vhost quota not correctly pointing to document root (DF -T) (fixes #3984)

Pascal Dreissen

2016-07-08 a481a62a13c241df0b3269f7f915789f4451d51b

 server/conf/vhost.conf.master

@@ -1,3 +1,4 @@
<tmpl_hook name='apache2_vhost:header'>

<Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}>
      AllowOverride None
@@ -9,8 +10,9 @@
      </tmpl_if>
</Directory>

<tmpl_loop name="vhosts">
<tmpl_loop name='vhosts'>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
<tmpl_hook name='apache2_vhost:vhost_header'>
<tmpl_if name='php' op='==' value='suphp'>
      DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
@@ -20,7 +22,11 @@
      <tmpl_if name='php' op='==' value='php-fpm'>
      DocumentRoot <tmpl_var name='web_document_root'>
      </tmpl_else>
      DocumentRoot <tmpl_var name='web_document_root_www'>
         <tmpl_if name='php' op='==' value='hhvm'>
         DocumentRoot <tmpl_var name='web_document_root'>
         </tmpl_else>
         DocumentRoot <tmpl_var name='web_document_root_www'>
         </tmpl_if>
      </tmpl_if>
   </tmpl_if>
</tmpl_if>
@@ -47,16 +53,33 @@

      <IfModule mod_ssl.c>
<tmpl_if name='ssl_enabled'>
   SSLEngine on
      SSLEngine on
      SSLProtocol All -SSLv2 -SSLv3
      SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
      SSLHonorCipherOrder     on
      # <IfModule mod_headers.c>
      # Header always add Strict-Transport-Security "max-age=15768000"
      # </IfModule>
      SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
      SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
<tmpl_if name='has_bundle_cert'>
      SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
      <tmpl_if name='apache_version' op='<' value='2.4.8' format='version'>
      SSLCertificateChainFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
      </tmpl_if>
      <tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
      SSLUseStapling on
      SSLStaplingResponderTimeout 5
      SSLStaplingReturnResponderErrors off
      </tmpl_if>
</tmpl_if>
</tmpl_if>
      </IfModule>

      <Directory {tmpl_var name='web_document_root_www'}>
            # Clear PHP settings of this website
            <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                  SetHandler None
            </FilesMatch>
            Options +FollowSymLinks
            AllowOverride <tmpl_var name='allow_override'>
            <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
@@ -85,6 +108,10 @@
</tmpl_if>
      </Directory>
      <Directory {tmpl_var name='web_document_root'}>
            # Clear PHP settings of this website
            <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                  SetHandler None
            </FilesMatch>
            Options +FollowSymLinks
            AllowOverride <tmpl_var name='allow_override'>
            <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
@@ -156,7 +183,9 @@
<tmpl_if name='python' op='==' value='y'>
      <IfModule mod_python.c>
         <Directory {tmpl_var name='web_document_root_www'}>
            AddHandler mod_python .py
            <FilesMatch "\.py$">
               SetHandler mod_python
            </FilesMatch>
            PythonHandler mod_python.publisher
            PythonDebug On
         </Directory>
@@ -174,8 +203,9 @@
         </tmpl_if>
      </Directory>
      ScriptAlias  /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
      AddHandler cgi-script .cgi
      AddHandler cgi-script .pl
      <FilesMatch "\.(cgi|pl)$">
         SetHandler cgi-script
      </FilesMatch>
</tmpl_if>
<tmpl_if name='suexec' op='==' value='y'>
      # suexec enabled
@@ -183,13 +213,12 @@
         SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
      </IfModule>
</tmpl_if>
      # Clear PHP settings of this website
      <FilesMatch ".+\.ph(p[345]?|t|tml)$">
            SetHandler None
      </FilesMatch>
<tmpl_if name='php' op='==' value='mod'>
      # mod_php enabled
      AddType application/x-httpd-php .php .php3 .php4 .php5
      SetEnv TMP <tmpl_var name='document_root'>/tmp
      SetEnv TMPDIR <tmpl_var name='document_root'>/tmp
      SetEnv TEMP <tmpl_var name='document_root'>/tmp
      php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
      php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
      php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
@@ -202,13 +231,15 @@
      # suphp enabled
      <Directory {tmpl_var name='web_document_root'}>
      <IfModule mod_suphp.c>
            suPHP_Engine on
            # suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
         suPHP_Engine on
         # suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
<tmpl_if name='has_custom_php_ini'>
   suPHP_ConfigPath <tmpl_var name='custom_php_ini_dir'>
</tmpl_if>
            AddHandler x-httpd-suphp .php .php3 .php4 .php5
            suPHP_AddHandler x-httpd-suphp
         <FilesMatch "\.php[345]?$">
            SetHandler x-httpd-suphp
         </FilesMatch>
         suPHP_AddHandler x-httpd-suphp
      </IfModule>
      </Directory>
</tmpl_if>
@@ -216,7 +247,16 @@
      # php as cgi enabled
      ScriptAlias /php5-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
      Action php5-cgi /php5-cgi
      AddHandler php5-cgi .php .php3 .php4 .php5
      <Directory {tmpl_var name='web_document_root_www'}>
         <FilesMatch "\.php[345]?$">
            SetHandler php5-cgi
         </FilesMatch>
      </Directory>
      <Directory {tmpl_var name='web_document_root'}>
         <FilesMatch "\.php[345]?$">
            SetHandler php5-cgi
         </FilesMatch>
      </Directory>
      <Directory {tmpl_var name='cgi_starter_path'}>
         <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
         Require all granted
@@ -246,14 +286,16 @@
            ProcessLifeTime 3600
            # MaxProcessCount 1000
            DefaultMinClassProcessCount 0
            DefaultMaxClassProcessCount 100
            DefaultMaxClassProcessCount 10
            IPCConnectTimeout 3
            IPCCommTimeout 600
            BusyTimeout 3600
</tmpl_if>
      </IfModule>
      <Directory {tmpl_var name='web_document_root_www'}>
            AddHandler fcgid-script .php .php3 .php4 .php5
            <FilesMatch "\.php[345]?$">
               SetHandler fcgid-script
            </FilesMatch>
            FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
            FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php3
            FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php4
@@ -268,7 +310,9 @@
            </tmpl_if>
      </Directory>
      <Directory {tmpl_var name='web_document_root'}>
            AddHandler fcgid-script .php .php3 .php4 .php5
            <FilesMatch "\.php[345]?$">
               SetHandler fcgid-script
            </FilesMatch>
            FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
            FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php3
            FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php4
@@ -293,37 +337,103 @@
               Allow from all
               </tmpl_if>
             </Directory>
                AddHandler php5-fcgi .php .php3 .php4 .php5
                Action php5-fcgi /php5-fcgi
            <Directory {tmpl_var name='web_document_root_www'}>
               <FilesMatch "\.php[345]?$">
                  SetHandler php5-fcgi
               </FilesMatch>
            </Directory>
            <Directory {tmpl_var name='web_document_root'}>
               <FilesMatch "\.php[345]?$">
                  SetHandler php5-fcgi
               </FilesMatch>
            </Directory>
                Action php5-fcgi /php5-fcgi virtual
            Alias /php5-fcgi {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
<tmpl_if name='use_tcp'>
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization             
</tmpl_if>
<tmpl_if name='use_socket'>
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization
</tmpl_if>
      </IfModule>
      <IfModule mod_proxy_fcgi.c>
<tmpl_if name='use_tcp'>
         ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1
</tmpl_if>
<tmpl_if name='use_socket'>
         ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix://<tmpl_var name='fpm_socket'>|fcgi://localhost/<tmpl_var name='web_document_root'>/$1
</tmpl_if>
         </IfModule>
</tmpl_if>

<tmpl_if name='php' op='==' value='hhvm'>
      <IfModule mod_fastcgi.c>
            <Directory {tmpl_var name='document_root'}/cgi-bin>
               <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
               Require all granted
               <tmpl_else>
               Order allow,deny
               Allow from all
               </tmpl_if>
             </Directory>
            <Directory {tmpl_var name='web_document_root_www'}>
               <FilesMatch "\.php[345]?$">
                  SetHandler hhvm-fcgi
               </FilesMatch>
               <FilesMatch "\.hh$">
                  SetHandler hhvm-fcgi
               </FilesMatch>
            </Directory>
            <Directory {tmpl_var name='web_document_root'}>
               <FilesMatch "\.php[345]?$">
                  SetHandler hhvm-fcgi
               </FilesMatch>
               <FilesMatch "\.hh$">
                  SetHandler hhvm-fcgi
               </FilesMatch>
            </Directory>
                Action hhvm-fcgi /hhvm-fcgi virtual
            Alias /hhvm-fcgi {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket /var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock -pass-header Authorization
      </IfModule>
</tmpl_if>

<tmpl_if name="rewrite_enabled">
      RewriteEngine on
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
      RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
      RewriteRule ^ - [END]
</tmpl_if>
<tmpl_if name='seo_redirect_enabled'>
      RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,L]
      <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/</tmpl_if>
      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,NE,L]
</tmpl_if>
<tmpl_loop name="alias_seo_redirects">
      RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC]
      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,L]
      <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/</tmpl_if>
      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,NE,L]
</tmpl_loop>
<tmpl_loop name="redirects">
      RewriteCond %{HTTP_HOST}   <tmpl_var name='rewrite_domain'>$ [NC]
      <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/</tmpl_if>
<tmpl_if name="rewrite_is_url" op="==" value="n">
      RewriteCond %{REQUEST_URI} !^/webdav/
      RewriteCond %{REQUEST_URI} !^/php5-fcgi/
      RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'>
</tmpl_if>
		
      RewriteRule   ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if>  <tmpl_var name='rewrite_type'>
	
</tmpl_loop>
<tmpl_if name='ssl_enabled'>
<tmpl_else>
<tmpl_if name='rewrite_to_https' op='==' value='y'>
        RewriteCond %{HTTPS} off
        <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/</tmpl_if>
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</tmpl_if>
</tmpl_if>
</tmpl_if>

      # add support for apache mpm_itk
@@ -350,5 +460,17 @@
      </IfModule>

<tmpl_var name='apache_directives'>
<tmpl_hook name='apache2_vhost:vhost_footer'>
</VirtualHost>

<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
<tmpl_if name='ssl_enabled'>
<IfModule mod_ssl.c>
        SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>
</tmpl_if>
</tmpl_if>

</tmpl_loop>

<tmpl_hook name='apache2_vhost:footer'>