Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
ISPConfig 3
Project overview
Project overview
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
1,575
Issues
1,575
List
Boards
Labels
Milestones
Merge Requests
31
Merge Requests
31
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISPConfig
ISPConfig 3
Commits
f812f581
Commit
f812f581
authored
Jul 15, 2019
by
Marius Burkard
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'ispc3/stable-3.1' into rspamd
parents
536e907f
eae23686
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
30 additions
and
2 deletions
+30
-2
install/dist/lib/debian60.lib.php
install/dist/lib/debian60.lib.php
+26
-0
install/tpl/apache_ispconfig.vhost.master
install/tpl/apache_ispconfig.vhost.master
+2
-2
install/tpl/debian6_dovecot2.conf.master
install/tpl/debian6_dovecot2.conf.master
+2
-0
No files found.
install/dist/lib/debian60.lib.php
View file @
f812f581
...
...
@@ -115,6 +115,32 @@ class installer extends installer_base {
file_put_contents
(
$config_dir
.
'/'
.
$configfile
,
$content
);
unset
(
$content
);
}
if
(
version_compare
(
$dovecot_version
,
2.3
)
>=
0
)
{
// Remove deprecated setting(s)
removeLine
(
$config_dir
.
'/'
.
$configfile
,
'ssl_protocols ='
);
// Check if we have a dhparams file and if not, create it
if
(
!
file_exists
(
'/etc/dovecot/dh.pem'
))
{
swriteln
(
'Creating new DHParams file, this takes several minutes. Do not interrupt the script.'
);
if
(
file_exists
(
'/var/lib/dovecot/ssl-parameters.dat'
))
{
// convert existing ssl parameters file
$command
=
'dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem'
;
caselog
(
$command
.
' &> /dev/null'
,
__FILE__
,
__LINE__
,
"EXECUTED:
$command
"
,
"Failed to execute the command
$command
"
);
}
else
{
/*
Create a new dhparams file. We use 2048 bit only as it simply takes too long
on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
a 4096 bit file, create it manually before you install ISPConfig
*/
$command
=
'openssl dhparam -out /etc/dovecot/dh.pem 2048'
;
caselog
(
$command
.
' &> /dev/null'
,
__FILE__
,
__LINE__
,
"EXECUTED:
$command
"
,
"Failed to execute the command
$command
"
);
}
}
}
else
{
// remove settings which are not supported in Dovecot < 2.3
removeLine
(
$config_dir
.
'/'
.
$configfile
,
'ssl_min_protocol ='
);
removeLine
(
$config_dir
.
'/'
.
$configfile
,
'ssl_dh ='
);
}
}
else
{
if
(
is_file
(
$conf
[
'ispconfig_install_dir'
]
.
'/server/conf-custom/install/debian6_dovecot.conf.master'
))
{
copy
(
$conf
[
'ispconfig_install_dir'
]
.
'/server/conf-custom/install/debian6_dovecot.conf.master'
,
$config_dir
.
'/'
.
$configfile
);
...
...
install/tpl/apache_ispconfig.vhost.master
View file @
f812f581
...
...
@@ -89,11 +89,11 @@ NameVirtualHost *:<tmpl_var name="vhost_port">
<IfModule mod_headers.c>
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
<tmpl_var name="ssl_comment">
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
Header set X-Content-Type-Options: nosniff
Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
<tmpl_var name="ssl_comment">
Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
<IfVersion >= 2.4.7>
Header setifempty Strict-Transport-Security "max-age=15768000"
</IfVersion>
...
...
install/tpl/debian6_dovecot2.conf.master
View file @
f812f581
...
...
@@ -6,7 +6,9 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_privileged_group = vmail
ssl_cert = </etc/postfix/smtpd.cert
ssl_key = </etc/postfix/smtpd.key
ssl_dh = </etc/dovecot/dh.pem
ssl_protocols = !SSLv2 !SSLv3
ssl_min_protocol = TLSv1
mail_max_userip_connections = 100
passdb {
args = /etc/dovecot/dovecot-sql.conf
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment