-
@@ -40,6 +40,12 @@
{tmpl_var name='ip_address'}
+
+
+
+
+ {tmpl_var name='ipv6_address'}
+
@@ -158,5 +164,10 @@
}
});
}
+
+ function reloadWebIP() {
+ loadOptionInto('ip_address','sites/ajax_get_ip.php?ip_type=IPv4&server_id='+document.getElementById('server_id').value)&client_group_id='+document.getElementById('client_group_id').value);
+ loadOptionInto('ipv6_address','sites/ajax_get_ip.php?ip_type=IPv6&server_id='+document.getElementById('server_id').value)&client_group_id='+document.getElementById('client_group_id').value);
+ }
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index b552a6430939b29074e7d0556cae19d3a722d6b6..ee865c59b0f59f36faa01615cf1384c5f76d1759 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -94,8 +94,8 @@ class page_action extends tform_actions {
$app->tpl->setVar("server_id","");
unset($tmp);
- // Fill the IP select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND client_id=0 OR client_id=".$_SESSION['s']['user']['client_id'];
+ //* Fill the IPv4 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "";
//$ip_select = "";
@@ -108,6 +108,21 @@ class page_action extends tform_actions {
$app->tpl->setVar("ip_address",$ip_select);
unset($tmp);
unset($ips);
+
+ //* Fill the IPv6 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
+ unset($tmp);
+ unset($ips);
//* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
@@ -135,8 +150,8 @@ class page_action extends tform_actions {
}
$app->tpl->setVar("client_group_id",$client_select);
- // Fill the IP select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND client_id=0 OR client_id=".$_SESSION['s']['user']['client_id'];
+ //* Fill the IPv4 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "";
//$ip_select = "";
@@ -149,6 +164,21 @@ class page_action extends tform_actions {
$app->tpl->setVar("ip_address",$ip_select);
unset($tmp);
unset($ips);
+
+ //* Fill the IPv6 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
+ unset($tmp);
+ unset($ips);
//* Admin: If the logged in user is admin
} else {
@@ -161,8 +191,9 @@ class page_action extends tform_actions {
$tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE web_server = 1 ORDER BY server_name LIMIT 0,1");
$server_id = $tmp['server_id'];
}
-
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
+
+ //* Fill the IPv4 select field
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = $server_id";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "";
//$ip_select = "";
@@ -175,6 +206,21 @@ class page_action extends tform_actions {
$app->tpl->setVar("ip_address",$ip_select);
unset($tmp);
unset($ips);
+
+ //* Fill the IPv6 select field
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = $server_id";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
+ unset($tmp);
+ unset($ips);
// Fill the client select field
$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
diff --git a/server/conf/nginx_reverseproxy_rewrites.conf.master b/server/conf/nginx_reverseproxy_rewrites.conf.master
deleted file mode 100644
index c9080a7e30aaadce04eefa7372e1bc7e79447de1..0000000000000000000000000000000000000000
--- a/server/conf/nginx_reverseproxy_rewrites.conf.master
+++ /dev/null
@@ -1,9 +0,0 @@
-server {
- listen 80 default_server;
- listen 443 default_server;
- server_name _;
- include /etc/nginx/proxy.conf;
-
- rewrite ^{tmpl_var name="rewrite_url_src"} {tmpl_var name="rewrite_url_dst"};
-
-}
diff --git a/server/conf/nginx_reverseproxy_vhost.conf.master b/server/conf/nginx_reverseproxy_vhost.conf.master
deleted file mode 100644
index 40df895090e7c53cfc80b7c2ac195aa3571bafdf..0000000000000000000000000000000000000000
--- a/server/conf/nginx_reverseproxy_vhost.conf.master
+++ /dev/null
@@ -1,69 +0,0 @@
-server {
- listen 80;
- server_name ;
-
- access_log /var/log/ispconfig/nginx//access.log;
- error_log /var/log/ispconfig/nginx//error.log;
-
- include /etc/nginx/proxy.conf;
-
- location / {
- proxy_pass http://:80;
- }
-
- location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
- # Cache static-looking files for 120 minutes, setting a 10 day expiry time in the HTTP header,
- # whether logged in or not (may be too heavy-handed).
- proxy_cache_valid 200 120m;
- expires 864000;
- proxy_pass http://:80;
- }
-
-
-
-
-
-
-
-}
-
-
-
-###########################################################
-# SSL Vhost
-###########################################################
-server {
- listen 443;
- server_name ;
-
- access_log /var/log/ispconfig/nginx//access.log
- error_log /var/log/ispconfig/nginx//error.log
-
- ### SSL cert files ###
- ssl_certificate /ssl/.crt
- ssl_certificate_key /ssl/.crt
-
-
- ssl_client_certificate /ssl/.bundle
-
-
- ### Add SSL specific settings here ###
- keepalive_timeout 60;
-
- ### Limiting Ciphers ########################
- # Uncomment as per your setup
- #ssl_ciphers HIGH:!ADH;
- #ssl_perfer_server_ciphers on;
- #ssl_protocols SSLv3;
- ##############################################
-
- include /etc/nginx/proxy.conf;
-
- ### Most PHP, Python, Rails, Java App can use this header ###
- proxy_set_header X-Forwarded-Proto https;
-
- location / {
- proxy_pass https://:443;
- }
-}
-
diff --git a/server/conf/ufw.before.rules.master b/server/conf/ufw.before.rules.master
deleted file mode 100644
index 613e5250d8fc2d8a1f42a1c271465366bde25abd..0000000000000000000000000000000000000000
--- a/server/conf/ufw.before.rules.master
+++ /dev/null
@@ -1,78 +0,0 @@
-#
-# rules.before
-#
-# Rules that should be run before the ufw command line added rules. Custom
-# rules should be added to one of these chains:
-# ufw-before-input
-# ufw-before-output
-# ufw-before-forward
-#
-
-# Don't delete these required lines, otherwise there will be errors
-*filter
-:ufw-before-input - [0:0]
-:ufw-before-output - [0:0]
-:ufw-before-forward - [0:0]
-:ufw-not-local - [0:0]
-# End required lines
-
-
-# allow all on loopback
--A ufw-before-input -i lo -j ACCEPT
--A ufw-before-output -o lo -j ACCEPT
-
-# connection tracking rules
--A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-# drop INVALID packets (logs these in loglevel medium and higher)
--A ufw-before-input -m state --state INVALID -j ufw-logging-deny
--A ufw-before-input -m state --state INVALID -j DROP
-
-# connection tracking for outbound
--A ufw-before-output -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
--A ufw-before-output -p udp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-
-# ok icmp codes
--A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
--A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
--A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
--A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
--A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
-
-# allow dhcp client to work
--A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
-
-#
-# ufw-not-local
-#
--A ufw-before-input -j ufw-not-local
-
-# if LOCAL, RETURN
--A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-
-# if MULTICAST, RETURN
--A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-
-# if BROADCAST, RETURN
--A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-
-# all other non-local packets are dropped
--A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
--A ufw-not-local -j DROP
-
-# allow MULTICAST, be sure the MULTICAST line above is uncommented
--A ufw-before-input -s 224.0.0.0/4 -j ACCEPT
--A ufw-before-input -d 224.0.0.0/4 -j ACCEPT
-
-COMMIT
-
-# nat Table rules
-*nat
-:POSTROUTING ACCEPT [0:0]
-
--A POSTROUTING -s 192.168.5.2/24 -o eth0 -j SNAT --to 192.168.5.105
-
--A PREROUTING -p tcp -d 192.168.5.105 --dport 80 -i eth0 -j DNAT --to-destination 192.168.5.200:80
-
-# don't delete the 'COMMIT' line or these rules won't be processed
-COMMIT
diff --git a/server/conf/ufw.conf.master b/server/conf/ufw.conf.master
deleted file mode 100644
index a3710d7bf37cfd6fe70d2727ad43409c72fd3f5c..0000000000000000000000000000000000000000
--- a/server/conf/ufw.conf.master
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/ufw/ufw.conf
-#
-
-# set to yes to start on boot
-ENABLED={tmpl_var name='enable'}
-
-# set to one of 'off', 'low', 'medium', 'high'
-LOGLEVEL={tmpl_var name='log_level'}
diff --git a/server/conf/ufw.default.master b/server/conf/ufw.default.master
deleted file mode 100644
index 2deb421ac397837baf706c6c63f4b29a1edbbd4f..0000000000000000000000000000000000000000
--- a/server/conf/ufw.default.master
+++ /dev/null
@@ -1,39 +0,0 @@
-# /etc/default/ufw
-#
-
-# set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
-# accepted). You will need to 'disable' and then 'enable' the firewall for
-# the changes to take affect.
-IPV6={tmpl_var name='ipv6'}
-
-# set the default input policy to ACCEPT, DROP or REJECT. Please note that if
-# you change this you will most likely want to adjust your rules
-DEFAULT_INPUT_POLICY="{tmpl_var name='default_input_policy'}"
-
-# set the default output policy to ACCEPT, DROP, or REJECT. Please note that
-# if you change this you will most likely want to adjust your rules
-DEFAULT_OUTPUT_POLICY="{tmpl_var name='default_output_policy'}T"
-
-# set the default forward policy to ACCEPT, DROP or REJECT. Please note that
-# if you change this you will most likely want to adjust your rules
-DEFAULT_FORWARD_POLICY="{tmpl_var name='default_forward_policy'}"
-
-# set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
-# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
-# details
-DEFAULT_APPLICATION_POLICY="{tmpl_var name='default_application_policy'}"
-
-# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
-# manage the built-in chains too. Warning: setting this to 'yes' will break
-# non-ufw managed firewall rules
-MANAGE_BUILTINS={tmpl_var name='manage_builtins'}
-
-#
-# IPT backend
-#
-# only enable if using iptables backend
-IPT_SYSCTL=/etc/ufw/sysctl.conf
-
-# extra connection tracking modules to load
-IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"
-
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index e1d59d4a93e3a975a58c48fd842f17de7a00eb38..ad722c56f7952cc3d917a274659dd7600226aff4 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -5,7 +5,8 @@
Deny from all
-:80>
+
+
DocumentRoot
@@ -34,7 +35,17 @@
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html
-
+
+
+
+ SSLEngine on
+ SSLCertificateFile /ssl/.crt
+ SSLCertificateKeyFile /ssl/.key
+
+
+ SSLCACertificateFile /ssl/.bundle
+
+
Options FollowSymLinks
AllowOverride
@@ -225,228 +236,4 @@
-
-
-
-
-
-###########################################################
-# SSL Vhost
-###########################################################
-
-:443>
-
- DocumentRoot
-
-
- DocumentRoot
-
- DocumentRoot
-
-
-
- ServerName
-
-
-
- ServerAdmin webmaster@
-
- ErrorLog /var/log/ispconfig/httpd//error.log
-
-
- ErrorDocument 400 /error/400.html
- ErrorDocument 401 /error/401.html
- ErrorDocument 403 /error/403.html
- ErrorDocument 404 /error/404.html
- ErrorDocument 405 /error/405.html
- ErrorDocument 500 /error/500.html
- ErrorDocument 503 /error/503.html
-
-
- SSLEngine on
- SSLCertificateFile /ssl/.crt
- SSLCertificateKeyFile /ssl/.key
-
- SSLCACertificateFile /ssl/.bundle
-
-
-
- Options FollowSymLinks
- AllowOverride
- Order allow,deny
- Allow from all
-
-
- # ssi enabled
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
- Options +Includes
-
-
-
- Order allow,deny
- Deny from all
- Allow from none
-
-
-
-
- Options FollowSymLinks
- AllowOverride
- Order allow,deny
- Allow from all
-
-
- # ssi enabled
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
- Options +Includes
-
-
-
- Order allow,deny
- Deny from all
- Allow from none
-
-
-
-
-
- # cgi enabled
-
- Order allow,deny
- Allow from all
-
- ScriptAlias /cgi-bin/ /cgi-bin/
- AddHandler cgi-script .cgi
- AddHandler cgi-script .pl
-
-
- # ssi enabled
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
-
-
- # suexec enabled
- SuexecUserGroup
-
-# Clear PHP settings of this website
-
- SetHandler None
-
-
- # mod_php enabled
- AddType application/x-httpd-php .php .php3 .php4 .php5
- php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@"
- php_admin_value upload_tmp_dir /tmp
- php_admin_value session.save_path /tmp
- # PHPIniDir
-
- php_admin_value open_basedir
-
-
-
- # suphp enabled
-
-
- suPHP_Engine on
- # suPHP_UserGroup
-
- suPHP_ConfigPath
-
- AddHandler x-httpd-suphp .php .php3 .php4 .php5
- suPHP_AddHandler x-httpd-suphp
-
-
-
-
- # php as cgi enabled
- ScriptAlias /php5-cgi
- Action php5-cgi /php5-cgi
- AddHandler php5-cgi .php .php3 .php4 .php5
-
- Order allow,deny
- Allow from all
-
-
-
- # php as fast-cgi enabled
- # See: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
-
-
- FcgidIdleTimeout 300
- FcgidProcessLifeTime 3600
- FcgidMaxProcesses 1000
- FcgidMinProcessesPerClass 0
- FcgidMaxProcessesPerClass 100
- FcgidConnectTimeout 3
- FcgidIOTimeout 360
- FcgidBusyTimeout 300
-
- IdleTimeout 300
- ProcessLifeTime 3600
- # MaxProcessCount 1000
- DefaultMinClassProcessCount 0
- DefaultMaxClassProcessCount 100
- IPCConnectTimeout 3
- IPCCommTimeout 360
- BusyTimeout 300
-
-
-
- AddHandler fcgid-script .php .php3 .php4 .php5
- FCGIWrapper .php
- Options +ExecCGI
- AllowOverride
- Order allow,deny
- Allow from all
-
-
- AddHandler fcgid-script .php .php3 .php4 .php5
- FCGIWrapper .php
- Options +ExecCGI
- AllowOverride
- Order allow,deny
- Allow from all
-
-
-
-
- RewriteEngine on
-
-
-
- RewriteCond %{HTTP_HOST} ^$ [NC]
- RewriteRule ^(.*)$ https:///$1 [R=301,L]
-
-
-
-
- RewriteCond %{HTTP_HOST} ^ [NC]
- RewriteRule ^/(.*)$ $1
-
-
-
- # add support for apache mpm_itk
-
- AssignUserId
-
-
-
- # Do not execute PHP files in webdav directory
-
-
- SetHandler None
-
-
- # DO NOT REMOVE THE COMMENTS!
- # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
- # WEBDAV BEGIN
- # WEBDAV END
-
-
-
-
-
-
-
+
\ No newline at end of file
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 2f641b1ae2851893658ab4dbdcb83aeb8647a309..51c6a66c639b4de2d5a34e02fd515891c0286c50 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -651,6 +651,7 @@ class apache2_plugin {
$tpl->newTemplate('vhost.conf.master');
$vhost_data = $data['new'];
+ //unset($vhost_data['ip_address']);
$vhost_data['web_document_root'] = $data['new']['document_root'].'/web';
$vhost_data['web_document_root_www'] = $web_config['website_basedir'].'/'.$data['new']['domain'].'/web';
$vhost_data['web_basedir'] = $web_config['website_basedir'];
@@ -668,6 +669,7 @@ class apache2_plugin {
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+ /*
if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
$vhost_data['ssl_enabled'] = 1;
$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
@@ -675,6 +677,7 @@ class apache2_plugin {
$vhost_data['ssl_enabled'] = 0;
$app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
}
+ */
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
@@ -951,6 +954,32 @@ class apache2_plugin {
//* Make a backup copy of vhost file
if(file_exists($vhost_file)) copy($vhost_file,$vhost_file.'~');
+ //* create empty vhost array
+ $vhosts = array();
+
+ //* Add vhost for ipv4 IP
+ $vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 80 );
+
+ //* Add vhost for ipv4 IP with SSL
+ if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
+ $vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443' );
+ $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
+ }
+
+ //* Add vhost for IPv6 IP
+ if($data['new']['ipv6_address'] != '') {
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80 );
+
+ //* Add vhost for ipv6 IP with SSL
+ if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443' );
+ $app->log('Enable SSL for IPv6: '.$domain,LOGLEVEL_DEBUG);
+ }
+ }
+
+ //* Set the vhost loop
+ $tpl->setLoop('vhosts',$vhosts);
+
//* Write vhost file
file_put_contents($vhost_file,$tpl->grab());
$app->log('Writing the vhost file: '.$vhost_file,LOGLEVEL_DEBUG);