diff --git a/install/dist/conf/debian40.conf.php b/install/dist/conf/debian40.conf.php index a3db4dd81c27bf40d8ba4d8227ef21980ae26c89..e635b1fa5b0c43587f239e4b9609075097478633 100644 --- a/install/dist/conf/debian40.conf.php +++ b/install/dist/conf/debian40.conf.php @@ -51,6 +51,8 @@ $conf['services']['dns'] = true; $conf['services']['file'] = true; $conf['services']['db'] = true; $conf['services']['vserver'] = true; +$conf['services']['proxy'] = false; +$conf['services']['firewall'] = false; //* MySQL $conf['mysql']['installed'] = false; // will be detected automatically during installation @@ -183,6 +185,28 @@ $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini'; $conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'; $conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php'; +//* Squid +$conf['squid']['installed'] = false; // will be detected automatically during installation +$conf['squid']['config_dir'] = '/etc/squid'; +$conf['squid']['init_script'] = 'squid'; + +//* Nginx +$conf['nginx']['installed'] = false; // will be detected automatically during installation +$conf['nginx']['config_dir'] = '/etc/nginx'; +$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available'; +$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled'; +$conf['nginx']['init_script'] = 'nginx'; + +//*Ufw +$conf['ufw']['installed'] = false; +$conf['ufw']['config_dir'] = '/etc/ufw'; +$conf['ufw']['init_script'] = 'ufw'; + +//*Bastille-Firwall +$conf['bastille']['installed'] = false; +$conf['bastille']['config_dir'] = '/etc/Bastille'; + + //* vlogger $conf['vlogger']['config_dir'] = '/etc'; diff --git a/install/dist/conf/debian60.conf.php b/install/dist/conf/debian60.conf.php index f4e8ba6ac34f55addc73280974016c40b625f9d4..71c8a6227a397e0de8f58122084673df7cd55b05 100644 --- a/install/dist/conf/debian60.conf.php +++ b/install/dist/conf/debian60.conf.php @@ -51,6 +51,8 @@ $conf['services']['dns'] = true; $conf['services']['file'] = true; $conf['services']['db'] = true; $conf['services']['vserver'] = true; +$conf['services']['proxy'] = false; +$conf['services']['firewall'] = false; //* MySQL $conf['mysql']['installed'] = false; // will be detected automatically during installation @@ -183,6 +185,27 @@ $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini'; $conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'; $conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php'; +//* Squid +$conf['squid']['installed'] = false; // will be detected automatically during installation +$conf['squid']['config_dir'] = '/etc/squid'; +$conf['squid']['init_script'] = 'squid'; + +//* Nginx +$conf['nginx']['installed'] = false; // will be detected automatically during installation +$conf['nginx']['config_dir'] = '/etc/nginx'; +$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available'; +$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled'; +$conf['nginx']['init_script'] = 'nginx'; + +//* Ufw +$conf['ufw']['installed'] = false; +$conf['squid']['config_dir'] = '/etc/ufw'; +$conf['squid']['init_script'] = 'ufw'; + +//*Bastille-Firwall +$conf['bastille']['installed'] = false; +$conf['bastille']['config_dir'] = '/etc/Bastille'; + //* vlogger $conf['vlogger']['config_dir'] = '/etc'; diff --git a/install/install.php b/install/install.php index d79450f72aa9dc4c6961bfd268155a4fa89cdc40..ba2b087c4dd1f2877df9b2b5a4f3ecdda9317fad 100644 --- a/install/install.php +++ b/install/install.php @@ -230,9 +230,31 @@ if($install_mode == 'standard') { $inst->configure_apps_vhost(); //* Configure Firewall - swriteln('Configuring Firewall'); - $inst->configure_firewall(); - + //swriteln('Configuring Firewall'); + //$inst->configure_firewall(); + //** Configure Firewall + if($conf['bastille']['installed'] == true) { + //* Configure Bastille Firewall + $conf['services']['firewall'] = true; + swriteln('Configuring Bastille Firewall'); + $inst->configure_firewall(); + } elseif($conf['ufw']['installed'] == true) { + //* Configure Ubuntu Firewall + $conf['services']['firewall'] = true; + swriteln('Configuring Ubuntu Firewall'); + $inst->configure_ufw_firewall(); + } + + if($conf['squid']['installed'] == true) { + $conf['services']['proxy'] = true; + swriteln('Configuring Squid'); + $inst->configure_squid(); + } else if($conf['nginx']['installed'] == true) { + $conf['services']['proxy'] = true; + swriteln('Configuring Nginx'); + $inst->configure_nginx(); + } + //* Configure ISPConfig swriteln('Installing ISPConfig'); @@ -267,7 +289,9 @@ if($install_mode == 'standard') { if($conf['mydns']['installed'] == true && $conf['mydns']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['mydns']['init_script'])) system($conf['init_scripts'].'/'.$conf['mydns']['init_script'].' restart &> /dev/null'); if($conf['powerdns']['installed'] == true && $conf['powerdns']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['powerdns']['init_script'])) system($conf['init_scripts'].'/'.$conf['powerdns']['init_script'].' restart &> /dev/null'); if($conf['bind']['installed'] == true && $conf['bind']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['bind']['init_script'])) system($conf['init_scripts'].'/'.$conf['bind']['init_script'].' restart &> /dev/null'); - + if($conf['squid']['installed'] == true && $conf['squid']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['squid']['init_script'])) system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null'); + if($conf['nginx']['installed'] == true && $conf['nginx']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['nginx']['init_script'])) system($conf['init_scripts'].'/'.$conf['nginx']['init_script'].' restart &> /dev/null'); + if($conf['ufw']['installed'] == true && $conf['ufw']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['ufw']['init_script'])) system($conf['init_scripts'].'/'.$conf['ufw']['init_script'].' restart &> /dev/null'); }else{ //* In expert mode, we select the services in the following steps, only db is always available @@ -275,6 +299,8 @@ if($install_mode == 'standard') { $conf['services']['web'] = false; $conf['services']['dns'] = false; $conf['services']['db'] = true; + $conf['services']['firewall'] = false; + $conf['services']['proxy'] = false; //** Get Server ID @@ -416,6 +442,21 @@ if($install_mode == 'standard') { } + //** Configure Squid + if(strtolower($inst->simple_query('Configure Proxy Server', array('y','n'),'y') ) == 'y') { + if($conf['squid']['installed'] == true) { + $conf['services']['proxy'] = true; + swriteln('Configuring Squid'); + $inst->configure_squid(); + if($conf['squid']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['squid']['init_script']))system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null'); + } else if($conf['nginx']['installed'] == true) { + $conf['services']['proxy'] = true; + swriteln('Configuring Nginx'); + $inst->configure_nginx(); + if($conf['nginx']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['nginx']['init_script']))system($conf['init_scripts'].'/'.$conf['nginx']['init_script'].' restart &> /dev/null'); + } + } + //** Configure Apache swriteln("\nHint: If this server shall run the ISPConfig interface, select 'y' in the 'Configure Apache Server' option.\n"); if(strtolower($inst->simple_query('Configure Apache Server',array('y','n'),'y')) == 'y') { @@ -434,9 +475,25 @@ if($install_mode == 'standard') { //** Configure Firewall if(strtolower($inst->simple_query('Configure Firewall Server',array('y','n'),'y')) == 'y') { + if($conf['bastille']['installed'] == true) { + //* Configure Bastille Firewall + $conf['services']['firewall'] = true; + swriteln('Configuring Bastille Firewall'); + $inst->configure_firewall(); + } elseif($conf['ufw']['installed'] == true) { + //* Configure Ubuntu Firewall + $conf['services']['firewall'] = true; + swriteln('Configuring Ubuntu Firewall'); + $inst->configure_ufw_firewall(); + } + } + + //** Configure Firewall + /*if(strtolower($inst->simple_query('Configure Firewall Server',array('y','n'),'y')) == 'y') { swriteln('Configuring Firewall'); $inst->configure_firewall(); - } + }*/ + //** Configure ISPConfig :-) if(strtolower($inst->simple_query('Install ISPConfig Web Interface',array('y','n'),'y')) == 'y') { swriteln('Installing ISPConfig'); diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 2e74e2e7b99b9482e44128cd2e160aaa48fa2237..32f34ed664765b982a63c39ccbae3ce697f3ab0a 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -130,7 +130,12 @@ class installer_base { if(is_installed('jk_chrootsh')) $conf['jailkit']['installed'] = true; if(is_installed('pdns_server') || is_installed('pdns_control')) $conf['powerdns']['installed'] = true; if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true; - + if(is_installed('squid')) $conf['squid']['installed'] = true; + if(is_installed('nginx')) $conf['nginx']['installed'] = true; + if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true; + if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true; + + if ($conf['services']['web'] && $conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) $this->ispconfig_interface_installed = true; } /** Create the database for ISPConfig */ @@ -227,6 +232,11 @@ class installer_base { $tpl_ini_array['dns']['named_conf_path'] = $conf['bind']['named_conf_path']; $tpl_ini_array['dns']['named_conf_local_path'] = $conf['bind']['named_conf_local_path']; + if ($conf['nginx']['installed'] == true) { + $tpl_ini_array['nginx']['vhost_conf_dir'] = $conf['nginx']['vhost_conf_dir']; + $tpl_ini_array['nginx']['vhost_conf_enabled_dir'] = $conf['nginx']['vhost_conf_enabled_dir']; + } + if (array_key_exists('awstats', $conf)) { foreach ($conf['awstats'] as $aw_sett => $aw_value) { $tpl_ini_array['web']['awstats_'.$aw_sett] = $aw_value; @@ -242,6 +252,8 @@ class installer_base { $file_server_enabled = ($conf['services']['file'])?1:0; $db_server_enabled = ($conf['services']['db'])?1:0; $vserver_server_enabled = ($conf['services']['vserver'])?1:0; + $proxy_server_enabled = ($conf['services']['proxy'])?1:0; + $firewall_server_enabled = ($conf['services']['firewall'])?1:0; //** Get the database version number based on the patchfiles $found = true; @@ -261,13 +273,13 @@ class installer_base { if($conf['mysql']['master_slave_setup'] == 'y') { //* Insert the server record in master DB - $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version);"; + $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);"; $this->dbmaster->query($sql); $conf['server_id'] = $this->dbmaster->insertID(); $conf['server_id'] = $conf['server_id']; //* Insert the same record in the local DB - $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version);"; + $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);"; $this->db->query($sql); //* username for the ispconfig user @@ -277,7 +289,7 @@ class installer_base { } else { //* Insert the server, if its not a mster / slave setup - $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version);"; + $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);"; $this->db->query($sql); $conf['server_id'] = $this->db->insertID(); $conf['server_id'] = $conf['server_id']; @@ -1108,6 +1120,67 @@ class installer_base { if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); } + + public function configure_nginx() + { + global $conf; + $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"].""); + $ip_address = gethostbyname($row["server_name"]); + $server_name = $row["server_name"]; + + //setup proxy.conf + $configfile = 'proxy.conf'; + if(is_file($conf["nginx"]["config_dir"].'/'.$configfile)) copy($conf["nginx"]["config_dir"].'/'.$configfile,$conf["nginx"]["config_dir"].'/'.$configfile.'~'); + if(is_file($conf["nginx"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/'.$configfile.'~'); + $content = rf("tpl/nginx_".$configfile.".master"); + wf($conf["nginx"]["config_dir"].'/'.$configfile,$content); + exec('chmod 600 '.$conf["nginx"]["config_dir"].'/'.$configfile); + exec('chown root:root '.$conf["nginx"]["config_dir"].'/'.$configfile); + + //setup conf.d/cache.conf + $configfile = 'cache.conf'; + if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile)) copy($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~'); + if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~'); + $content = rf("tpl/nginx_".$configfile.".master"); + wf($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$content); + exec('chmod 600 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile); + exec('chown root:root '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile); + + //setup cache directories + mkdir('/var/cache/nginx/cache'); + exec('chown www-data:www-data /var/cache/nginx/cache'); + mkdir('/var/cache/nginx/temp'); + exec('chown www-data:www-data /var/cache/nginx/temp'); + } + + public function configure_squid() + { + global $conf; + $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"].""); + $ip_address = gethostbyname($row["server_name"]); + $server_name = $row["server_name"]; + + $configfile = 'squid.conf'; + if(is_file($conf["squid"]["config_dir"].'/'.$configfile)) copy($conf["squid"]["config_dir"].'/'.$configfile,$conf["squid"]["config_dir"].'/'.$configfile.'~'); + if(is_file($conf["squid"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["squid"]["config_dir"].'/'.$configfile.'~'); + $content = rf("tpl/".$configfile.".master"); + $content = str_replace('{server_name}',$server_name,$content); + $content = str_replace('{ip_address}',$ip_address, $content); + $content = str_replace('{config_dir}',$conf['squid']['config_dir'], $content); + wf($conf["squid"]["config_dir"].'/'.$configfile,$content); + exec('chmod 600 '.$conf["squid"]["config_dir"].'/'.$configfile); + exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile); + } + + public function configure_ufw_firewall() + { + $configfile = 'ufw.conf'; + if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf','/etc/ufw/ufw.conf~'); + $content = rf("tpl/".$configfile.".master"); + wf('/etc/ufw/ufw.conf',$content); + exec('chmod 600 /etc/ufw/ufw.conf'); + exec('chown root:root /etc/ufw/ufw.conf'); + } public function configure_firewall() { global $conf; @@ -1426,13 +1499,14 @@ class installer_base { $file_server_enabled = ($conf['services']['file'])?1:0; $db_server_enabled = ($conf['services']['db'])?1:0; $vserver_server_enabled = ($conf['services']['vserver'])?1:0; + $proxy_server_enabled = ($conf['services']['proxy'])?1:0; + $firewall_server_enabled = ($conf['services']['firewall'])?1:0; - - $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']); + $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled' WHERE server_id = ".intval($conf['server_id']); if($conf['mysql']['master_slave_setup'] == 'y') { $this->dbmaster->query($sql); diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php index 8faff1a2c4041ff5cea5ebf5ac7fe9aeb2accc5c..4cc7355688c572508ea35d9ea96a7197f9e715e8 100644 --- a/install/lib/update.lib.php +++ b/install/lib/update.lib.php @@ -95,6 +95,9 @@ function updateDbAndIni() { $conf['services']['file'] = ($tmp['file_server'] == 1)?true:false; $conf['services']['db'] = ($tmp['db_server'] == 1)?true:false; $conf['services']['vserver'] = ($tmp['vserver_server'] == 1)?true:false; + $conf['services']['proxy'] = ($tmp['proxy_server'] == 1)?true:false; + $conf['services']['firewall'] = ($tmp['firewall_server'] == 1)?true:false; + $conf['postfix']['vmail_mailbox_base'] = $ini_array['mail']['homedir_path']; //* Do incremental DB updates only on installed ISPConfig versions > 3.0.3 diff --git a/install/sql/incremental/upd_0009.sql b/install/sql/incremental/upd_0009.sql new file mode 100644 index 0000000000000000000000000000000000000000..9da60c1345b3cfa88c680a8ee7ce087dedd88df8 --- /dev/null +++ b/install/sql/incremental/upd_0009.sql @@ -0,0 +1,66 @@ +CREATE TABLE IF NOT EXISTS `proxy_reverse` ( + `rewrite_id` int(11) NOT NULL auto_increment, + `sys_userid` int(11) unsigned NOT NULL default '0', + `sys_groupid` int(11) unsigned NOT NULL default '0', + `sys_perm_user` varchar(5) default NULL, + `sys_perm_group` varchar(5) default NULL, + `sys_perm_other` varchar(5) default NULL, + `server_id` int(11) unsigned NOT NULL default '0', + `rewrite_url_src` varchar(100) NOT NULL, + `rewrite_url_dst` varchar(100) NOT NULL, + `active` enum('n','y') NOT NULL default 'y', + PRIMARY KEY (`rewrite_id`) +) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=utf8; + + +CREATE TABLE IF NOT EXISTS `firewall_filter` ( + `firewall_id` int(11) unsigned NOT NULL auto_increment, + `sys_userid` int(11) unsigned NOT NULL default '0', + `domain_id` int(11) NOT NULL, + `sys_groupid` int(11) unsigned NOT NULL default '0', + `sys_perm_user` varchar(5) default NULL, + `sys_perm_group` varchar(5) default NULL, + `sys_perm_other` varchar(5) default NULL, + `server_id` int(11) unsigned NOT NULL default '0', + `rule_name` varchar(100) default NULL, + `rule_id` int(11) default 1, + `src_ip` varchar(20) NOT NULL, + `src_netmask` varchar(20) NOT NULL, + `dst_ip` varchar(20) NOT NULL, + `dst_netmask` varchar(20) NOT NULL, + `src_from_port` varchar(10) NOT NULL, + `src_to_port` varchar(10) NOT NULL, + `dst_to_port` varchar(10) NOT NULL, + `dst_from_port` varchar(10) NOT NULL, + `protocol` varchar(10) default 'tcp', + `inbound_policy` enum('allow','deny','reject','limit') default 'allow', + `outbound_policy` enum('allow','deny','reject','limit') default 'allow', + `active` enum('n','y') NOT NULL default 'y', + `client_id` int(11) NOT NULL, + PRIMARY KEY (`firewall_id`) +) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8; + +CREATE TABLE IF NOT EXISTS `firewall_forward` ( + `firewall_id` int(11) unsigned NOT NULL auto_increment, + `sys_userid` int(11) unsigned NOT NULL default '0', + `domain_id` int(11) NOT NULL, + `sys_groupid` int(11) unsigned NOT NULL default '0', + `sys_perm_user` varchar(5) default NULL, + `sys_perm_group` varchar(5) default NULL, + `sys_perm_other` varchar(5) default NULL, + `server_id` int(11) unsigned NOT NULL default '0', + `application_name` varchar(100) default NULL, + `dst_ip` varchar(20) NOT NULL, + `src_from_port` varchar(10) NOT NULL, + `src_to_port` varchar(10) NOT NULL, + `dst_to_port` varchar(10) NOT NULL, + `dst_from_port` varchar(10) NOT NULL, + `protocol` int(3) default 0, + `active` enum('n','y') NOT NULL default 'y', + `client_id` int(11) NOT NULL, + PRIMARY KEY (`firewall_id`) +) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8; + +alter table `server` add column `proxy_server` tinyint(1) not null after `vserver_server`; +alter table `server` add column `firewall_server` tinyint(1) not null after `proxy_server`; +alter table `web_domain` add column `nginx_directives` mediumtext not null after `apache_directives`; diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index 1eb1d57932695f22d91be451c75c97264245102b..ff0cfb14e83bda6b2ed1bcbe0067a28b997e7f24 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -691,6 +691,8 @@ CREATE TABLE `server` ( `file_server` tinyint(1) NOT NULL default '0', `db_server` tinyint(1) NOT NULL default '0', `vserver_server` tinyint(1) NOT NULL default '0', + `proxy_server` tinyint(1) NOT NULL default '0', + `firewall_server` tinyint(1) NOT NULL default '0', `config` text NOT NULL, `updated` bigint(20) unsigned NOT NULL default '0', `mirror_server_id` int(11) unsigned NOT NULL default '0', @@ -1141,6 +1143,7 @@ CREATE TABLE `web_domain` ( `stats_type` varchar(255) default 'webalizer', `allow_override` varchar(255) NOT NULL default 'All', `apache_directives` mediumtext, + `nginx_directives` mediumtext, `php_open_basedir` mediumtext, `custom_php_ini` mediumtext, `backup_interval` VARCHAR( 255 ) NOT NULL DEFAULT 'none', @@ -1150,6 +1153,8 @@ CREATE TABLE `web_domain` ( PRIMARY KEY (`domain_id`) ) ENGINE=MyISAM AUTO_INCREMENT=1; + + -- -------------------------------------------------------- -- @@ -1660,6 +1665,70 @@ INSERT INTO `help_faq` VALUES (1,1,0,'I\'d like to know ...','Yes, of course.',1 ALTER TABLE client ADD COLUMN company_id varchar(30); + +CREATE TABLE `proxy_reverse` ( + `rewrite_id` int(11) NOT NULL auto_increment, + `sys_userid` int(11) unsigned NOT NULL default '0', + `sys_groupid` int(11) unsigned NOT NULL default '0', + `sys_perm_user` varchar(5) default NULL, + `sys_perm_group` varchar(5) default NULL, + `sys_perm_other` varchar(5) default NULL, + `server_id` int(11) unsigned NOT NULL default '0', + `rewrite_url_src` varchar(100) NOT NULL, + `rewrite_url_dst` varchar(100) NOT NULL, + `active` enum('n','y') NOT NULL default 'y', + PRIMARY KEY (`rewrite_id`) +) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=utf8; + + +CREATE TABLE `firewall_filter` ( + `firewall_id` int(11) unsigned NOT NULL auto_increment, + `sys_userid` int(11) unsigned NOT NULL default '0', + `domain_id` int(11) NOT NULL, + `sys_groupid` int(11) unsigned NOT NULL default '0', + `sys_perm_user` varchar(5) default NULL, + `sys_perm_group` varchar(5) default NULL, + `sys_perm_other` varchar(5) default NULL, + `server_id` int(11) unsigned NOT NULL default '0', + `rule_name` varchar(100) default NULL, + `rule_id` int(11) default 1, + `src_ip` varchar(20) NOT NULL, + `src_netmask` varchar(20) NOT NULL, + `dst_ip` varchar(20) NOT NULL, + `dst_netmask` varchar(20) NOT NULL, + `src_from_port` varchar(10) NOT NULL, + `src_to_port` varchar(10) NOT NULL, + `dst_to_port` varchar(10) NOT NULL, + `dst_from_port` varchar(10) NOT NULL, + `protocol` varchar(10) default 'tcp', + `inbound_policy` enum('allow','deny','reject','limit') default 'allow', + `outbound_policy` enum('allow','deny','reject','limit') default 'allow', + `active` enum('n','y') NOT NULL default 'y', + `client_id` int(11) NOT NULL, + PRIMARY KEY (`firewall_id`) +) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8; + +CREATE TABLE `firewall_forward` ( + `firewall_id` int(11) unsigned NOT NULL auto_increment, + `sys_userid` int(11) unsigned NOT NULL default '0', + `domain_id` int(11) NOT NULL, + `sys_groupid` int(11) unsigned NOT NULL default '0', + `sys_perm_user` varchar(5) default NULL, + `sys_perm_group` varchar(5) default NULL, + `sys_perm_other` varchar(5) default NULL, + `server_id` int(11) unsigned NOT NULL default '0', + `application_name` varchar(100) default NULL, + `dst_ip` varchar(20) NOT NULL, + `src_from_port` varchar(10) NOT NULL, + `src_to_port` varchar(10) NOT NULL, + `dst_to_port` varchar(10) NOT NULL, + `dst_from_port` varchar(10) NOT NULL, + `protocol` int(3) default 0, + `active` enum('n','y') NOT NULL default 'y', + `client_id` int(11) NOT NULL, + PRIMARY KEY (`firewall_id`) +) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=utf8; + -- -------------------------------------------------------- SET FOREIGN_KEY_CHECKS = 1; diff --git a/install/tpl/nginx_cache.conf.master b/install/tpl/nginx_cache.conf.master new file mode 100644 index 0000000000000000000000000000000000000000..1cd2863824e0952b84959fbe808b364f1d5f7506 --- /dev/null +++ b/install/tpl/nginx_cache.conf.master @@ -0,0 +1,6 @@ +proxy_temp_path /var/cache/nginx/temp; +proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=global:60m inactive=15m max_size=1G; +proxy_cache_valid 200 302 10m; +proxy_cache_valid 301 1h; +proxy_cache_valid 404 3m; +proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; diff --git a/install/tpl/nginx_proxy.conf.master b/install/tpl/nginx_proxy.conf.master new file mode 100644 index 0000000000000000000000000000000000000000..d8711d04657cf411de96802a905f0e11df88ef53 --- /dev/null +++ b/install/tpl/nginx_proxy.conf.master @@ -0,0 +1,34 @@ +proxy_cache global; +proxy_redirect off; +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_pass_header Set-Cookie; +client_max_body_size 10m; +client_body_buffer_size 128k; +proxy_connect_timeout 90; +proxy_send_timeout 90; +proxy_read_timeout 90; +proxy_buffers 32 4k; + +set $cache_key $scheme$host$uri$is_args$args$cookie_user; +proxy_cache_key $cache_key; +proxy_cache_valid 200 10h; +expires 3d; + +### force timeouts if one of backend is died ## +proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + +location = /status { + stub_status on; + allow 127.0.0.1; + allow 192.168.1.0; + deny all; +} + +location ~ /purge(/.*) { + allow 127.0.0.1; + allow 192.168.1.0; + deny all; + proxy_cache_purge global $cache_key; +} diff --git a/install/tpl/squid.conf.master b/install/tpl/squid.conf.master new file mode 100644 index 0000000000000000000000000000000000000000..2ae00d24dd84864c2458c18d2b1ca1af815b6782 --- /dev/null +++ b/install/tpl/squid.conf.master @@ -0,0 +1,224 @@ + +# This configuration file requires squid 2.5+. It is untested with squid 3.x. + +# BASIC CONFIGURATION +# ------------------------------------------------------------------------------ + +visible_hostname {server_name} + + + +# port on which to listen + +http_port {ip_address}:80 vhost defaultsite={server_name} + + +# set cache directory and size (1000 MB) - be sure to set the cache size to +# about 10% less than the physical space available to leave room for squid's +# swap files and other temp files +cache_dir ufs /var/spool/squid 100 16 256 +cache_mgr webmaster@{server_name} + + + + +# LOGS +# ------------------------------------------------------------------------------ +log_icp_queries off +cache_access_log /var/log/squid/access.log +cache_log /var/log/squid/cache.log +cache_store_log /var/log/squid/store.log +cache_effective_user nobody +cache_effective_group nogroup +# emulate_httpd_log off + + +# RESOURCES +# ------------------------------------------------------------------------------ +# amount of memory used for caching recently accessed objects - defaults to 8 MB +cache_mem 64 MB +maximum_object_size 10 MB # max cached object size +maximum_object_size_in_memory 300 KB # max cached-in-memory object size + + +# ACCESS CONTROL +# ------------------------------------------------------------------------------ + +# Basic ACLs +acl all src 0.0.0.0/0.0.0.0 +acl localhost src 127.0.0.1/32 +acl ssl_ports port 443 563 +acl safe_ports port 80 443 + +acl openvz_instances src 192.168.1.0/24 +acl squid_server src localhost +acl manager proto cache_object +acl connect method connect + + +# deny requests to unknown ports +http_access deny !safe_ports + +acl accelerated_protocols proto http https +acl accelerated_domains dstdomain url_regex -i "{config_dir}/domains.txt" +acl accelerated_ports myport 80 443 + +http_access allow accelerated_domains +http_access allow accelerated_ports +http_access allow accelerated_protocols + + +acl purge method PURGE +http_access allow squid_server purge +http_access allow openvz_instances purge +http_access deny purge + +# Reply access +http_reply_access allow all + +# Cache manager setup - cache manager can only connect from localhost +# only allow cache manager access from localhost +http_access allow manager localhost +http_access deny manager +# deny connect to other than ssl ports +http_access deny connect !ssl_ports + +# ICP access - anybody can access icp methods +icp_access allow localhost + +# And finally deny all other access to this proxy +http_access deny all + + +# CACHE PEERS +# ------------------------------------------------------------------------------ + +# CONFIGURE THE CACHE PEERS. FIRST PORT IS THE HTTP PORT, SECOND PORT +# IS THE ICP PORT. REMEMBER TO ENABLE 'icp-server' ON YOUR 'zope.conf' +# LISTENING ON THE ICP PORT YOU USE HERE. +# acl in_backendpool dstdomain backendpool +# cache_peer 127.0.0.1 parent 8080 9090 no-digest no-netdb-exchange +# cache_peer 192.168.0.3 parent 8081 9091 no-digest no-netdb-exchange + +# cache_peer_access 127.0.0.1 allow in_backendpool +# cache_peer_access 127.0.0.1 deny all + +# cache_peer_access 192.168.0.3 allow in_backendpool +# cache_peer_access 192.168.0.3 deny all + +# IF YOU NEED TO FORWARD REQUESTS TO HOSTS NOT IN THE POOL THIS IS +# WHERE YOU ALLOW THE TARGET DOMAINS +# acl local_servers dstdomain some.mysite.com other.mysite.com +always_direct allow all + +# THE FOLLOWING DIRECTIVE IS NEEDED TO MAKE 'backendpool' RESOLVE TO +# THE POOL OF CACHE PEERS. +# never_direct allow all +# icp_access allow all + +# PROXY ON, NEEDED TO MAKE CACHE PEERS INTERCOMMUNICATE +# httpd_accel_with_proxy on + + +# REDIRECTOR PROGRAM +# ------------------------------------------------------------------------------ + + +url_rewrite_program {config_dir}/iRedirector.py +url_rewrite_children 1 +url_rewrite_concurrency 20 +url_rewrite_host_header off + + +# SPECIFY WHAT REQUESTS SQUID SHOULD CACHE +# ------------------------------------------------------------------------------ + +# Control what squid caches. We want to have squid handle content that is not +# personalized and that does not require any kind of authorization. +# +# 1) Always cache static content in squid + +acl static_content urlpath_regex -i \.(jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|css|js|vsd|doc|ppt|pps|xls|pdf|mp3|mp4|m4a|ogg|mov|avi|wmv|sxw|zip|gz|bz2|tgz|tar|rar|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw|dmg|torrent|deb|msi|iso|rpm)$ +no_cache allow static_content + +# 2) (OPTIONAL) Prevent squid from caching an item that is the result of a POST + +acl post_requests method POST +no_cache deny post_requests + +# 3) (OPTIONAL) Prevent squid from caching items with items in the query string +# If this is uncommented, squid will treat a url with 2 different query strings +# as 2 different urls when caching. + +# XXX: where did this example go? + +# 4) Prevent squid from caching requests from authenticated users or conditional +# GETs with an If-None-Match header (since squid doesn't know about ETags) +# We use an external python method to check these conditions and pass in the +# value of the __ac cookie (two different ways to allow for different cookie +# delimiters), the HTTP Authorization header, and the If-None-Match header. +# +# Squid caches the results of the external python method, so for debugging, set +# the options ttl=0 negative_ttl=0 so you can see what is going on + +# external_acl_type is_cacheable_type children=20 ttl=0 negative_ttl=0 %{Cookie:__ac} %{Cookie:;__ac} %{Authorization} %{If-None-Match} /etc/squid/squidAcl.py + +#external_acl_type is_cacheable_type protocol=2.5 children=20 %{Cookie:__ac} %{Cookie:;__ac} %{Authorization} %{If-None-Match} /etc/squid/squidAcl.py +#acl is_cacheable external is_cacheable_type +#no_cache allow is_cacheable + + +collapsed_forwarding on +#refresh_stale_hit on + + +# Explicitly disallow squid from handling anything else +no_cache deny all + + +# SPECIFY EFFECTS OF A BROWSER REFRESH +# ------------------------------------------------------------------------------ + +# RELOAD_INTO_IMS CAUSES WEIRD SQUID BEHAVIOR - IT APPEARS TO CAUSE FILES WITH +# INAPPROPRIATE HEADERS TO END UP IN THE CACHE, AND AS A RESULT BROWSERS END +# UP MAKING LOTS OF EXTRA (CONDITIONAL) REQUESTS WHEN THEY WOULD OTHERWISE MAKE +# NO REQUESTS. DO NOT USE! + +# Tell squid how to handle expiration times for content with no explicit expiration +# Assume static content is fresh for at least an hour and at most a day +#refresh_pattern -i \.(jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|css|js|vsd|doc|ppt|pps|xls|pdf|mp3|mp4|m4a|ogg|mov|avi|wmv|sxw|zip|gz|bz2|tar|rar|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw|dmg|torrent|deb|msi|iso|rpm)$ 60 50% 1440 reload-into-ims +#refresh_pattern . 0 20% 1440 + +# Change force-refresh requests into conditional gets using if-modified-since +#reload_into_ims on + +# DEBUGGING +# ------------------------------------------------------------------------------ +# debug_options ALL,1 33,2 # use this for debugging acls + debug_options ALL,8 + + +# MISCELLANEOUS +# ------------------------------------------------------------------------------ +# have squid handle all requests with ranges +# range_offset_limit -1 + +# amount of time squid waits for existing requests to be serviced before shutting down +shutdown_lifetime 1 seconds + +# allow squid to process multiple requests simultaneously if client is pipelining +pipeline_prefetch on + +# allow white spaces to be included in URLs +uri_whitespace allow + + +# OTHER PARAMETERS THAT MAY BE OF INTEREST +# ------------------------------------------------------------------------------ + +# logfile_rotate 0 +# reload_into_ims off +#error_directory /usr/local/squid/share/errors/English + + + diff --git a/install/tpl/ufw.conf.master b/install/tpl/ufw.conf.master new file mode 100644 index 0000000000000000000000000000000000000000..9dc02d36751105a96de10caa8987ae7856870225 --- /dev/null +++ b/install/tpl/ufw.conf.master @@ -0,0 +1,8 @@ +# /etc/ufw/ufw.conf +# + +# set to yes to start on boot +ENABLED=yes + +# set to one of 'off', 'low', 'medium', 'high' +LOGLEVEL=low diff --git a/install/update.php b/install/update.php index fa1cb8313297a381d2de2da9e67a6e3cdbff3d99..9207299249ec739650cf75acc80fc4e98e352c25 100644 --- a/install/update.php +++ b/install/update.php @@ -256,7 +256,7 @@ if($reconfigure_services_answer == 'yes') { $inst->configure_getmail(); } - if($conf['services']['web']) { + if($conf['services']['web'] && $conf['pureftpd']['installed'] == true) { //** Configure Pureftpd swriteln('Configuring Pureftpd'); $inst->configure_pureftpd(); @@ -295,25 +295,41 @@ if($reconfigure_services_answer == 'yes') { swriteln('Configuring Database'); $inst->configure_dbserver(); - - //if(@is_dir('/etc/Bastille')) { - //* Configure Firewall - swriteln('Configuring Firewall'); - $inst->configure_firewall(); - //} + + if($conf['services']['firewall']) { + if($conf['bastille']['installed'] == true) { + //* Configure Bastille Firewall + swriteln('Configuring Bastille Firewall'); + $inst->configure_firewall(); + } elseif($conf['ufw']['installed'] == true) { + //* Configure Ubuntu Firewall + swriteln('Configuring Ubuntu Firewall'); + $inst->configure_ufw_firewall(); + } + } + + if($conf['squid']['installed'] == true) { + swriteln('Configuring Squid'); + $inst->configure_squid(); + } else if($conf['nginx']['installed'] == true) { + swriteln('Configuring Nginx'); + $inst->configure_nginx(); + } } //** Configure ISPConfig swriteln('Updating ISPConfig'); -//** Customise the port ISPConfig runs on -$ispconfig_port_number = get_ispconfig_port_number(); -$conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', $ispconfig_port_number); - -// $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n'; -if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate',array('yes','no'),'no')) == 'yes') { - $inst->make_ispconfig_ssl_cert(); +if ($conf['services']['web'] && $inst->ispconfig_interface_installed) { + //** Customise the port ISPConfig runs on + $ispconfig_port_number = get_ispconfig_port_number(); + $conf['apache']['vhost_port'] = $inst->free_query('ISPConfig Port', $ispconfig_port_number); + + // $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n'; + if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate',array('yes','no'),'no')) == 'yes') { + $inst->make_ispconfig_ssl_cert(); + } } $inst->install_ispconfig(); @@ -351,6 +367,15 @@ if($reconfigure_services_answer == 'yes') { if($conf['powerdns']['installed'] == true && $conf['powerdns']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['powerdns']['init_script'])) system($conf['init_scripts'].'/'.$conf['powerdns']['init_script'].' restart &> /dev/null'); if($conf['bind']['installed'] == true && $conf['bind']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['bind']['init_script'])) system($conf['init_scripts'].'/'.$conf['bind']['init_script'].' restart &> /dev/null'); } + + if($conf['services']['proxy']) { + if($conf['squid']['installed'] == true && $conf['squid']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['squid']['init_script'])) system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null'); + if($conf['nginx']['installed'] == true && $conf['nginx']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['nginx']['init_script'])) system($conf['init_scripts'].'/'.$conf['nginx']['init_script'].' restart &> /dev/null'); + } + + if($conf['services']['firewall']) { + if($conf['ufw']['installed'] == true && $conf['ufw']['init_script'] != '' && is_executable($conf['init_scripts'].'/'.$conf['ufw']['init_script'])) system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null'); + } } echo "Update finished.\n"; diff --git a/interface/lib/classes/plugin.inc.php b/interface/lib/classes/plugin.inc.php index 450efd04a10a405de0df8fe288b91bd4bc74766d..910cc57055edac6d60b6860775f09a60cf6d7f2c 100644 --- a/interface/lib/classes/plugin.inc.php +++ b/interface/lib/classes/plugin.inc.php @@ -86,7 +86,6 @@ class plugin { $_SESSION['s']['plugin_cache'][$event_name][] = array('plugin' => $plugin_name, 'function' => $function_name); if($this->debug) $app->log("Plugin '$plugin_name' has registered the function '$function_name' for the event '$event_name'",LOGLEVEL_DEBUG); - } /* @@ -135,25 +134,31 @@ class plugin { //* Internal function to load the plugin and call the event function in the plugin. private function callPluginEvent($event_name,$data) { global $app; - + //* execute the functions for the events if(is_array($_SESSION['s']['plugin_cache'][$event_name])) { foreach($_SESSION['s']['plugin_cache'][$event_name] as $rec) { $plugin_name = $rec['plugin']; $function_name = $rec['function']; $plugin_file = ISPC_LIB_PATH.FS_DIV.'plugins'.FS_DIV.$plugin_name.'.inc.php'; + + if(is_file($plugin_file)) { if(!isset($app->loaded_plugins[$plugin_name])) { include_once($plugin_file); $app->loaded_plugins[$plugin_name] = new $plugin_name; } + if($this->debug) $app->log("Called method: '$function_name' in plugin '$plugin_name' for event '$event_name'",LOGLEVEL_DEBUG); // call_user_method($function_name,$app->loaded_plugins[$plugin_name],$event_name,$data); + call_user_func(array($app->loaded_plugins[$plugin_name],$function_name),$event_name,$data); + } } } + } // end functiom callPluginEvent diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php index f1978ff2f01c8200026a677930ff166d57f6862b..d5254c8502ed290aec30c83132baea2719535706 100644 --- a/interface/lib/classes/tform_actions.inc.php +++ b/interface/lib/classes/tform_actions.inc.php @@ -315,7 +315,7 @@ class tform_actions { $next_tab = $app->tform->getCurrentTab(); $this->loadPlugins($next_tab); - + // Call plugin foreach($this->plugins as $plugin) { $plugin->onDelete(); diff --git a/interface/lib/config.inc.php b/interface/lib/config.inc.php index 84a15e60360a29bc41c2c278c15b32a648eaba0e..b584146bb95ea0f371bfc51d61cc763fe4ac5ba3 100644 --- a/interface/lib/config.inc.php +++ b/interface/lib/config.inc.php @@ -50,7 +50,7 @@ define('ISPC_APP_VERSION', '3.0.2'); //** Database $conf['db_type'] = 'mysql'; $conf['db_host'] = 'localhost'; -$conf['db_database'] = 'ispconfig3_stable'; +$conf['db_database'] = 'dbispconfig'; $conf['db_user'] = 'root'; $conf['db_password'] = ''; $conf['db_charset'] = 'utf8'; // same charset as html-charset - (HTML --> MYSQL: "utf-8" --> "utf8", "iso-8859-1" --> "latin1") @@ -133,6 +133,7 @@ $conf['logo'] = 'themes/default/images/ispc_logo.png'; $conf['language'] = 'en'; $conf['debug_language'] = false; + //** Misc. $conf['interface_logout_url'] = ''; // example: http://www.domain.tld/ diff --git a/interface/lib/plugins/sites_web_domain_plugin.inc.php b/interface/lib/plugins/sites_web_domain_plugin.inc.php index 85a4cc04f7ef8cd9f8a2eb93db6e3978ac8f97db..f41edd6206fa89b25a94cdd5a10e3f6202a0147d 100644 --- a/interface/lib/plugins/sites_web_domain_plugin.inc.php +++ b/interface/lib/plugins/sites_web_domain_plugin.inc.php @@ -39,8 +39,7 @@ class sites_web_domain_plugin { Function to create the sites_web_domain rule and insert it into the custom rules */ function sites_web_domain_edit($event_name, $page_form) { - global $app, $conf; - + global $app, $conf; // make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it // also make sure that the user can not delete domain created by a admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { diff --git a/interface/web/admin/form/server.tform.php b/interface/web/admin/form/server.tform.php index 20947c8a061c8bdaeaa441f98293a05fb657b49f..bd556b27bb1a2dbb17d4c9320da501dba687a62c 100644 --- a/interface/web/admin/form/server.tform.php +++ b/interface/web/admin/form/server.tform.php @@ -102,6 +102,18 @@ $form["tabs"]['services'] = array ( 'default' => '0', 'value' => array(0 => 0,1 => 1) ), + 'proxy_server' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'CHECKBOX', + 'default' => '0', + 'value' => array(0 => 0,1 => 1) + ), + 'firewall_server' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'CHECKBOX', + 'default' => '0', + 'value' => array(0 => 0,1 => 1) + ), 'mirror_server_id' => array ( 'datatype' => 'INTEGER', 'formtype' => 'TEXT', diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php index c9b3500f07af386fc89b3c351ba2a64236f188f1..4db9551edba6588e7fc1746ca00c9ed42ebbcafd 100644 --- a/interface/web/admin/form/server_config.tform.php +++ b/interface/web/admin/form/server_config.tform.php @@ -751,6 +751,68 @@ $form["tabs"]['jailkit'] = array( ) ); +$form["tabs"]['ufw_firewall'] = array ( + 'title' => "UFW Firewall", + 'width' => 80, + 'template' => "templates/server_config_ufw_edit.htm", + 'fields' => array ( + ################################## + # Begin Datatable fields + ################################## + 'ufw_enable' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'no', + 'value' => array(0 => 'no',1 => 'yes') + ), + 'ufw_manage_builtins' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'no', + 'value' => array(0 => 'no',1 => 'yes') + ), + 'ufw_ipv6' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'no', + 'value' => array(0 => 'no',1 => 'yes') + ), + 'ufw_default_input_policy' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => 'ACCEPT', + 'value' => array('ACCEPT' => 'accept', 'DROP' => 'drop', 'REJECT' => 'reject') + ), + 'ufw_default_output_policy' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => 'ACCEPT', + 'value' => array('ACCEPT' => 'accept', 'DROP' => 'drop', 'REJECT' => 'reject') + ), + 'ufw_default_forward_policy' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => 'ACCEPT', + 'value' => array('ACCEPT' => 'accept', 'DROP' => 'drop', 'REJECT' => 'reject') + ), + 'ufw_default_application_policy' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => 'DROP', + 'value' => array('ACCEPT' => 'accept', 'DROP' => 'drop', 'REJECT' => 'reject') + ), + 'ufw_log_level' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => 'low', + 'value' => array('low' => 'low', 'medium' => 'medium', 'high' => 'high') + ) + ################################## + # ENDE Datatable fields + ################################## + ) +); + $form["tabs"]['vlogger'] = array( 'title' => "vlogger", diff --git a/interface/web/admin/lib/lang/en_server.lng b/interface/web/admin/lib/lang/en_server.lng index dcd46c582ccce8c1eb025b0a73d59776e13c0575..4130201b7ce0ce0b45e11a4657dfe8ed3d65b649 100644 --- a/interface/web/admin/lib/lang/en_server.lng +++ b/interface/web/admin/lib/lang/en_server.lng @@ -7,6 +7,8 @@ $wb["dns_server_txt"] = 'DNS-Server'; $wb["file_server_txt"] = 'Fileserver'; $wb["db_server_txt"] = 'DB-Server'; $wb["vserver_server_txt"] = 'VServer-Server'; +$wb["proxy_server_txt"] = 'Proxy-Server'; +$wb["firewall_server_txt"] = 'Firewall-Server'; $wb["active_txt"] = 'Active'; $wb["mirror_server_id_txt"] = 'Is mirror of Server'; $wb["- None -"] = '- None -'; diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng index f672e9943cc83746c2353019ef52fa7fd2aa5187..7c0c459f1c09b17d87aa48b37daa01559647ecd2 100644 --- a/interface/web/admin/lib/lang/en_server_config.lng +++ b/interface/web/admin/lib/lang/en_server_config.lng @@ -1,12 +1,17 @@ \ No newline at end of file diff --git a/interface/web/admin/lib/lang/en_server_list.lng b/interface/web/admin/lib/lang/en_server_list.lng index d15701e807f3dfeced62a31265c274e7a864eac5..164468e700bb699c24e823da7f3626e58d5257ed 100644 --- a/interface/web/admin/lib/lang/en_server_list.lng +++ b/interface/web/admin/lib/lang/en_server_list.lng @@ -7,5 +7,7 @@ $wb["dns_server_txt"] = 'DNS'; $wb["file_server_txt"] = 'File'; $wb["db_server_txt"] = 'DB'; $wb["vserver_server_txt"] = 'VServer'; +$wb["proxy_server_txt"] = 'Proxy'; +$wb["firewall_server_txt"] = 'Firewall'; $wb["add_new_record_txt"] = 'Add new Server'; ?> \ No newline at end of file diff --git a/interface/web/admin/lib/module.conf.php b/interface/web/admin/lib/module.conf.php index 25c38bc7ba364bffd50180d8975d08cfc727b552..1ec23dea937a2f62737f167ede57d77bb61a5cb6 100644 --- a/interface/web/admin/lib/module.conf.php +++ b/interface/web/admin/lib/module.conf.php @@ -85,11 +85,27 @@ $module['nav'][] = array( 'title' => 'System', // cleanup unset($items); - +/* $items[] = array( 'title' => 'Firewall', 'target' => 'content', 'link' => 'admin/firewall_list.php', - 'html_id'=> 'firewall_list'); + 'html_id'=> 'firewall_list');*/ + +$items[] = array( 'title' => 'Basic', + 'target' => 'content', + 'link' => 'admin/firewall_list.php'); + +$items[] = array( 'title' => 'Packet Filter', + 'target' => 'content', + 'link' => 'admin/firewall_filter_list.php'); + + +$items[] = array( 'title' => 'Port Forward', + 'target' => 'content', + 'link' => 'admin/firewall_forward_list.php'); + + + $module['nav'][] = array( 'title' => 'Firewall', diff --git a/interface/web/admin/templates/server_edit_services.htm b/interface/web/admin/templates/server_edit_services.htm index 8eca2909c9bcc84c880954167b10d58e05166394..17ff55d5e7f71c60031acab378787a6334f4b137 100644 --- a/interface/web/admin/templates/server_edit_services.htm +++ b/interface/web/admin/templates/server_edit_services.htm @@ -45,6 +45,18 @@ {tmpl_var name='vserver_server'} +
{tmpl_var name='proxy_server_txt'}
+{tmpl_var name='firewall_server_txt'}
+