Commit cda177a2 authored by Marius Burkard's avatar Marius Burkard

- fixed vhost settings for nginx

- fixed rspamd settings
- fixed errors in webserver plugin
- fixed error in dkim domain handling
parent 41b988f3
......@@ -2,7 +2,7 @@ server {
listen {vhost_port}{ssl_on};
listen [::]:{vhost_port} ipv6only=on{ssl_on};
{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
{ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
{ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
{ssl_comment}ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
......
......@@ -4,10 +4,10 @@ settings {
authenticated = yes;
#apply "default" { groups_disabled = ["rbl", "spf"]; }
apply "default" {
symbols_enabled = [];
#symbols_enabled = [];
symbols_disabled = [];
groups_enabled = [];
groups_disabled = [];
#groups_enabled = [];
groups_disabled = ["rbl"];
}
}
whitelist {
......
......@@ -318,7 +318,7 @@ class page_action extends tform_actions {
$soaDomain = $this->dataRecord['domain'].'.';
while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) {
$soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain);
$soaDomain = preg_replace("/^\w+\./","",$soaDomain);
$soaDomain = preg_replace("/^[^\.]+\./","",$soaDomain);
}
if ( isset($soa) && !empty($soa) ) $this->update_dns($this->dataRecord, $soa);
}
......@@ -444,7 +444,7 @@ class page_action extends tform_actions {
$soaDomain = $this->dataRecord['domain'].'.';
while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) {
$soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain);
$soaDomain = preg_replace("/^\w+\./","",$soaDomain);
$soaDomain = preg_replace("/^[^\.]+\./","",$soaDomain);
}
if ( ($selector || $dkim_private || $dkim_active) && $dkim_active )
......
......@@ -28,7 +28,7 @@ server {
</tmpl_if>
</tmpl_if>
listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# ssl_prefer_server_ciphers on;
<tmpl_if name='ipv6_enabled'>
......
......@@ -1719,7 +1719,7 @@ class plugin_webserver_base {
$this->action = 'update';
$this->update_letsencrypt = true;
// just run the update function
$this->update($event_name, $data);
$this->eventUpdate($event_name, $data, 'update', $server_type);
} else {
$conf_prefix = '';
......
......@@ -632,7 +632,7 @@ class plugin_webserver_nginx {
if(count($server_alias) > 0) {
$server_alias_str = '';
foreach($server_alias as $tmp_alias) {
$server_alias_str .= $tmp_alias;
$server_alias_str .= ' ' . $tmp_alias;
}
unset($tmp_alias);
......
......@@ -104,6 +104,8 @@ class mail_plugin_dkim {
function check_system($data) {
global $app, $mail_config;
/** TODO: FIX IF ONLY RSPAMD IS INSTALLED AND NO AMAVIS! **/
$app->uses('getconf');
$check=true;
......
......@@ -98,7 +98,7 @@ class nginx_plugin {
if($this->action != 'insert') $this->action = 'update';
$app->plugins_webserver_base->eventUpdate($event_name, $data, 'nginx');
$app->plugin_webserver_base->eventUpdate($event_name, $data, $this->action, 'nginx');
//* Unset action to clean it for next processed vhost.
$this->action = '';
......
......@@ -88,7 +88,7 @@ class rspamd_plugin {
$app->uses('getconf,system,functions');
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){
if(is_dir('/etc/rspamd')) {
$policy = $app->db->queryOneRecord("SELECT * FROM spamfilter_policy WHERE id = ?", intval($data['new']['policy_id']));
//* Create the config file
......@@ -129,10 +129,14 @@ class rspamd_plugin {
$app->system->file_put_contents($user_file, $tpl->grab());
} else {
if(is_file($user_file)) unlink($user_file);
if(is_file($user_file)) {
unlink($user_file);
}
}
if($mail_config['content_filter'] == 'rspamd'){
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
}
//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
}
}
......@@ -143,11 +147,14 @@ class rspamd_plugin {
$app->uses('getconf');
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){
if(is_dir('/etc/rspamd')) {
//* delete the config file
$user_file = $this->users_config_dir.'spamfilter_user_'.intval($data['old']['id']).'.conf';
if(is_file($user_file)) unlink($user_file);
//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
}
if($mail_config['content_filter'] == 'rspamd') {
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
}
}
......@@ -166,7 +173,7 @@ class rspamd_plugin {
$app->uses('getconf,system,functions');
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){
if(is_dir('/etc/rspamd')) {
$recipient = $app->db->queryOneRecord("SELECT email FROM spamfilter_users WHERE id = ?", intval($data['new']['rid']));
//* Create the config file
$wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['new']['wblist_id']).'.conf';
......@@ -191,8 +198,10 @@ class rspamd_plugin {
} else {
if(is_file($wblist_file)) unlink($wblist_file);
}
//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
if($mail_config['content_filter'] == 'rspamd'){
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
}
}
}
......@@ -202,12 +211,14 @@ class rspamd_plugin {
$app->uses('getconf');
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){
if(is_dir('/etc/rspamd')) {
//* delete the config file
$wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['old']['wblist_id']).'.conf';
if(is_file($wblist_file)) unlink($wblist_file);
//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
if($mail_config['content_filter'] == 'rspamd'){
if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
}
}
}
......@@ -220,7 +231,7 @@ class rspamd_plugin {
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] == 'rspamd'){
if(is_dir('/etc/rspamd')) {
$tpl = new tpl();
$tpl->newTemplate('rspamd_users.conf.master');
......@@ -234,7 +245,9 @@ class rspamd_plugin {
$tpl->setLoop('whitelist_ips', $whitelist_ips);
$app->system->file_put_contents('/etc/rspamd/local.d/users.conf', $tpl->grab());
$app->services->restartServiceDelayed('rspamd', 'reload');
if($mail_config['content_filter'] == 'rspamd'){
$app->services->restartServiceDelayed('rspamd', 'reload');
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment