diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e7a4bf81481d388375c2e50d0d47efe1f6c086e4..75301f8723fa7f08c2bc1e39c9942ec806827a9f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -90,7 +90,7 @@ build:package:
- if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
- if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
- RET=0
- - tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' . || RET=$?
+ - tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' --mode='0775' ./* || RET=$?
- if [[ $RET > 1 ]] ; then exit $RET ; fi
- echo "Listing tar contents for verification"
- tar -tvf ISPConfig-${VER}.tar.gz
@@ -101,4 +101,4 @@ build:package:
- echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
needs: ["syntax:lint"]
- allow_failure: false
\ No newline at end of file
+ allow_failure: false
diff --git a/install/dist/tpl/gentoo/apache_ispconfig.vhost.master b/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
index 01b3b383d572c4de38036ecaeadafcc079cd8e8c..e885b381bc994bfb973572aa3b9a5bc56fcb98b1 100644
--- a/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
+++ b/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
@@ -6,7 +6,7 @@
{vhost_port_listen} Listen {vhost_port}
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
- NameVirtualHost *:{vhost_port}
+ # NameVirtualHost *:{vhost_port}
</tmpl_if>
<VirtualHost _default_:{vhost_port}>
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 71753a6b3317276d0c936954d346cfb53783b736..46b14a58a26ddf894a2c9a628e1f042606fc93e1 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -52,7 +52,7 @@ class installer_base {
}
public function update_acme() {
- $acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
+ $acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh 2> /dev/null'));
$acme = reset($acme);
$val = 0;
@@ -892,6 +892,20 @@ class installer_base {
public function configure_mailman($status = 'insert') {
global $conf;
+ // Fix for #6314: bug on Debian 11 systems where Mailman3 is not available and broken routes exist in the Mailman config
+ $data_dir = '/var/lib/mailman';
+ if (($conf['mailman']['installed'] != true) && is_dir($data_dir)) {
+ rename($data_dir, $data_dir . '-bk');
+ //* Create the mailman files
+ if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
+ if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
+ exec('postmap /var/lib/mailman/data/aliases');
+ if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
+ exec('postmap /var/lib/mailman/data/virtual-mailman');
+ if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
+ exec('postmap /var/lib/mailman/data/transport-mailman');
+ }
+
$config_dir = $conf['mailman']['config_dir'].'/';
$full_file_name = $config_dir.'mm_cfg.py';
//* Backup exiting file
@@ -1653,7 +1667,7 @@ class installer_base {
//* These postconf commands will be executed on installation and update
$server_ini_rec = $this->db->queryOneRecord("SELECT mail_server, config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
- $mail_server = ($server_ini_rec['mail_server']) ? true : false;
+ $mail_server = $conf['services']['mail'];
unset($server_ini_rec);
// amavisd user config file
@@ -1777,7 +1791,7 @@ class installer_base {
//* These postconf commands will be executed on installation and update
$server_ini_rec = $this->db->queryOneRecord("SELECT mail_server, config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
- $mail_server = ($server_ini_rec['mail_server']) ? true : false;
+ $mail_server = $conf['services']['mail'];
unset($server_ini_rec);
$config_dir = $conf['postfix']['config_dir'];
@@ -1981,8 +1995,13 @@ class installer_base {
exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/local.d/maps.d/* /etc/rspamd/override.d/*');
# protect passwords in these files
- exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
- exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
+ exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf');
+ exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf');
+
+ if(file_exists('/etc/rspamd/local.d/worker-controller.inc')) {
+ exec('chgrp _rspamd /etc/rspamd/local.d/worker-controller.inc');
+ exec('chmod 640 /etc/rspamd/local.d/worker-controller.inc');
+ }
# unneccesary, since this was done above?
$command = 'usermod -a -G amavis _rspamd';
diff --git a/install/tpl/apache_apps.vhost.master b/install/tpl/apache_apps.vhost.master
deleted file mode 100644
index 6957ed5eb8062dc8f65021710ebb637c5e22dc7d..0000000000000000000000000000000000000000
--- a/install/tpl/apache_apps.vhost.master
+++ /dev/null
@@ -1,134 +0,0 @@
-######################################################
-# This virtual host contains the configuration
-# for the ISPConfig apps vhost
-######################################################
-
-{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
-# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
-
-<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
- ServerAdmin webmaster@localhost
- {tmpl_var name='apps_vhost_servername'}
-
- <Directory {tmpl_var name='apps_vhost_dir'}>
- <FilesMatch "\.ph(p3?|tml)$">
- SetHandler None
- </FilesMatch>
- </Directory>
-
- # SSL Configuration
- <tmpl_var name="ssl_comment">SSLEngine On
- <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
- <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
- <tmpl_else>
- <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
- </tmpl_if>
- <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
- <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
- <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
-
- <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
- <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
- <tmpl_var name="ssl_comment">SSLCompression Off
- </tmpl_if>
- <tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
- <tmpl_var name="ssl_comment">SSLSessionTickets Off
- </tmpl_if>
-
- <IfModule mod_headers.c>
- # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
- Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
- <tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
- Header set X-Content-Type-Options: nosniff
- Header set X-Frame-Options: SAMEORIGIN
- Header set X-XSS-Protection: "1; mode=block"
- Header always edit Set-Cookie (.*) "$1; HTTPOnly"
- <tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
- <IfVersion >= 2.4.7>
- Header setifempty Strict-Transport-Security "max-age=15768000"
- </IfVersion>
- <IfVersion < 2.4.7>
- Header set Strict-Transport-Security "max-age=15768000"
- </IfVersion>
- RequestHeader unset Proxy early
- </IfModule>
-
- <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
- <tmpl_var name="ssl_comment">SSLUseStapling On
- <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
- <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
- </tmpl_if>
-
- <IfModule mod_headers.c>
- RequestHeader unset Proxy early
- </IfModule>
-
- <IfModule mod_php5.c>
- DocumentRoot {tmpl_var name='apps_vhost_dir'}
- AddType application/x-httpd-php .php
- <Directory {tmpl_var name='apps_vhost_dir'}>
- Options FollowSymLinks
- AllowOverride None
- <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all granted
- <tmpl_else>
- Order allow,deny
- Allow from all
- </tmpl_if>
- </Directory>
- </IfModule>
-
- <IfModule mod_php7.c>
- DocumentRoot {tmpl_var name='apps_vhost_dir'}
- AddType application/x-httpd-php .php
- <Directory {tmpl_var name='apps_vhost_dir'}>
- Options FollowSymLinks
- AllowOverride None
- <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all granted
- <tmpl_else>
- Order allow,deny
- Allow from all
- </tmpl_if>
- </Directory>
- </IfModule>
-
- <IfModule mod_fcgid.c>
- DocumentRoot {tmpl_var name='apps_vhost_dir'}
- SuexecUserGroup ispapps ispapps
- <Directory {tmpl_var name='apps_vhost_dir'}>
- Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
- AllowOverride AuthConfig Indexes Limit Options FileInfo
- <FilesMatch "\.php$">
- SetHandler fcgid-script
- </FilesMatch>
- FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
- <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all granted
- <tmpl_else>
- Order allow,deny
- Allow from all
- </tmpl_if>
- </Directory>
- IPCCommTimeout 7200
- MaxRequestLen 15728640
- </IfModule>
-
-{tmpl_if name="use_rspamd"}
- <Location /rspamd>
- Order allow,deny
- Allow from all
- </Location>
- RewriteEngine On
- RewriteRule ^/rspamd$ /rspamd/ [R,L]
- RewriteRule ^/rspamd/(.*) http://127.0.0.1:11334/$1 [P]
-{/tmpl_if}
-
-</VirtualHost>
-
-<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
-<IfModule mod_ssl.c>
- <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
-</IfModule>
-</tmpl_if>
diff --git a/install/tpl/apache_apps.vhost.master b/install/tpl/apache_apps.vhost.master
new file mode 120000
index 0000000000000000000000000000000000000000..a2fefe5c926292f5d2f954788eeda1e76d1798b4
--- /dev/null
+++ b/install/tpl/apache_apps.vhost.master
@@ -0,0 +1 @@
+server/conf/apache_apps.vhost.master
\ No newline at end of file
diff --git a/install/tpl/server.ini.master b/install/tpl/server.ini.master
index 7c371a217168daccacdedd378f76b4b532367bb6..521e418f6c6be9f635b5954f291ae79cf97e9699 100644
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -140,6 +140,7 @@ php_fpm_default_chroot=n
bind_user=root
bind_group=bind
bind_zonefiles_dir=/etc/bind
+bind_keyfiles_dir=/etc/bind
named_conf_path=/etc/bind/named.conf
named_conf_local_path=/etc/bind/named.conf.local
disable_bind_log=n
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index bede61a3ddde653c85f7581940b2cb19a31c25ff..679ebb2b7fae5ddcff4706d56bd391b3142f7bb3 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -1652,6 +1652,20 @@ $form["tabs"]['dns'] = array(
'width' => '40',
'maxlength' => '255'
),
+ 'bind_keyfiles_dir' => array(
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'bind_keyfiles_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'bind_keyfiles_dir_error_regex'),
+ ),
+ 'value' => '',
+ 'width' => '40',
+ 'maxlength' => '255'
+ ),
'named_conf_path' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
diff --git a/interface/web/admin/form/users.tform.php b/interface/web/admin/form/users.tform.php
index bc77087e2852c71d10f416e559b23291ab86b243..05e88e2e2bd11d7d311eab32fe4c307435a67913 100644
--- a/interface/web/admin/form/users.tform.php
+++ b/interface/web/admin/form/users.tform.php
@@ -251,7 +251,7 @@ $form['tabs']['users'] = array (
'formtype' => 'CHECKBOX',
'regex' => '',
'errmsg' => '',
- 'default' => '',
+ 'default' => '1',
'value' => array(0 => 0, 1 => 1),
'separator' => '',
'width' => '30',
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 748e4c6d581bd9c9533e5c7d00fe4bcad3ec75c7..363f528fba2d713e819e112578797a15b7c1b782 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -91,10 +91,12 @@ $wb['apps_vhost_servername_txt'] = 'Apps-vhost Domain';
$wb['bind_user_txt'] = 'BIND User';
$wb['bind_group_txt'] = 'BIND Group';
$wb['bind_zonefiles_dir_txt'] = 'BIND zonefiles directory';
+$wb['bind_keyfiles_dir_txt'] = 'BIND keyfiles directory';
$wb['named_conf_path_txt'] = 'BIND named.conf path';
$wb['bind_user_error_empty'] = 'BIND user is empty.';
$wb['bind_group_error_empty'] = 'BIND group is empty.';
$wb['bind_zonefiles_dir_error_empty'] = 'BIND zonefiles directory is empty.';
+$wb['bind_keyfiles_dir_error_empty'] = 'BIND keyfiles directory is empty.';
$wb['named_conf_path_error_empty'] = 'BIND named.conf path is empty.';
$wb['named_conf_local_path_error_empty'] = 'BIND named.conf.local path is empty.';
$wb['mail_filter_syntax_txt'] = 'Mailfilter Syntax';
@@ -281,6 +283,7 @@ $wb['awstats_buildstaticpages_pl_error_regex'] = 'Invalid awstats_buildstaticpag
$wb['invalid_bind_user_txt'] = 'Invalid BIND user.';
$wb['invalid_bind_group_txt'] = 'Invalid BIND group.';
$wb['bind_zonefiles_dir_error_regex'] = 'Invalid BIND zonefiles directory.';
+$wb['bind_keyfiles_dir_error_regex'] = 'Invalid BIND keyfiles directory.';
$wb['named_conf_path_error_regex'] = 'Invalid named.conf path.';
$wb['named_conf_local_path_error_regex'] = 'Invalid named.conf.local path.';
$wb['fastcgi_starter_path_error_regex'] = 'Invalid fastcgi starter path.';
diff --git a/interface/web/admin/templates/server_config_dns_edit.htm b/interface/web/admin/templates/server_config_dns_edit.htm
index 995acbf98651c2557ff0f2fb055a420f3f11aaf5..dcc7328e2c10cb4241ac8ff55a046ffbf3c3a6c2 100644
--- a/interface/web/admin/templates/server_config_dns_edit.htm
+++ b/interface/web/admin/templates/server_config_dns_edit.htm
@@ -11,6 +11,9 @@
<div class="form-group">
<label for="bind_zonefiles_dir" class="col-sm-3 control-label">{tmpl_var name='bind_zonefiles_dir_txt'}</label>
<div class="col-sm-9"><input type="text" name="bind_zonefiles_dir" id="bind_zonefiles_dir" value="{tmpl_var name='bind_zonefiles_dir'}" class="form-control" /></div></div>
+ <div class="form-group">
+ <label for="bind_keyfiles_dir" class="col-sm-3 control-label">{tmpl_var name='bind_keyfiles_dir_txt'}</label>
+ <div class="col-sm-9"><input type="text" name="bind_keyfiles_dir" id="bind_keyfiles_dir" value="{tmpl_var name='bind_keyfiles_dir'}" class="form-control" /></div></div>
<div class="form-group">
<label for="named_conf_path" class="col-sm-3 control-label">{tmpl_var name='named_conf_path_txt'}</label>
<div class="col-sm-9"><input type="text" name="named_conf_path" id="named_conf_path" value="{tmpl_var name='named_conf_path'}" class="form-control" /></div></div>
diff --git a/interface/web/client/form/client.tform.php b/interface/web/client/form/client.tform.php
index 1f60ffe1b4ca4955a2b74dda44dbf4c307a1a1fc..c6d05f9eb32b92f792cf43bed278df262fb6631b 100644
--- a/interface/web/client/form/client.tform.php
+++ b/interface/web/client/form/client.tform.php
@@ -318,7 +318,7 @@ $form["tabs"]['address'] = array (
'country' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
- 'default' => (isset($conf['language']) ? strtoupper($conf['language']) : ''),
+ 'default' => (isset($conf['default_country'])) ? strtoupper($conf['default_country']) : ((isset($conf['language'])) ? strtoupper($conf['language']) : ''),
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name ASC',
'keyfield' => 'iso',
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index e31a98709ff8b13ba98b4660b2f86ac3f679f94a..e85faff8d4ad2d2aa461e2944a296e844f22b944 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -140,7 +140,7 @@ function process_login_request(app $app, &$error, $conf, $module)
} else {
//* Do 2FA authentication
- if(isset($user['otp_type']) and $user['otp_type'] != 'none') {
+ if(isset($user['otp_type']) && $user['otp_type'] != 'none') {
//* Save session in pending state and destroy original session
$_SESSION['s_pending'] = $_SESSION['s'];
diff --git a/server/conf/apache_apps.vhost.master b/server/conf/apache_apps.vhost.master
index 8d6df71b7da0cf2c07e7e57cce50c77d04787b2e..6957ed5eb8062dc8f65021710ebb637c5e22dc7d 100644
--- a/server/conf/apache_apps.vhost.master
+++ b/server/conf/apache_apps.vhost.master
@@ -9,10 +9,12 @@
<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
ServerAdmin webmaster@localhost
{tmpl_var name='apps_vhost_servername'}
-
- <FilesMatch "\.ph(p3?|tml)$">
- SetHandler None
- </FilesMatch>
+
+ <Directory {tmpl_var name='apps_vhost_dir'}>
+ <FilesMatch "\.ph(p3?|tml)$">
+ SetHandler None
+ </FilesMatch>
+ </Directory>
# SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On
@@ -96,7 +98,7 @@
DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
<Directory {tmpl_var name='apps_vhost_dir'}>
- Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
+ Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
<FilesMatch "\.php$">
SetHandler fcgid-script
@@ -109,6 +111,8 @@
Allow from all
</tmpl_if>
</Directory>
+ IPCCommTimeout 7200
+ MaxRequestLen 15728640
</IfModule>
{tmpl_if name="use_rspamd"}
diff --git a/server/conf/apps_php_fpm_pool.conf.master b/server/conf/apps_php_fpm_pool.conf.master
index 74597272c0e998f5b1d7412188b9e71e18ed9ee0..e0db30dad69d0efe4052cc13014ccaf858632a08 100644
--- a/server/conf/apps_php_fpm_pool.conf.master
+++ b/server/conf/apps_php_fpm_pool.conf.master
@@ -17,4 +17,7 @@ pm.max_spare_servers = 5
chdir = /
; php_admin_value[open_basedir] = /var/www/apps:/srv/www/apps:/usr/share
-php_admin_flag[magic_quotes_gpc] = off
\ No newline at end of file
+php_admin_flag[magic_quotes_gpc] = off
+
+php_admin_value[post_max_size] = 100M
+php_admin_value[upload_max_filesize] = 100M
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index a1873eab84033afbc75776924ac7414962aeef6a..f687bee839ba003cdbcaa195bd1cadbb0590a356 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -408,6 +408,13 @@
</tmpl_if>
<tmpl_if name='use_tcp'>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1
+ <Directory {tmpl_var name='web_document_root_www'}>
+ <FilesMatch "\.php[345]?$">
+ <If "-f '%{REQUEST_FILENAME}'">
+ SetHandler "proxy:fcgi://127.0.0.1:<tmpl_var name='fpm_port'>"
+ </If>
+ </FilesMatch>
+ </Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<If "-f '%{REQUEST_FILENAME}'">
@@ -418,6 +425,13 @@
</tmpl_if>
<tmpl_if name='use_socket'>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix://<tmpl_var name='fpm_socket'>|fcgi://localhost/<tmpl_var name='web_document_root'>/$1
+ <Directory {tmpl_var name='web_document_root_www'}>
+ <FilesMatch "\.php[345]?$">
+ <If "-f '%{REQUEST_FILENAME}'">
+ SetHandler "proxy:unix:<tmpl_var name='fpm_socket'>|fcgi://localhost"
+ </If>
+ </FilesMatch>
+ </Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<If "-f '%{REQUEST_FILENAME}'">
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index e78ef2636e4aca32451fb53053d1d01edfff9442..72e3fc7e2de8403a861b3549ed1c06502b41c887 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -44,7 +44,7 @@ class letsencrypt {
}
public function get_acme_script() {
- $acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
+ $acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh 2> /dev/null'));
$acme = reset($acme);
if(is_executable($acme)) {
return $acme;
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index 2deabc7e23a71f29f7747b313f72a70f529d1d7c..d341ff2e3b8d83f1b35cb5cca2d389cec52a0217 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -98,11 +98,11 @@ class bind_plugin {
//* Verify that we do not already have keys (overwriting-protection)
if($data['old']['dnssec_algo'] == $data['new']['dnssec_algo']) {
- if (file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) {
+ if (file_exists($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.')) {
return $this->soa_dnssec_update($data);
} else if ($data['new']['dnssec_initialized'] == 'Y') { //In case that we generated keys but the dsset-file was not generated
$keycount=0;
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
$keycount++;
}
if ($keycount > 0) {
@@ -116,11 +116,11 @@ class bind_plugin {
$dnssec_algo = explode(',',$data['new']['dnssec_algo']);
//* Create the Zone Signing and Key Signing Keys
- if(in_array('ECDSAP256SHA256',$dnssec_algo) && count(glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key')) == 0) {
- $app->system->exec_safe('cd ?; dnssec-keygen -3 -a ECDSAP256SHA256 -n ZONE ?; dnssec-keygen -f KSK -3 -a ECDSAP256SHA256 -n ZONE ?', $dns_config['bind_zonefiles_dir'], $domain, $domain);
+ if(in_array('ECDSAP256SHA256',$dnssec_algo) && count(glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key')) == 0) {
+ $app->system->exec_safe('cd ?; dnssec-keygen -3 -a ECDSAP256SHA256 -n ZONE ?; dnssec-keygen -f KSK -3 -a ECDSAP256SHA256 -n ZONE ?', $dns_config['bind_keyfiles_dir'], $domain, $domain);
}
- if(in_array('NSEC3RSASHA1',$dnssec_algo) && count(glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key')) == 0) {
- $app->system->exec_safe('cd ?; dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE ?; dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE ?', $dns_config['bind_zonefiles_dir'], $domain, $domain);
+ if(in_array('NSEC3RSASHA1',$dnssec_algo) && count(glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key')) == 0) {
+ $app->system->exec_safe('cd ?; dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE ?; dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE ?', $dns_config['bind_keyfiles_dir'], $domain, $domain);
}
$this->soa_dnssec_sign($data); //Now sign the zone for the first time
@@ -149,8 +149,8 @@ class bind_plugin {
//* Include ECDSAP256SHA256 keys in zone
if(in_array('ECDSAP256SHA256',$dnssec_algo)) {
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
- $includeline = '$INCLUDE '.basename($keyfile);
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
+ $includeline = '$INCLUDE ' . $keyfile;
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
$keycount++;
}
@@ -158,8 +158,8 @@ class bind_plugin {
//* Include NSEC3RSASHA1 keys in zone
if(in_array('NSEC3RSASHA1',$dnssec_algo)) {
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
- $includeline = '$INCLUDE '.basename($keyfile);
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
+ $includeline = '$INCLUDE ' . $keyfile;
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
$keycount++;
}
@@ -171,20 +171,20 @@ class bind_plugin {
file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);
//* Sign the zone and set it valid for max. 16 days
- $app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -t ?', $dns_config['bind_zonefiles_dir'], $domain, $filespre.$domain);
+ $app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -K ? -t ?', $dns_config['bind_zonefiles_dir'], $domain, $dns_config['bind_keyfiles_dir'], $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
//* Write Data back ino DB
- $dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
+ $dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');
$dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n";
if(in_array('ECDSAP256SHA256',$dnssec_algo)) {
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
$dnssecdata .= file_get_contents($keyfile)."\n\n";
}
}
if(in_array('NSEC3RSASHA1',$dnssec_algo)) {
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
$dnssecdata .= file_get_contents($keyfile)."\n\n";
}
}
@@ -213,7 +213,7 @@ class bind_plugin {
return false;
}
- if (!$new && !file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
+ if (!$new && !file_exists($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
$dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id=?', intval($data['new']['id']));
$app->system->exec_safe('cd ?; named-checkzone ? ? | egrep -ho \'[0-9]{10}\'', $dns_config['bind_zonefiles_dir'], $domain, $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
@@ -237,12 +237,12 @@ class bind_plugin {
$domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1);
- $key_files = glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+*');
+ $key_files = glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+*');
foreach($key_files as $file) {
unlink($file);
}
unlink($dns_config['bind_zonefiles_dir'].'/'.$this->zone_file_prefix().$domain.'.signed');
- unlink($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
+ unlink($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');
if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
$app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));