Commit 8133de09 authored by Marius Cramer's avatar Marius Cramer

Added: apache version check in system library

Changed: apps vhost is now a template (for apache version)
Changed: template if tags can now be of format 'version' to make version comparisons (e.g. 2.12 > 2.2 !)
Changed: New apache 2.4 syntax for deny from all (-> Require all denied) etc.
parent 30848e21
......@@ -4,38 +4,46 @@
# for the ISPConfig apps vhost
######################################################
{vhost_port_listen} Listen {apps_vhost_port}
# NameVirtualHost *:{apps_vhost_port}
{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
<VirtualHost {apps_vhost_ip}:{apps_vhost_port}>
<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
ServerAdmin webmaster@localhost
{apps_vhost_servername}
{tmpl_var name='apps_vhost_servername'}
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
<IfModule mod_php5.c>
DocumentRoot {apps_vhost_dir}
DocumentRoot {tmpl_var name='apps_vhost_dir'}
AddType application/x-httpd-php .php
<Directory {apps_vhost_dir}>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
<Directory {tmpl_var name='apps_vhost_dir'}>
Options FollowSymLinks
AllowOverride None
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
DocumentRoot {apps_vhost_dir}
DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
<Directory {apps_vhost_dir}>
Options Indexes FollowSymLinks MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
AddHandler fcgid-script .php
FCGIWrapper {apps_vhost_basedir}/php-fcgi-scripts/apps/.php-fcgi-starter .php
Order allow,deny
Allow from all
<Directory {tmpl_var name='apps_vhost_dir'}>
Options Indexes FollowSymLinks MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
AddHandler fcgid-script .php
FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
</IfModule>
......
......@@ -8,61 +8,100 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
<Directory /var/www/clients>
AllowOverride None
Order Deny,Allow
Deny from all
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all deny
{tmpl_else}
Order Deny,Allow
Deny from all
{/tmpl_if}
</Directory>
# Do not allow access to the root file system of the server for security reasons
<Directory />
AllowOverride None
Order Deny,Allow
Deny from all
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all deny
{tmpl_else}
Order Deny,Allow
Deny from all
{/tmpl_if}
</Directory>
<Directory /var/www/conf>
AllowOverride None
Order Deny,Allow
Deny from all
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all deny
{tmpl_else}
Order Deny,Allow
Deny from all
{/tmpl_if}
</Directory>
# Except of the following directories that contain website scripts
<Directory /usr/share/phpmyadmin>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
<Directory /usr/share/phpMyAdmin>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
<Directory /usr/share/squirrelmail>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
# Allow access to mailman on OpenSuSE
<Directory /usr/lib/mailman/cgi-bin>
AllowOverride All
order allow,deny
allow from all
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
<Directory /usr/lib/mailman/icons>
order allow,deny
allow from all
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
<Directory /var/lib/mailman/archives/>
Options +FollowSymLinks
order allow,deny
allow from all
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
# allow path to awstats and alias for awstats icons
<Directory /usr/share/awstats>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
Alias /awstats-icon "/usr/share/awstats/icon"
......
<Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}>
AllowOverride None
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all deny
{tmpl_else}
Order Deny,Allow
Deny from all
{/tmpl_if}
</Directory>
<tmpl_loop name="vhosts">
......@@ -55,8 +59,12 @@
<Directory {tmpl_var name='web_document_root_www'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
<tmpl_if name='ssi' op='==' value='y'>
# ssi enabled
......@@ -66,17 +74,25 @@
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all denied
{tmpl_else}
Order allow,deny
Deny from all
Allow from none
{/tmpl_if}
</Files>
</tmpl_if>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
<tmpl_if name='ssi' op='==' value='y'>
# ssi enabled
......@@ -86,9 +102,13 @@
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
Order allow,deny
Deny from all
Allow from none
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all denied
{tmpl_else}
Order allow,deny
Deny from all
Allow from none
{/tmpl_if}
</Files>
</tmpl_if>
</Directory>
......@@ -141,8 +161,12 @@
<tmpl_if name='cgi' op='==' value='y'>
# cgi enabled
<Directory {tmpl_var name='document_root'}/cgi-bin>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
AddHandler cgi-script .cgi
......@@ -189,8 +213,12 @@
Action php5-cgi /php5-cgi
AddHandler php5-cgi .php .php3 .php4 .php5
<Directory {tmpl_var name='cgi_starter_path'}>
Order allow,deny
Allow from all
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='fast-cgi'>
......@@ -224,23 +252,35 @@
FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
Options +ExecCGI
AllowOverride <tmpl_var name='allow_override'>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
<Directory {tmpl_var name='web_document_root'}>
AddHandler fcgid-script .php .php3 .php4 .php5
FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
Options +ExecCGI
AllowOverride <tmpl_var name='allow_override'>
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='php-fpm'>
<IfModule mod_fastcgi.c>
<Directory {tmpl_var name='document_root'}/cgi-bin>
Order allow,deny
Allow from all
{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
Require all granted
{tmpl_else}
Order allow,deny
Allow from all
{/tmpl_if}
</Directory>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
......
......@@ -1724,6 +1724,31 @@ class system{
if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);
return $init_script_directory.'/'.$servicename.' '.$action;
}
function getapacheversion($get_minor = false) {
global $app;
$cmd = '';
if($this->is_installed('apache2ctl')) $cmd = 'apache2ctl -v';
elseif($this->is_installed('apachectl')) $cmd = 'apachectl -v';
else {
$app->log("Could not check apache version, apachectl not found.", LOGLEVEL_WARN);
return '2.2';
}
exec($cmd, $output, $return_var);
if($return_var != 0 || !$output[0]) {
$app->log("Could not check apache version, apachectl did not return any data.", LOGLEVEL_WARN);
return '2.2';
}
if(preg_match('/version:\s*Apache\/(\d+)(\.(\d+)(\.(\d+))*)?(\D|$)/i', $output[0], $matches)) {
return $matches[1] . (isset($matches[3]) ? '.' . $matches[3] : '') . (isset($matches[5]) && $get_minor == true ? '.' . $matches[5] : '');
} else {
$app->log("Could not check apache version, did not find version string in apachectl output.", LOGLEVEL_WARN);
return '2.2';
}
}
}
......
......@@ -1109,7 +1109,7 @@ if (!defined('vlibTemplateClassLoaded')) {
* @access private
* @return string used for eval'ing
*/
function _parseIf ($varname, $value=null, $op=null, $namespace=null) {
function _parseIf ($varname, $value=null, $op=null, $namespace=null, $format=null) {
if (isset($namespace)) $namespace = substr($namespace, 0, -1);
$comp_str = ''; // used for extended if statements
......@@ -1151,10 +1151,19 @@ if (!defined('vlibTemplateClassLoaded')) {
}
}
if ($this->OPTIONS['GLOBAL_VARS'] && empty($namespace)) {
return '(('.$retstr.'[\''.$varname.'\'] !== null) ? '.$retstr.'[\''.$varname.'\'] : $this->_vars[\''.$varname.'\'])'.$comp_str;
$retstr = '(('.$retstr.'[\''.$varname.'\'] !== null) ? '.$retstr.'[\''.$varname.'\'] : $this->_vars[\''.$varname.'\'])';
if(isset($format) && isset($value) && $format == 'version') {
return 'version_compare(' . $retstr . ', \'' . $value . '\', ' . (!empty($op) ? $op : '==') . ')';
} else {
return $retstr.$comp_str;
}
}
else {
return $retstr."['".$varname."']".$comp_str;
if(isset($format) && isset($value) && $format == 'version') {
return 'version_compare(' . $retstr."['".$varname."']" . ', \'' . $value . '\', ' . (!empty($op) ? $op : '==') . ')';
} else {
return $retstr."['".$varname."']".$comp_str;
}
}
}
......@@ -1330,15 +1339,15 @@ if (!defined('vlibTemplateClassLoaded')) {
break;
case 'if':
return '<?php if ('. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
return '<?php if ('. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
break;
case 'unless':
return '<?php if (!'. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
return '<?php if (!'. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
break;
case 'elseif':
return '<?php } elseif ('. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
return '<?php } elseif ('. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
break;
case 'loop':
......
......@@ -930,6 +930,7 @@ class apache2_plugin {
}
$tpl->setVar($vhost_data);
$tpl->setVar('apache_version', $app->system->getapacheversion());
// Rewrite rules
$rewrite_rules = array();
......@@ -1136,6 +1137,7 @@ class apache2_plugin {
$fcgi_tpl = new tpl();
$fcgi_tpl->newTemplate('php-fcgi-starter.master');
$fcgi_tpl->setVar('apache_version', $app->system->getapacheversion());
// Support for multiple PHP versions (FastCGI)
if(trim($data['new']['fastcgi_php_version']) != ''){
......@@ -1275,6 +1277,7 @@ class apache2_plugin {
$cgi_tpl = new tpl();
$cgi_tpl->newTemplate('php-cgi-starter.master');
$cgi_tpl->setVar('apache_version', $app->system->getapacheversion());
// This works because PHP "rewrites" a symlink to the physical path
$php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir'];
......@@ -1909,6 +1912,7 @@ class apache2_plugin {
$tpl = new tpl();
$tpl->newTemplate('apache_ispconfig.conf.master');
$tpl->setVar('apache_version', $app->system->getapacheversion());
$records = $app->db->queryAllRecords('SELECT * FROM server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
$records_out= array();
......@@ -2609,7 +2613,8 @@ class apache2_plugin {
$app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate('php_fpm_pool.conf.master');
$tpl->setVar('apache_version', $app->system->getapacheversion());
if($data['new']['php_fpm_use_socket'] == 'y'){
$use_tcp = 0;
$use_socket = 1;
......
......@@ -80,13 +80,12 @@ class apps_vhost_plugin {
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
if($web_config['server_type'] == 'apache'){
// Dont just copy over the virtualhost template but add some custom settings
if(file_exists($conf["rootpath"]."/conf-custom/apache_apps.vhost.master")) {
$content = file_get_contents($conf["rootpath"]."/conf-custom/apache_apps.vhost.master");
} else {
$content = file_get_contents($conf["rootpath"]."/conf/apache_apps.vhost.master");
}
$app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate('apache_apps.vhost.master');
$tpl->setVar('apache_version', $app->system->getapacheversion());
$vhost_conf_dir = $web_config['vhost_conf_dir'];
$vhost_conf_enabled_dir = $web_config['vhost_conf_enabled_dir'];
......@@ -95,21 +94,31 @@ class apps_vhost_plugin {
$web_config['apps_vhost_port'] = (empty($web_config['apps_vhost_port']))?8081:$web_config['apps_vhost_port'];
$web_config['apps_vhost_ip'] = (empty($web_config['apps_vhost_ip']))?'_default_':$web_config['apps_vhost_ip'];
$tpl->setVar('apps_vhost_ip', $web_config['apps_vhost_ip']);
$tpl->setVar('apps_vhost_port', $web_config['apps_vhost_port']);
$tpl->setVar('apps_vhost_dir', $web_config['website_basedir'].'/apps');
$tpl->setVar('apps_vhost_servername', $apps_vhost_servername);
$tpl->setVar('apps_vhost_basedir', $web_config['website_basedir']);
$vhost_port_listen = '';
// comment out the listen directive if port is 80 or 443
if($web_config['apps_vhost_port'] == 80 or $web_config['apps_vhost_port'] == 443) {
$vhost_port_listen = '#';
}
$tpl->setVar('vhost_port_listen', $vhost_port_listen);
$content = $tpl->grab();
/* for backwards compatibility we replace the old syntax by hand now */
$content = str_replace('{apps_vhost_ip}', $web_config['apps_vhost_ip'], $content);
$content = str_replace('{apps_vhost_port}', $web_config['apps_vhost_port'], $content);
$content = str_replace('{apps_vhost_dir}', $web_config['website_basedir'].'/apps', $content);
$content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content);
$content = str_replace('{apps_vhost_basedir}', $web_config['website_basedir'], $content);
$content = str_replace('{vhost_port_listen}', $vhost_port_listen, $content);
/* end of backwards compatibility section */
// comment out the listen directive if port is 80 or 443
if($web_config['apps_vhost_port'] == 80 or $web_config['apps_vhost_port'] == 443) {
$content = str_replace('{vhost_port_listen}', '#', $content);
} else {
$content = str_replace('{vhost_port_listen}', '', $content);
}
file_put_contents("$vhost_conf_dir/apps.vhost", $content);
$app->system->file_put_contents("$vhost_conf_dir/apps.vhost", $content);
$app->services->restartServiceDelayed('httpd', 'restart');
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment