Skip to content
Hide whitespace changes
Inline Side-by-side
server/conf/mm_cfg.py.master deleted 100644 → 0
View file @ 61b6df14
# -*- python -*-
# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA
"""This is the module which takes your site-specific settings.
From a raw distribution it should be copied to mm_cfg.py. If you
already have an mm_cfg.py, be careful to add in only the new settings
you want. The complete set of distributed defaults, with annotation,
are in ./Defaults. In mm_cfg, override only those you want to
change, after the
from Defaults import *
line (see below).
Note that these are just default settings - many can be overridden via the
admin and user interfaces on a per-list or per-user basis.
Note also that some of the settings are resolved against the active list
setting by using the value as a format string against the
list-instance-object's dictionary - see the distributed value of
DEFAULT_MSG_FOOTER for an example."""
#######################################################
# Here's where we get the distributed defaults. #
from Defaults import *
##############################################################
# Put YOUR site-specific configuration below, in mm_cfg.py . #
# See Defaults.py for explanations of the values. #
#-------------------------------------------------------------
# The name of the list Mailman uses to send password reminders
# and similar. Don't change if you want mailman-owner to be
# a valid local part.
MAILMAN_SITE_LIST = 'mailman'
#-------------------------------------------------------------
# If you change these, you have to configure your http server
# accordingly (Alias and ScriptAlias directives in most httpds)
DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/'
PRIVATE_ARCHIVE_URL = '/cgi-bin/mailman/private'
IMAGE_LOGOS = '/images/mailman/'
#-------------------------------------------------------------
# Default domain for email addresses of newly created MLs
DEFAULT_EMAIL_HOST = '{hostname}'
#-------------------------------------------------------------
# Default host for web interface of newly created MLs
DEFAULT_URL_HOST = '{hostname}'
#-------------------------------------------------------------
# Required when setting any of its arguments.
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
#-------------------------------------------------------------
# The default language for this server.
DEFAULT_SERVER_LANGUAGE = {default_language}
#-------------------------------------------------------------
# Iirc this was used in pre 2.1, leave it for now
USE_ENVELOPE_SENDER = 0 # Still used?
#-------------------------------------------------------------
# Unset send_reminders on newly created lists
DEFAULT_SEND_REMINDERS = 0
#-------------------------------------------------------------
# Uncomment this if you configured your MTA such that it
# automatically recognizes newly created lists.
# (see /usr/share/doc/mailman/README.Exim4.Debian or
# /usr/share/mailman/postfix-to-mailman.py)
# MTA=None # Misnomer, suppresses alias output on newlist
#-------------------------------------------------------------
# Uncomment if you use Postfix virtual domains (but not
# postfix-to-mailman.py), but be sure to see
# /usr/share/doc/mailman/README.Debian first.
MTA='Postfix'
POSTFIX_STYLE_VIRTUAL_DOMAINS = [{virtual_domains}]
#-------------------------------------------------------------
# Uncomment if you want to filter mail with SpamAssassin. For
# more information please visit this website:
# http://www.jamesh.id.au/articles/mailman-spamassassin/
# GLOBAL_PIPELINE.insert(1, 'SpamAssassin')
POSTFIX_MAP_CMD = '/etc/mailman/virtual_to_transport.sh'
# Note - if you're looking for something that is imported from mm_cfg, but you
# didn't find it above, it's probably in /usr/lib/mailman/Mailman/Defaults.py.
\ No newline at end of file
server/conf/nginx_apps.vhost.master
View file @ 2f21ecee
server {
listen {apps_vhost_ip}{apps_vhost_port};
listen [::]:{apps_vhost_port} ipv6only=on;
ssl {ssl_on};
{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
{ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
{ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
# redirect to https if accessed with http
{ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
server_name {apps_vhost_servername};
......@@ -12,7 +20,7 @@ server {
}
# serve static files directly
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
}
......@@ -157,46 +165,28 @@ server {
rewrite ^/* /squirrelmail last;
}
location /cgi-bin/mailman {
root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_intercept_errors on;
fastcgi_pass unix:{cgi_socket};
}
location /images/mailman {
alias /usr/share/images/mailman;
}
{use_rspamd}location /rspamd/ {
{use_rspamd}proxy_pass http://127.0.0.1:11334/;
{use_rspamd}rewrite ^//(.*) /$1;
{use_rspamd}proxy_set_header X-Forwarded-Proto $scheme;
{use_rspamd}proxy_set_header Host $host;
{use_rspamd}proxy_set_header X-Real-IP $remote_addr;
{use_rspamd}proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{use_rspamd}proxy_pass_header Authorization;
{use_rspamd}client_max_body_size 0;
{use_rspamd}client_body_buffer_size 1m;
{use_rspamd}proxy_intercept_errors on;
{use_rspamd}proxy_buffering on;
{use_rspamd}proxy_buffer_size 128k;
{use_rspamd}proxy_buffers 256 16k;
{use_rspamd}proxy_busy_buffers_size 256k;
{use_rspamd}proxy_temp_file_write_size 256k;
{use_rspamd}proxy_max_temp_file_size 0;
{use_rspamd}proxy_read_timeout 300;
{use_rspamd}
{use_rspamd}location ~* ^/rspamd/(.+\.(jpg|jpeg|gif|css|png|js|ico|html?|xml|txt))$ {
{use_rspamd}alias /usr/share/rspamd/www/$1;
{use_rspamd}}
{use_rspamd}}
location /pipermail {
alias /var/lib/mailman/archives/public;
autoindex on;
}
}
server/conf/nginx_vhost.conf.master
View file @ 2f21ecee
......@@ -29,7 +29,7 @@ server {
</tmpl_if>
listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# ssl_prefer_server_ciphers on;
<tmpl_if name='ipv6_enabled'>
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
......@@ -143,6 +143,7 @@ server {
location ^~ /.well-known/acme-challenge/ {
access_log off;
log_not_found off;
auth_basic off;
root /usr/local/ispconfig/interface/acme/;
autoindex off;
index index.html;
......@@ -201,44 +202,9 @@ server {
fastcgi_intercept_errors on;
}
</tmpl_else>
<tmpl_if name='php' op='==' value='hhvm'>
location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
<tmpl_if name='seo_redirect_enabled'>
fastcgi_param SERVER_NAME <tmpl_var name='seo_redirect_target_domain'>;
</tmpl_if>
fastcgi_intercept_errors on;
error_page 500 501 502 503 = @phpfallback;
}
location @phpfallback {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
<tmpl_if name='use_tcp'>
fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
</tmpl_if>
<tmpl_if name='use_socket'>
fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
</tmpl_if>
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param PATH_INFO $fastcgi_script_name;
<tmpl_if name='seo_redirect_enabled'>
fastcgi_param SERVER_NAME <tmpl_var name='seo_redirect_target_domain'>;
</tmpl_if>
fastcgi_intercept_errors on;
}
</tmpl_else>
location @php {
deny all;
}
</tmpl_if>
</tmpl_if>
<tmpl_if name='cgi' op='==' value='y'>
......
server/conf/rspamd_users.inc.conf.master 0 → 100644
View file @ 2f21ecee
spamfilter_users-<tmpl_var name='record_id'> {
priority = <tmpl_var name='priority'>;
rcpt = "<tmpl_var name='recipient'>";
<tmpl_if name='spam_lover_virus_lover' op='==' value='spam_lover_AND_virus_lover'>
want_spam = yes;
</tmpl_if>
<tmpl_if name='spam_lover_virus_lover' op='==' value='spam_lover_AND_NOTvirus_lover'>
apply "default" {
CLAM_VIRUS = 1999.0;
JUST_EICAR = 1999.0;
actions {
reject = 999.0;
}
}
</tmpl_if>
<tmpl_if name='spam_lover_virus_lover' op='==' value='NOTspam_lover_AND_virus_lover'>
apply "default" {
CLAM_VIRUS = -999.0;
JUST_EICAR = -999.0;
actions {
<tmpl_if name='rspamd_greylisting' op='==' value='y'>greylist = <tmpl_var name='rspamd_spam_greylisting_level'>;</tmpl_if>
<tmpl_var name='rspamd_spam_tag_method'> = <tmpl_var name='rspamd_spam_tag_level'>;
reject = <tmpl_var name='rspamd_spam_kill_level'>;
}
}
</tmpl_if>
<tmpl_if name='spam_lover_virus_lover' op='==' value='NOTspam_lover_AND_NOTvirus_lover'>
apply "default" {
CLAM_VIRUS = <tmpl_var name='rspamd_virus_kill_level'>;
JUST_EICAR = <tmpl_var name='rspamd_virus_kill_level'>;
actions {
<tmpl_if name='rspamd_greylisting' op='==' value='y'>greylist = <tmpl_var name='rspamd_spam_greylisting_level'>;</tmpl_if>
<tmpl_var name='rspamd_spam_tag_method'> = <tmpl_var name='rspamd_spam_tag_level'>;
reject = <tmpl_var name='rspamd_spam_kill_level'>;
}
}
</tmpl_if>
}
\ No newline at end of file
server/conf/rspamd_worker-controller.inc.master 0 → 100644
View file @ 2f21ecee
# Included from top-level .conf file
type = "controller";
count = 1;
password = "<tmpl_var name='rspamd_password'>";
secure_ip = "127.0.0.1";
secure_ip = "::1";
static_dir = "${WWWDIR}";
\ No newline at end of file
server/conf/sieve_filter.master
View file @ 2f21ecee
require ["fileinto", "regex", "vacation", "imap4flags", "envelope", "subaddress"];
require ["fileinto", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"];
<tmpl_if name="cc">
# Send a copy of email to
......@@ -9,7 +9,7 @@ redirect "<tmpl_var name='address'>";
<tmpl_if name="move_junk" op="==" value="y">
# Move spam to spam folder
if header :contains "X-Spam-Flag" "YES" {
if anyof (header :contains "X-Spam-Flag" "YES", header :contains "X-Spam" "Yes", header :contains "subject" "*** SPAM ***", header :contains "subject" "***SPAM***") {
fileinto "Junk";
# Stop here so that we do not reply on spams
stop;
......@@ -26,7 +26,7 @@ keep;
#################################################################
# Move spam to spam folder
if header :contains "X-Spam-Flag" "YES" {
if anyof (header :contains "X-Spam-Flag" "YES", header :contains "X-Spam" "Yes", header :contains "subject" "*** SPAM ***", header :contains "subject" "***SPAM***") {
fileinto "Junk";
# Stop here so that we do not reply on spams
stop;
......
server/conf/sieve_filter_1.2.master
View file @ 2f21ecee
require ["fileinto", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress"];
require ["fileinto", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"];
<tmpl_if name="move_junk" op="==" value="y">
# Move spam to spam folder
if header :contains "X-Spam-Flag" "YES" {
if anyof (header :contains "X-Spam-Flag" "YES", header :contains "X-Spam" "Yes", header :contains "subject" "*** SPAM ***", header :contains "subject" "***SPAM***") {
fileinto "Junk";
# Stop here so that we do not reply on spams
stop;
......@@ -26,7 +26,7 @@ keep;
#################################################################
# Move spam to spam folder
if header :contains "X-Spam-Flag" "YES" {
if anyof (header :contains "X-Spam-Flag" "YES", header :contains "X-Spam" "Yes", header :contains "subject" "*** SPAM ***", header :contains "subject" "***SPAM***") {
# Stop here so that we do not reply on spams
stop;
}
......
server/conf/vhost.conf.master
View file @ 2f21ecee
......@@ -2,12 +2,7 @@
<Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}>
AllowOverride None
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all denied
<tmpl_else>
Order Deny,Allow
Deny from all
</tmpl_if>
</Directory>
<tmpl_loop name='vhosts'>
......@@ -19,22 +14,10 @@
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
DocumentRoot <tmpl_var name='web_document_root'>
<tmpl_if name='php' op='==' value='php-fpm'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
<tmpl_if name='php' op='==' value='cgi'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
<tmpl_if name='php' op='==' value='php-fpm'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
<tmpl_if name='php' op='==' value='hhvm'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
DocumentRoot <tmpl_var name='web_document_root_www'>
</tmpl_if>
</tmpl_if>
</tmpl_if>
DocumentRoot <tmpl_var name='web_document_root_www'>
</tmpl_if>
ServerName <tmpl_var name='domain'>
......@@ -47,7 +30,7 @@
<tmpl_if name='enable_http2' op='==' value='y'>
Protocols h2 http/1.1
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS'
SSLCipherSuite 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS'
</tmpl_if>
</tmpl_if>
......@@ -74,7 +57,7 @@
<IfModule mod_ssl.c>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
# SSLCipherSuite TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# <IfModule mod_headers.c>
# Header always add Strict-Transport-Security "max-age=15768000"
......@@ -101,12 +84,7 @@
</FilesMatch>
Options +FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
<tmpl_if name='ssi' op='==' value='y'>
# ssi enabled
......@@ -116,13 +94,7 @@
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all denied
<tmpl_else>
Order allow,deny
Deny from all
Allow from none
</tmpl_if>
</Files>
</tmpl_if>
</Directory>
......@@ -133,12 +105,7 @@
</FilesMatch>
Options +FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
<tmpl_if name='ssi' op='==' value='y'>
# ssi enabled
......@@ -148,13 +115,7 @@
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all denied
<tmpl_else>
Order allow,deny
Deny from all
Allow from none
</tmpl_if>
</Files>
</tmpl_if>
</Directory>
......@@ -221,12 +182,7 @@
<tmpl_if name='cgi' op='==' value='y'>
# cgi enabled
<Directory {tmpl_var name='document_root'}/cgi-bin>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
<FilesMatch "\.(cgi|pl)$">
......@@ -253,50 +209,10 @@
php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
# suphp enabled
<Directory {tmpl_var name='web_document_root'}>
<IfModule mod_suphp.c>
suPHP_Engine on
# suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
<tmpl_if name='has_custom_php_ini'>
suPHP_ConfigPath <tmpl_var name='custom_php_ini_dir'>
</tmpl_if>
<FilesMatch "\.php[345]?$">
SetHandler x-httpd-suphp
</FilesMatch>
suPHP_AddHandler x-httpd-suphp
</IfModule>
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='cgi'>
# php as cgi enabled
ScriptAlias /php-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
Action php-cgi /php-cgi
<Directory {tmpl_var name='web_document_root_www'}>
<FilesMatch "\.php[345]?$">
SetHandler php-cgi
</FilesMatch>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
SetHandler php-cgi
</FilesMatch>
</Directory>
<Directory {tmpl_var name='cgi_starter_path'}>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='fast-cgi'>
# php as fast-cgi enabled
# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
<IfModule mod_fcgid.c>
<tmpl_if name='fastcgi_config_syntax' op='==' value='2'>
FcgidIdleTimeout 300
FcgidProcessLifeTime 3600
# FcgidMaxProcesses 1000
......@@ -307,16 +223,6 @@
FcgidIOTimeout 600
FcgidBusyTimeout 3600
FcgidMaxRequestLen 1073741824
<tmpl_else>
IdleTimeout 300
ProcessLifeTime 3600
# MaxProcessCount 1000
DefaultMinClassProcessCount 0
DefaultMaxClassProcessCount 10
IPCConnectTimeout 3
IPCCommTimeout 600
BusyTimeout 3600
</tmpl_if>
</IfModule>
<Directory {tmpl_var name='web_document_root_www'}>
<FilesMatch "\.php[345]?$">
......@@ -328,12 +234,7 @@
FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php5
Options +ExecCGI
AllowOverride <tmpl_var name='allow_override'>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
......@@ -345,44 +246,26 @@
FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php5
Options +ExecCGI
AllowOverride <tmpl_var name='allow_override'>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='php-fpm'>
<IfModule mod_fastcgi.c>
<Directory {tmpl_var name='document_root'}/cgi-bin>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
<Directory {tmpl_var name='web_document_root_www'}>
<FilesMatch "\.php[345]?$">
<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
<If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
SetHandler php-fcgi
</If>
<tmpl_else>
SetHandler php-fcgi
</tmpl_if>
<If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
SetHandler php-fcgi
</If>
</FilesMatch>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
<If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
SetHandler php-fcgi
</If>
<tmpl_else>
SetHandler php-fcgi
</tmpl_if>
<If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
SetHandler php-fcgi
</If>
</FilesMatch>
</Directory>
Action php-fcgi /php-fcgi virtual
......@@ -399,13 +282,9 @@
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
<If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
SetHandler "proxy:fcgi://127.0.0.1:<tmpl_var name='fpm_port'>"
</If>
<tmpl_else>
SetHandler "proxy:fcgi://127.0.0.1:<tmpl_var name='fpm_port'>"
</tmpl_if>
<If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
SetHandler "proxy:fcgi://127.0.0.1:<tmpl_var name='fpm_port'>"
</If>
</FilesMatch>
</Directory>
</tmpl_if>
......@@ -413,111 +292,36 @@
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix://<tmpl_var name='fpm_socket'>|fcgi://localhost/<tmpl_var name='web_document_root'>/$1
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
<If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
SetHandler "proxy:unix:<tmpl_var name='fpm_socket'>|fcgi://localhost"
</If>
<tmpl_else>
SetHandler "proxy:unix:<tmpl_var name='fpm_socket'>|fcgi://localhost"
</tmpl_if>
<If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
SetHandler "proxy:unix:<tmpl_var name='fpm_socket'>|fcgi://localhost"
</If>
</FilesMatch>
</Directory>
</tmpl_if>
</IfModule>
</tmpl_if>
<tmpl_if name='php' op='==' value='hhvm'>
<IfModule mod_fastcgi.c>
<Directory {tmpl_var name='document_root'}/cgi-bin>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
<Directory {tmpl_var name='web_document_root_www'}>
<FilesMatch "\.php[345]?$">
SetHandler hhvm-fcgi
</FilesMatch>
<FilesMatch "\.hh$">
SetHandler hhvm-fcgi
</FilesMatch>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
SetHandler hhvm-fcgi
</FilesMatch>
<FilesMatch "\.hh$">
SetHandler hhvm-fcgi
</FilesMatch>
</Directory>
Action hhvm-fcgi /hhvm-fcgi virtual
Alias /hhvm-fcgi {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket /var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock -pass-header Authorization -pass-header Content-Type
</IfModule>
<IfModule mod_proxy_fcgi.c>
<Directory {tmpl_var name='document_root'}/cgi-bin>
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
SetHandler "proxy:unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock|fcgi://localhost"
</FilesMatch>
<FilesMatch "\.hh$">
SetHandler "proxy:unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock|fcgi://localhost"
</FilesMatch>
</Directory>
<Directory {tmpl_var name='web_document_root_www'}>
<FilesMatch "\.php[345]?$">
SetHandler "proxy:unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock|fcgi://localhost"
</FilesMatch>
<FilesMatch "\.hh$">
SetHandler "proxy:unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock|fcgi://localhost"
</FilesMatch>
</Directory>
</IfModule>
</tmpl_if>
<tmpl_if name="rewrite_enabled">
RewriteEngine on
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
RewriteRule ^ - [END]
</tmpl_if>
<tmpl_if name='ssl_enabled'>
<tmpl_else>
<tmpl_if name='rewrite_to_https' op='==' value='y'>
RewriteCond %{HTTPS} off
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
</tmpl_if>
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</tmpl_if>
</tmpl_if>
<tmpl_if name='seo_redirect_enabled'>
RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
</tmpl_if>
RewriteRule ^ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>%{REQUEST_URI} [R=301,NE,L]
</tmpl_if>
<tmpl_loop name="alias_seo_redirects">
RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC]
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
</tmpl_if>
RewriteRule ^ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>%{REQUEST_URI} [R=301,NE,L]
</tmpl_loop>
<tmpl_loop name="redirects">
RewriteCond %{HTTP_HOST} <tmpl_var name='rewrite_domain'>$ [NC]
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
</tmpl_if>
<tmpl_if name="rewrite_is_url" op="==" value="n">
RewriteCond %{REQUEST_URI} !^/webdav/
RewriteCond %{REQUEST_URI} !^/php-fcgi/
......@@ -530,8 +334,6 @@
<tmpl_else>
<tmpl_if name='rewrite_to_https' op='==' value='y'>
RewriteCond %{HTTPS} off
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
</tmpl_if>
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
</tmpl_if>
</tmpl_if>
......
server/conf/xmpp_conf_ssl.master deleted 100644 → 0
View file @ 61b6df14
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
# RFC 4985 defines this OID
SRVName = 1.3.6.1.5.5.7.8.7
[ req ]
default_bits = 4096
default_keyfile = {tmpl_var name='domain'}.key
distinguished_name = distinguished_name
req_extensions = v3_extensions
x509_extensions = v3_extensions
# ask about the DN?
prompt = no
[ distinguished_name ]
commonName = {tmpl_var name='domain'}
countryName = {tmpl_var name='ssl_country'}
localityName = {tmpl_var name='ssl_locality'}
organizationName = {tmpl_var name='ssl_organisation'}
organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
emailAddress = {tmpl_var name='ssl_email'}
[ v3_extensions ]
# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
[ subject_alternative_name ]
# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
DNS.0 = {tmpl_var name='domain'}
otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
DNS.1 = muc.{tmpl_var name='domain'}
otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'}
otherName.4 = SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'}
DNS.2 = pubsub.{tmpl_var name='domain'}
otherName.5 = xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'}
otherName.6 = SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'}
DNS.3 = anon.{tmpl_var name='domain'}
otherName.7 = xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'}
otherName.8 = SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'}
DNS.4 = xmpp.{tmpl_var name='domain'}
otherName.9 = xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'}
otherName.10= SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'}
DNS.5 = proxy.{tmpl_var name='domain'}
otherName.11= xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'}
otherName.12= SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'}
DNS.6 = vjud.{tmpl_var name='domain'}
otherName.13= xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'}
otherName.14= SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'}
\ No newline at end of file
server/conf/xmpp_metronome_conf_global.master deleted 100644 → 0
View file @ 61b6df14
pidfile = "/var/run/metronome/metronome.pid";
metronome_max_files_soft = 200000;
metronome_max_files_hard = 300000;
plugin_paths = {
"/usr/lib/metronome/isp-modules",
};
use_libevent = true;
log = {
debug = "/var/log/metronome/metronome.dbg",
info = "/var/log/metronome/metronome.log",
error = "/var/log/metronome/metronome.err",
};
use_ipv6 = {tmpl_var name='ipv6'};
http_ports = {
{tmpl_var name='port_http'},
};
https_ports = {
{tmpl_var name='port_https'},
};
pastebin_ports = {
{tmpl_var name='port_pastebin'},
};
bosh_ports = {
{tmpl_var name='port_bosh'},
};
admins = {
{tmpl_var name='server_admins'}
};
modules_enabled = {
{tmpl_var name='modules_enabled'}
};
modules_disabled = {
};
bosh_max_inactivity = {tmpl_var name='bosh_timeout'};
consider_bosh_secure = true;
cross_domain_bosh = true;
allow_registration = true;
-- TODO generate ssl key during setup
ssl = {
key = "/etc/metronome/certs/localhost.key",
certificate = "/etc/metronome/certs/localhost.cert",
};
c2s_require_encryption = false;
s2s_secure = true;
s2s_insecure_domains = {
"gmail.com",
};
authentication = "internal_plain";
\ No newline at end of file
server/conf/xmpp_metronome_conf_host.master deleted 100644 → 0
View file @ 61b6df14
VirtualHost "{tmpl_var name='domain'}"
enabled = {tmpl_var name='active'};
authentication = "external";
external_auth_command = "/usr/lib/metronome/isp-modules/mod_auth_external/authenticate_isp.sh";
allow_registration = {tmpl_var name='public_registration'};
<tmpl_if name='registration_url' op='!=' value=''>
registration_url = "{tmpl_var name='registration_url'}";
registration_text = "{tmpl_var name='registration_message'}";
</tmpl_if>
no_registration_whitelist = true;
modules_enabled = {
"roster",
"private",
"vcard",
"privacy",
"pep",
<tmpl_if name='public_registration' op='==' value='true'>
"register",
<tmpl_elseif name='registration_url' op='!=' value=''>
"register_redirect",
</tmpl_if>
"admin_adhoc",
};
disco_items = {
<tmpl_if name='use_muc' op='==' value='true'>
{
"muc.{tmpl_var name='domain'}",
"{tmpl_var name='muc_name'}",
},
</tmpl_if>
<tmpl_if name='use_pubsub' op='==' value='true'>
{
"pubsub.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} Publish/Subscribe",
},
</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
{
"proxy.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} Bytestream Proxy",
},
</tmpl_if>
<tmpl_if name='use_vjud' op='==' value='true'>
{
"vjud.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} User Directory",
},
</tmpl_if>
};
admins = {
{tmpl_var name='domain_admins'}
};
<tmpl_if name='ssl_cert' op='==' value='true'>
ssl = {
key = "/etc/metronome/certs/{tmpl_var name='domain'}.key",
certificate = "/etc/metronome/certs/{tmpl_var name='domain'}.cert",
};
</tmpl_if>
<tmpl_if name='use_anon_host' op='==' value='true'>
VirtualHost "anon.{tmpl_var name='domain'}"
enabled = true;
authentication = "anonymous";
allow_anonymous_multiresourcing = true;
anonymous_jid_gentoken = "{tmpl_var name='domain'} Anonymous User";
admins = {
};
</tmpl_if>
<tmpl_if name='use_muc' op='==' value='true'>
Component "muc.{tmpl_var name='domain'}" "muc"
modules_enabled = {
"muc_limits",
"muc_log",
<tmpl_if name='use_archive' op='==' value='true'>
"muc_log_http",
</tmpl_if>
<tmpl_if name='use_pastebin' op='==' value='true'>
"pastebin",
</tmpl_if>
};
muc_event_rate = 0.7;
muc_burst_factor = 13;
muc_log_presences = false;
<tmpl_if name='use_archive' op='==' value='true'>
muc_log_http_config = {
show_join = {tmpl_var name='archive_join'},
show_status = {tmpl_var name='archive_status'},
theme = "metronome",
url_base = "logs",
};
</tmpl_if>
<tmpl_if name='use_pastebin' op='==' value='true'>
pastebin_path = "/pastes/";
pastebin_expire_after = {tmpl_var name='pastebin_expire'};
pastebin_trigger = "{tmpl_var name='pastebin_trigger'}";
</tmpl_if>
name = "{tmpl_var name='muc_name'}";
restrict_room_creation = "{tmpl_var name='muc_restrict_room_creation'}";
admins = {
{tmpl_var name='muc_admins'}
};
</tmpl_if>
<tmpl_if name='use_pubsub' op='==' value='true'>
Component "pubsub.{tmpl_var name='domain'}" "pubsub"
name = "{tmpl_var name='domain'} Publish/Subscribe";
unrestricted_node_creation = false;
</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
Component "proxy.{tmpl_var name='domain'}" "proxy65"
proxy65_acl = {
"{tmpl_var name='domain'}",
};
proxy65_interfaces = {
"*",
"::",
};
proxy65_ports = {
5000,
};
</tmpl_if>
<tmpl_if name='use_vjud' op='==' value='true'>
Component "vjud.{tmpl_var name='domain'}" "vjud"
ud_disco_name = "{tmpl_var name='domain'} User Directory";
synchronize_to_host_vcards = "{tmpl_var name='domain'}";
vjud_mode = "{tmpl_var name='vjud_opt_mode'}";
</tmpl_if>
\ No newline at end of file
server/conf/xmpp_metronome_conf_status.master deleted 100644 → 0
View file @ 61b6df14
Component "xmpp.{tmpl_var name='domain'}" "http"
modules_enabled = {
"server_status",
"webpresence"
};
server_status_basepath = "/xmppd/";
server_status_show_hosts = {
{tmpl_var name='status_hosts'}
};
server_status_show_comps = {
{tmpl_var name='status_comps'}
};
\ No newline at end of file
server/conf/xmpp_prosody_conf_global.master deleted 100644 → 0
View file @ 61b6df14
plugin_paths = {
"/usr/local/lib/prosody/modules",
};
use_libevent = true;
log = {
-- optional: uncomment debug log here
-- debug = "/var/log/prosody/prosody.dbg",
info = "/var/log/prosody/prosody.log",
error = "/var/log/prosody/prosody.err",
"syslog",
};
use_ipv6 = {tmpl_var name='ipv6'};
http_ports = {
{tmpl_var name='port_http'},
};
https_ports = {
{tmpl_var name='port_https'},
};
pastebin_ports = {
{tmpl_var name='port_pastebin'},
};
bosh_ports = {
{tmpl_var name='port_bosh'},
};
admins = {
{tmpl_var name='server_admins'}
};
modules_enabled = {
{tmpl_var name='modules_enabled'}
};
modules_disabled = {
};
allow_registration = false;
c2s_require_encryption = false;
s2s_require_encryption = true;
s2s_secure_auth = false;
s2s_insecure_domains = {
"gmail.com",
};
pidfile = "/var/run/prosody/prosody.pid";
authentication = "external";
archive_expires_after = "2w";
statistics = "internal";
certificates = "certs";
bosh_max_inactivity = {tmpl_var name='bosh_timeout'};
consider_bosh_secure = true;
cross_domain_bosh = true;
consider_websocket_secure = true;
ssl = {
key = "/etc/prosody/certs/localhost.key",
certificate = "/etc/prosody/certs/localhost.crt",
};
server/conf/xmpp_prosody_conf_host.master deleted 100644 → 0
View file @ 61b6df14
VirtualHost "{tmpl_var name='domain'}"
enabled = {tmpl_var name='active'};
authentication = "external";
external_auth_command = "/usr/local/lib/prosody/auth/authenticate_isp.sh";
allow_registration = {tmpl_var name='public_registration'};
<tmpl_if name='registration_url' op='!=' value=''>
registration_url = "{tmpl_var name='registration_url'}";
</tmpl_if>
<tmpl_if name='registration_message' op='!=' value=''>
registration_text = "{tmpl_var name='registration_message'}";
</tmpl_if>
no_registration_whitelist = true;
modules_enabled = {
"roster",
"private",
"vcard",
"blocklist",
"pep",
<tmpl_if name='public_registration' op='==' value='true'>
"register",
<tmpl_elseif name='registration_url' op='!=' value=''>
"register_redirect",
</tmpl_if>
"admin_adhoc",
"http",
<tmpl_if name='use_status_host' op='==' value='true'>
"server_status",
</tmpl_if>
<tmpl_if name='use_webpresence' op='==' value='true'>
"webpresence"
</tmpl_if>
};
disco_items = {
{
"{tmpl_var main_host}",
"HTTP File Upload",
},
<tmpl_if name='use_muc' op='==' value='true'>
{
"muc.{tmpl_var name='domain'}",
"{tmpl_var name='muc_name'}",
},
</tmpl_if>
<tmpl_if name='use_pubsub' op='==' value='true'>
{
"pubsub.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} Publish/Subscribe",
},
</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
{
"proxy.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} Bytestream Proxy",
},
</tmpl_if>
<tmpl_if name='use_vjud' op='==' value='true'>
{
"vjud.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} User Directory",
},
</tmpl_if>
};
admins = {
{tmpl_var name='domain_admins'}
};
<tmpl_if name='ssl_cert' op='==' value='true'>
ssl = {
key = "/etc/prosody/certs/{tmpl_var name='domain'}.key",
certificate = "/etc/prosody/certs/{tmpl_var name='domain'}.crt",
};
</tmpl_if>
http_host = 'xmpp.{tmpl_var name='domain'}';
<tmpl_if name='use_status_host' op='==' value='true'>
server_status_basepath = "/xmppd/";
server_status_json = true;
server_status_shown_hosts = {
"{tmpl_var name='domain'}",
<tmpl_if name='use_anon_host' op='==' value='true'>
"anon.fuermann.net",
</tmpl_if>
};
server_status_shown_comps = {
<tmpl_if name='use_pubsub' op='==' value='true'>
"pubsub.{tmpl_var name='domain'}",
</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
"proxy.{tmpl_var name='domain'}",
</tmpl_if>
<tmpl_if name='use_vjud' op='==' value='true'>
"vjud.{tmpl_var name='domain'}",
</tmpl_if>
<tmpl_if name='use_muc' op='==' value='true'>
"muc.{tmpl_var name='domain'}",
</tmpl_if>
}
</tmpl_if>
<tmpl_if name='use_muc' op='==' value='true'>
Component "muc.{tmpl_var name='domain'}" "muc"
modules_enabled = {
"muc_limits",
"muc_log",
<tmpl_if name='use_archive' op='==' value='true'>
"muc_log_http",
</tmpl_if>
<tmpl_if name='use_pastebin' op='==' value='true'>
"pastebin",
</tmpl_if>
};
muc_event_rate = 0.5;
muc_burst_factor = 8;
muc_log_presences = false;
<tmpl_if name='use_archive' op='==' value='true'>
muc_log_http = {
show_join = {tmpl_var name='archive_join'},
show_presence = {tmpl_var name='archive_join'},
show_status = {tmpl_var name='archive_status'},
theme = "prosody",
url_base = "logs",
};
</tmpl_if>
<tmpl_if name='use_pastebin' op='==' value='true'>
pastebin_threshold = 500;
pastebin_line_threshold = 4;
pastebin_expire_after = {tmpl_var name='pastebin_expire'};
pastebin_trigger = "{tmpl_var name='pastebin_trigger'}";
</tmpl_if>
name = "{tmpl_var name='muc_name'}";
restrict_room_creation = "{tmpl_var name='muc_restrict_room_creation'}";
max_history_messages = 20;
admins = {
{tmpl_var name='muc_admins'}
};
</tmpl_if>
<tmpl_if name='use_pubsub' op='==' value='true'>
Component "pubsub.{tmpl_var name='domain'}" "pubsub"
name = "{tmpl_var name='domain'} Publish/Subscribe";
</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
Component "proxy.{tmpl_var name='domain'}" "proxy65"
proxy65_acl = {
"{tmpl_var name='domain'}",
};
</tmpl_if>
<tmpl_if name='use_vjud' op='==' value='true'>
Component "vjud.{tmpl_var name='domain'}" "vjud"
ud_disco_name = "{tmpl_var name='domain'} User Directory";
vjud_mode = "{tmpl_var name='vjud_opt_mode'}";
</tmpl_if>
<tmpl_if name='use_anon_host' op='==' value='true'>
VirtualHost "anon.{tmpl_var name='domain'}"
enabled = true;
authentication = "anonymous";
allow_anonymous_multiresourcing = true;
anonymous_jid_gentoken = "{tmpl_var name='domain'} Anonymous User";
admins = {
};
</tmpl_if>
server/conf/xmpp_prosody_conf_status.master deleted 100644 → 0
View file @ 61b6df14
Component "xmpp.{tmpl_var name='domain'}" "http"
modules_enabled = {
<tmpl_if name='use_status_host' op='==' value='true'>
"server_status",
</tmpl_if>
<tmpl_if name='use_webpresence' op='==' value='true'>
"webpresence",
</tmpl_if>
};
<tmpl_if name='use_status_host' op='==' value='true'>
server_status_basepath = "/xmppd/";
server_status_json = true;
server_status_show_hosts = {
{tmpl_var name='status_hosts'}
};
server_status_show_comps = {
{tmpl_var name='status_comps'}
};
</tmpl_if>
\ No newline at end of file
server/cron.php
View file @ 2f21ecee
......@@ -32,12 +32,21 @@ define('SCRIPT_PATH', dirname($_SERVER["SCRIPT_FILENAME"]));
require SCRIPT_PATH."/lib/config.inc.php";
// Check whether another instance of this script is already running
if (is_file($conf['temppath'] . $conf['fs_div'] . '.ispconfig_cron_lock')) {
$lockFile = $conf['temppath'] . $conf['fs_div'] . '.ispconfig_cron_lock';
if (is_file($lockFile)) {
clearstatcache();
$pid = trim(file_get_contents($conf['temppath'] . $conf['fs_div'] . '.ispconfig_cron_lock'));
// Maybe we hit a deadlock and the lock file is no longer relevant
if(filemtime($lockFile) > time() - 86400) { // 86400 seconds = 1 day
if($conf['log_priority'] <= LOGLEVEL_WARN) print @date('d.m.Y-H:i').' - WARNING - The cron lock file is older than one day.' . "\n";
exit;
}
// Check if the process id we have in the lock file is still present
$pid = trim(file_get_contents($lockFile));
if(preg_match('/^[0-9]+$/', $pid)) {
if(file_exists('/proc/' . $pid)) {
if($conf['log_priority'] <= LOGLEVEL_WARN) print @date('d.m.Y-H:i').' - WARNING - There is already an instance of server.php running with pid ' . $pid . '.' . "\n";
if($conf['log_priority'] <= LOGLEVEL_WARN) print @date('d.m.Y-H:i').' - WARNING - There is already an instance of cron.php running with pid ' . $pid . '.' . "\n";
exit;
}
}
......@@ -45,7 +54,7 @@ if (is_file($conf['temppath'] . $conf['fs_div'] . '.ispconfig_cron_lock')) {
}
// Set Lockfile
@file_put_contents($conf['temppath'] . $conf['fs_div'] . '.ispconfig_cron_lock', getmypid());
@file_put_contents($lockFile, getmypid());
if($conf['log_priority'] <= LOGLEVEL_DEBUG) print 'Set Lock: ' . $conf['temppath'] . $conf['fs_div'] . '.ispconfig_cron_lock' . "\n";
......
server/cron.sh
View file @ 2f21ecee
#!/bin/bash
#!/usr/bin/env bash
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
......
server/lib/app.inc.php
View file @ 2f21ecee
......@@ -43,7 +43,11 @@ class app {
if($conf['start_db'] == true) {
$this->load('db_'.$conf['db_type']);
$this->db = new db;
try {
$this->db = new db;
} catch (Exception $e) {
$this->db = false;
}
/*
Initialize the connection to the master DB,
......@@ -51,7 +55,11 @@ class app {
*/
if($conf['dbmaster_host'] != '' && ($conf['dbmaster_host'] != $conf['db_host'] || ($conf['dbmaster_host'] == $conf['db_host'] && $conf['dbmaster_database'] != $conf['db_database']))) {
$this->dbmaster = new db($conf['dbmaster_host'], $conf['dbmaster_user'], $conf['dbmaster_password'], $conf['dbmaster_database'], $conf['dbmaster_port'], $conf['dbmaster_client_flags']);
try {
$this->dbmaster = new db($conf['dbmaster_host'], $conf['dbmaster_user'], $conf['dbmaster_password'], $conf['dbmaster_database'], $conf['dbmaster_port'], $conf['dbmaster_client_flags']);
} catch (Exception $e) {
$this->dbmaster = false;
}
} else {
$this->dbmaster = $this->db;
}
......@@ -61,6 +69,14 @@ class app {
}
public function __get($prop) {
if(property_exists($this, $prop)) return $this->{$prop};
$this->uses($prop);
if(property_exists($this, $prop)) return $this->{$prop};
else return null;
}
function setCaller($caller) {
$this->_calling_script = $caller;
}
......
server/lib/classes/addon_installer.inc.php 0 → 100644
View file @ 2f21ecee
<?php
/**
* addon installer
*
* @author Marius Burkard
*/
class addon_installer {
private function extractPackage($package_file) {
global $app;
$ret = null;
$retval = 0;
$app->log('Extracting addon package ' . $package_file, 0, false);
$cmd = 'which unzip';
$tmp = explode("\n", exec($cmd, $ret, $retval));
if($retval != 0) {
$app->log('The unzip command was not found on the server.', 2, false);
throw new AddonInstallerException('unzip tool not found.');
}
$unzip = reset($tmp);
unset($tmp);
if(!$unzip) {
$app->log('Unzip tool was not found.', 2, false);
throw new AddonInstallerException('unzip tool not found.');
}
$temp_dir = $app->system->tempdir(sys_get_temp_dir(), 'addon_', 0700);
if(!$temp_dir) {
$app->log('Could not create the temp dir.', 2, false);
throw new AddonInstallerException('Could not create temp dir.');
}
$ret = null;
$retval = 0;
$cmd = $unzip . ' -d ' . escapeshellarg($temp_dir) . ' ' . escapeshellarg($package_file);
exec($cmd, $ret, $retval);
if($retval != 0) {
$app->log('Package extraction failed.', 2, false);
throw new AddonInstallerException('Package extraction failed.');
}
$app->log('Extracted to ' . $temp_dir, 0, false);
return $temp_dir;
}
/**
* @param string $path
* @return string
* @throws AddonInstallerValidationException
*/
private function validatePackage($path) {
global $app;
$app->log('Validating extracted addon at ' . $path, 0, false);
if(!is_dir($path)) {
$app->log('Invalid path.', 2, false);
throw new AddonInstallerValidationException('Invalid path.');
}
$ini_file = $path . '/addon.ini';
if(!is_file($ini_file)) {
$app->log('Addon ini file missing.', 2, false);
throw new AddonInstallerValidationException('Addon ini file missing.');
}
$app->log('Parsing ini ' . $ini_file, 0, false);
$ini = parse_ini_file($ini_file, true);
if(!$ini || !isset($ini['addon'])) {
$app->log('Ini file could not be read.', 2, false);
throw new AddonInstallerValidationException('Ini file is missing addon section.');
}
$addon = $ini['addon'];
if(!isset($addon['ident']) || !isset($addon['name']) || !isset($addon['version'])) {
$app->log('Addon data in ini file missing or invalid.', 2, false);
throw new AddonInstallerValidationException('Ini file is missing addon ident/name/version.');
}
$class_file = $path . '/' . $addon['ident'] . '.addon.php';
if(!is_file($class_file)) {
$app->log('Base class file in addon not found', 2, false);
throw new AddonInstallerValidationException('Package is missing main addon class.');
}
if(isset($ini['ispconfig']['version.min']) && $ini['ispconfig']['version.min'] && version_compare($ini['ispconfig']['version.min'], ISPC_APP_VERSION, '>')) {
$app->log('ISPConfig version too low for this addon.', 2, false);
throw new AddonInstallerValidationException('Addon requires at least ISPConfig version ' . $ini['ispconfig']['version.min'] . '.');
} elseif(isset($ini['ispconfig']['version.max']) && $ini['ispconfig']['version.max'] && version_compare($ini['ispconfig']['version.min'], ISPC_APP_VERSION, '<')) {
$app->log('ISPConfig version too high for this addon.', 2, false);
throw new AddonInstallerValidationException('Addon allows at max ISPConfig version ' . $ini['ispconfig']['version.max'] . '.');
}
$app->log('Loaded addon installer ' . $class_file, 0, false);
$addon['class_file'] = $class_file;
$addon['class_name'] = substr(basename($class_file), 0, -10) . '_addon_installer';
return $addon;
}
private function getInstalledAddonVersion($ident) {
global $app, $conf;
$file_version = false;
$db_version = false;
$addon_path = realpath($conf['rootpath'] . '/..') . '/addons';
// check for previous version
if(is_dir($addon_path . '/' . $ident) && is_file($addon_path . '/' . $ident . '/addon.ini')) {
$addon = parse_ini_file($addon_path . '/' . $ident . '/addon.ini', true);
if($addon && isset($addon['addon'])) {
$addon = $addon['addon']; // ini section
} else {
$addon = false;
}
if(!$addon || !isset($addon['version']) || !isset($addon['ident']) || $addon['ident'] != $ident) {
$app->log('Could not get version of installed addon.', 2, false);
throw new AddonInstallerException('Installed app ' . $ident . ' found but it is invalid.');
}
$file_version = $addon['version'];
$app->log('Installed version of addon ' . $ident . ' is ' . $file_version, 0, false);
}
$check = $app->db->queryOneRecord('SELECT `addon_version` FROM `addons` WHERE `addon_ident` = ?', $ident);
if($check && $check['addon_version']) {
$db_version = $check['addon_version'];
$app->log('Installed version of addon ' . $ident . ' (in db) is ' . $db_version . '.', 0, false);
}
if(!$file_version && !$db_version) {
return false;
} elseif($file_version != $db_version) {
$app->log('Version mismatch between ini file and database (' . $file_version . ' != ' . $db_version . ').', 0, false);
throw new AddonInstallerException('Addon version mismatch in database (' . $db_version . ') and file system (' . $file_version . ').');
}
return $file_version;
}
/**
* @param string $package_file Full path
* @param boolean $force true if previous addon with same or higher version should be overwritten
* @throws AddonInstallerException
* @throws AddonInstallerValidationException
*/
public function installAddon($package_file, $force = false) {
global $app;
$app->load('ispconfig_addon_installer_base');
if(!is_file($package_file)) {
$app->log('Package file not found: ' . $package_file, 2, false);
throw new AddonInstallerException('Package file not found.');
} elseif(substr($package_file, -4) !== '.pkg') {
$app->log('Invalid package file: ' . $package_file, 2, false);
throw new AddonInstallerException('Invalid package file.');
}
$tmp_dir = $this->extractPackage($package_file);
if(!$tmp_dir) {
// extracting failed
$app->log('Package extraction failed.', 2, false);
throw new AddonInstallerException('Package extraction failed.');
}
$addon = $this->validatePackage($tmp_dir);
if(!$addon) {
throw new AddonInstallerException('Package validation failed.');
}
$app->log('Package validated.', 0, false);
$is_update = false;
$previous = $this->getInstalledAddonVersion($addon['ident']);
if($previous !== false) {
// this is an update
if(version_compare($previous, $addon['version'], '>') && $force !== true) {
$app->log('Installed version is newer than the one to install and --force not used.', 2, false);
throw new AddonInstallerException('Installed version is newer than the one to install.');
} elseif(version_compare($previous, $addon['version'], '=') && $force !== true) {
$app->log('Installed version is the same as the one to install and --force not used.', 2, false);
throw new AddonInstallerException('Installed version is the same as the one to install.');
}
$is_update = true;
}
$app->log('Including package class file ' . $addon['class_file'], 0, false);
include $addon['class_file'];
$class_name = $addon['class_name'];
if(!class_exists($class_name)) {
$app->log('Class name ' . $class_name . ' not found in class file ' . $addon['class_file'], 2, false);
throw new AddonInstallerException('Could not find main class in addon file.');
}
/* @var $inst ispconfig_addon_installer_base */
$app->log('Instanciating installer class ' . $class_name, 0, false);
$inst = new $class_name();
$inst->setAddonName($addon['name']);
$inst->setAddonIdent($addon['ident']);
$inst->setAddonVersion($addon['version']);
$inst->setAddonTempDir($tmp_dir);
if($is_update === true) {
$inst->onBeforeUpdate();
$inst->onUpdate();
$inst->onAfterUpdate();
} else {
$inst->onBeforeInstall();
$inst->onInstall();
$inst->onAfterInstall();
}
exec('rm -rf ' . escapeshellarg($tmp_dir));
$app->log('Installation completed.', 0, false);
return true;
}
}
server/lib/classes/cron.d/100-monitor_database_size.inc.php
View file @ 2f21ecee
......@@ -95,12 +95,12 @@ class cronjob_monitor_database_size extends cronjob {
if(!is_numeric($quota)) continue;
if($quota < 1 || $quota > $data[$i]['size']) {
print $rec['database_name'] . ' does not exceed quota qize: ' . $quota . ' > ' . $data[$i]['size'] . "\n";
print 'database ' . $rec['database_name'] . ' size does not exceed quota: ' . ($quota < 1 ? 'unlimited' : $quota) . ' (quota) > ' . $data[$i]['size'] . " (used)\n";
if($rec['quota_exceeded'] == 'y') {
$app->dbmaster->datalogUpdate('web_database', array('quota_exceeded' => 'n'), 'database_id', $rec['database_id']);
}
} elseif($rec['quota_exceeded'] == 'n') {
print $rec['database_name'] . ' exceeds quota qize: ' . $quota . ' < ' . $data[$i]['size'] . "\n";
print 'database ' . $rec['database_name'] . ' size exceeds quota: ' . $quota . ' (quota) < ' . $data[$i]['size'] . " (used)\n";
$app->dbmaster->datalogUpdate('web_database', array('quota_exceeded' => 'y'), 'database_id', $rec['database_id']);
}
}
......