @@ class page_action extends tform_actions { ...@@ -444,7 +444,7 @@ class page_action extends tform_actions {
$soaDomain = $this->dataRecord['domain'].'.'; $soaDomain = $this->dataRecord['domain'].'.';
while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) { while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) {
$soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain); $soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain);
$soaDomain = preg_replace("/^\w+\./","",$soaDomain); $soaDomain = preg_replace("/^[^\.]+\./","",$soaDomain);
} }
if ( ($selector || $dkim_private || $dkim_active) && $dkim_active ) if ( ($selector || $dkim_private || $dkim_active) && $dkim_active )
......
...@@ -28,7 +28,7 @@ server { ...@@ -28,7 +28,7 @@ server {
</tmpl_if> </tmpl_if>
</tmpl_if> </tmpl_if>
listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; # ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# ssl_prefer_server_ciphers on; # ssl_prefer_server_ciphers on;
<tmpl_if name='ipv6_enabled'> <tmpl_if name='ipv6_enabled'>
......
...@@ -1719,7 +1719,7 @@ class plugin_webserver_base { ...@@ -1719,7 +1719,7 @@ class plugin_webserver_base {
$this->action = 'update'; $this->action = 'update';
$this->update_letsencrypt = true; $this->update_letsencrypt = true;
// just run the update function // just run the update function
$this->update($event_name, $data); $this->eventUpdate($event_name, $data, 'update', $server_type);
} else { } else {
$conf_prefix = ''; $conf_prefix = '';
......
...@@ -632,7 +632,7 @@ class plugin_webserver_nginx { ...@@ -632,7 +632,7 @@ class plugin_webserver_nginx {
if(count($server_alias) > 0) { if(count($server_alias) > 0) {
$server_alias_str = ''; $server_alias_str = '';
foreach($server_alias as $tmp_alias) { foreach($server_alias as $tmp_alias) {
$server_alias_str .= $tmp_alias; $server_alias_str .= ' ' . $tmp_alias;
} }
unset($tmp_alias); unset($tmp_alias);
......
...@@ -104,6 +104,8 @@ class mail_plugin_dkim { ...@@ -104,6 +104,8 @@ class mail_plugin_dkim {
function check_system($data) { function check_system($data) {
global $app, $mail_config; global $app, $mail_config;
/** TODO: FIX IF ONLY RSPAMD IS INSTALLED AND NO AMAVIS! **/
$app->uses('getconf'); $app->uses('getconf');
$check=true; $check=true;
......
...@@ -98,7 +98,7 @@ class nginx_plugin { ...@@ -98,7 +98,7 @@ class nginx_plugin {
if($this->action != 'insert') $this->action = 'update'; if($this->action != 'insert') $this->action = 'update';
$app->plugins_webserver_base->eventUpdate($event_name, $data, 'nginx'); $app->plugin_webserver_base->eventUpdate($event_name, $data, $this->action, 'nginx');
//* Unset action to clean it for next processed vhost. //* Unset action to clean it for next processed vhost.
$this->action = ''; $this->action = '';
......
...@@ -88,7 +88,7 @@ class rspamd_plugin { ...@@ -88,7 +88,7 @@ class rspamd_plugin {
$app->uses('getconf,system,functions'); $app->uses('getconf,system,functions');
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){ if(is_dir('/etc/rspamd')) {
$policy = $app->db->queryOneRecord("SELECT * FROM spamfilter_policy WHERE id = ?", intval($data['new']['policy_id'])); $policy = $app->db->queryOneRecord("SELECT * FROM spamfilter_policy WHERE id = ?", intval($data['new']['policy_id']));
//* Create the config file //* Create the config file
...@@ -129,10 +129,14 @@ class rspamd_plugin { ...@@ -129,10 +129,14 @@ class rspamd_plugin {
$app->system->file_put_contents($user_file, $tpl->grab()); $app->system->file_put_contents($user_file, $tpl->grab());
} else { } else {
if(is_file($user_file)) unlink($user_file); if(is_file($user_file)) {
unlink($user_file);
}
}
if($mail_config['content_filter'] == 'rspamd'){
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
} }
//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
} }
} }
...@@ -143,11 +147,14 @@ class rspamd_plugin { ...@@ -143,11 +147,14 @@ class rspamd_plugin {
$app->uses('getconf'); $app->uses('getconf');
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){ if(is_dir('/etc/rspamd')) {
//* delete the config file //* delete the config file
$user_file = $this->users_config_dir.'spamfilter_user_'.intval($data['old']['id']).'.conf'; $user_file = $this->users_config_dir.'spamfilter_user_'.intval($data['old']['id']).'.conf';
if(is_file($user_file)) unlink($user_file); if(is_file($user_file)) unlink($user_file);
//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
}
if($mail_config['content_filter'] == 'rspamd') {
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
} }
} }
...@@ -166,7 +173,7 @@ class rspamd_plugin { ...@@ -166,7 +173,7 @@ class rspamd_plugin {
$app->uses('getconf,system,functions'); $app->uses('getconf,system,functions');
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){ if(is_dir('/etc/rspamd')) {
$recipient = $app->db->queryOneRecord("SELECT email FROM spamfilter_users WHERE id = ?", intval($data['new']['rid'])); $recipient = $app->db->queryOneRecord("SELECT email FROM spamfilter_users WHERE id = ?", intval($data['new']['rid']));
//* Create the config file //* Create the config file
$wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['new']['wblist_id']).'.conf'; $wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['new']['wblist_id']).'.conf';
...@@ -191,8 +198,10 @@ class rspamd_plugin { ...@@ -191,8 +198,10 @@ class rspamd_plugin {
} else { } else {
if(is_file($wblist_file)) unlink($wblist_file); if(is_file($wblist_file)) unlink($wblist_file);
} }
//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); if($mail_config['content_filter'] == 'rspamd'){
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
}
} }
} }
...@@ -202,12 +211,14 @@ class rspamd_plugin { ...@@ -202,12 +211,14 @@ class rspamd_plugin {
$app->uses('getconf'); $app->uses('getconf');
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){ if(is_dir('/etc/rspamd')) {
//* delete the config file //* delete the config file
$wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['old']['wblist_id']).'.conf'; $wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['old']['wblist_id']).'.conf';
if(is_file($wblist_file)) unlink($wblist_file); if(is_file($wblist_file)) unlink($wblist_file);
//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); if($mail_config['content_filter'] == 'rspamd'){
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
}
} }
} }
...@@ -220,7 +231,7 @@ class rspamd_plugin { ...@@ -220,7 +231,7 @@ class rspamd_plugin {
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){ if(is_dir('/etc/rspamd')) {
$tpl = new tpl(); $tpl = new tpl();
$tpl->newTemplate('rspamd_users.conf.master'); $tpl->newTemplate('rspamd_users.conf.master');
...@@ -234,7 +245,9 @@ class rspamd_plugin { ...@@ -234,7 +245,9 @@ class rspamd_plugin {
$tpl->setLoop('whitelist_ips', $whitelist_ips); $tpl->setLoop('whitelist_ips', $whitelist_ips);
$app->system->file_put_contents('/etc/rspamd/local.d/users.conf', $tpl->grab()); $app->system->file_put_contents('/etc/rspamd/local.d/users.conf', $tpl->grab());
$app->services->restartServiceDelayed('rspamd', 'reload'); if($mail_config['content_filter'] == 'rspamd'){
$app->services->restartServiceDelayed('rspamd', 'reload');
}
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment