gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -118,12 +118,12 @@
			if(is_installed('mysql') \|\| is_installed('mysqld')) $conf['mysql']['installed'] = true;
			if(is_installed('postfix')) $conf['postfix']['installed'] = true;
			if(is_installed('mailman')) $conf['mailman']['installed'] = true;
			if(is_installed('apache') \|\| is_installed('apache2') \|\| is_installed('httpd')) $conf['apache']['installed'] = true;
			if(is_installed('apache') \|\| is_installed('apache2') \|\| is_installed('httpd') \|\| is_installed('httpd2')) $conf['apache']['installed'] = true;
			if(is_installed('getmail')) $conf['getmail']['installed'] = true;
			if(is_installed('courierlogger')) $conf['courier']['installed'] = true;
			if(is_installed('dovecot')) $conf['dovecot']['installed'] = true;
			if(is_installed('saslauthd')) $conf['saslauthd']['installed'] = true;
			if(is_installed('amavisd-new')) $conf['amavis']['installed'] = true;
			if(is_installed('amavisd-new') \|\| is_installed('amavisd')) $conf['amavis']['installed'] = true;
			if(is_installed('clamdscan')) $conf['clamav']['installed'] = true;
			if(is_installed('pure-ftpd') \|\| is_installed('pure-ftpd-wrapper')) $conf['pureftpd']['installed'] = true;
			if(is_installed('mydns') \|\| is_installed('mydns-ng')) $conf['mydns']['installed'] = true;
			@@ -132,11 +132,12 @@
			if(is_installed('named') \|\| is_installed('bind') \|\| is_installed('bind9')) $conf['bind']['installed'] = true;
			if(is_installed('squid')) $conf['squid']['installed'] = true;
			if(is_installed('nginx')) $conf['nginx']['installed'] = true;
			if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
			// if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
			if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
			if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
			if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;

			if ($conf['services']['web'] && $conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) $this->ispconfig_interface_installed = true;
			if ($conf['services']['web'] && (($conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) \|\| ($conf['nginx']['installed'] && is_file($conf['nginx']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")))) $this->ispconfig_interface_installed = true;
			}

			/** Create the database for ISPConfig */
			@@ -233,17 +234,18 @@
			$tpl_ini_array['dns']['named_conf_path'] = $conf['bind']['named_conf_path'];
			$tpl_ini_array['dns']['named_conf_local_path'] = $conf['bind']['named_conf_local_path'];

			$tpl_ini_array['web']['nginx_vhost_conf_dir'] = $conf['nginx']['vhost_conf_dir'];
			$tpl_ini_array['web']['nginx_vhost_conf_enabled_dir'] = $conf['nginx']['vhost_conf_enabled_dir'];
			$tpl_ini_array['web']['nginx_user'] = $conf['nginx']['user'];
			$tpl_ini_array['web']['nginx_group'] = $conf['nginx']['group'];
			$tpl_ini_array['web']['nginx_cgi_socket'] = $conf['nginx']['cgi_socket'];
			$tpl_ini_array['web']['php_fpm_init_script'] = $conf['nginx']['php_fpm_init_script'];
			$tpl_ini_array['web']['php_fpm_ini_path'] = $conf['nginx']['php_fpm_ini_path'];
			$tpl_ini_array['web']['php_fpm_pool_dir'] = $conf['nginx']['php_fpm_pool_dir'];
			$tpl_ini_array['web']['php_fpm_start_port'] = $conf['nginx']['php_fpm_start_port'];
			$tpl_ini_array['web']['php_fpm_socket_dir'] = $conf['nginx']['php_fpm_socket_dir'];

			if ($conf['nginx']['installed'] == true) {
			$tpl_ini_array['web']['nginx_vhost_conf_dir'] = $conf['nginx']['vhost_conf_dir'];
			$tpl_ini_array['web']['nginx_vhost_conf_enabled_dir'] = $conf['nginx']['vhost_conf_enabled_dir'];
			$tpl_ini_array['web']['nginx_user'] = $conf['nginx']['user'];
			$tpl_ini_array['web']['nginx_group'] = $conf['nginx']['group'];
			$tpl_ini_array['web']['nginx_cgi_socket'] = $conf['nginx']['cgi_socket'];
			$tpl_ini_array['web']['php_fpm_init_script'] = $conf['nginx']['php_fpm_init_script'];
			$tpl_ini_array['web']['php_fpm_ini_path'] = $conf['nginx']['php_fpm_ini_path'];
			$tpl_ini_array['web']['php_fpm_pool_dir'] = $conf['nginx']['php_fpm_pool_dir'];
			$tpl_ini_array['web']['php_fpm_start_port'] = $conf['nginx']['php_fpm_start_port'];
			$tpl_ini_array['web']['php_fpm_socket_dir'] = $conf['nginx']['php_fpm_socket_dir'];
			$tpl_ini_array['web']['server_type'] = 'nginx';
			$tpl_ini_array['global']['webserver'] = 'nginx';
			}
			@@ -262,9 +264,9 @@
			$dns_server_enabled = ($conf['services']['dns'])?1:0;
			$file_server_enabled = ($conf['services']['file'])?1:0;
			$db_server_enabled = ($conf['services']['db'])?1:0;
			$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
			$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
			$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
			$vserver_server_enabled = ($conf['openvz']['installed'])?1:0;
			$proxy_server_enabled = (isset($conf['services']['proxy']) && $conf['services']['proxy'])?1:0;
			$firewall_server_enabled = (isset($conf['services']['firewall']) && $conf['services']['firewall'])?1:0;

			//** Get the database version number based on the patchfiles
			$found = true;
			@@ -512,6 +514,10 @@
			copy('tpl/'.$jk_init.'.master', $config_dir.'/'.$jk_init);
			copy('tpl/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh);
			}

			//* help jailkit fo find its ini files
			if(!is_link('/usr/jk_socketd.ini')) exec('ln -s /etc/jailkit/jk_socketd.ini /usr/jk_socketd.ini');
			if(!is_link('/usr/jk_init.ini')) exec('ln -s /etc/jailkit/jk_init.ini /usr/jk_init.ini');

			}

			@@ -623,6 +629,21 @@
			$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
			if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
			$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
			unset($server_ini_rec);

			//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
			$rbl_list = '';
			if ($server_ini_array['mail']['realtime_blackhole_list'] != '') {
			$rbl_hosts = explode(",",str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
			foreach ($rbl_hosts as $key => $value) {
			$rbl_list .= ", reject_rbl_client ". $value;
			}
			}
			unset($rbl_hosts);
			unset($server_ini_array);

			$postconf_commands = array (
			'myhostname = '.$conf['hostname'],
			'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
			@@ -639,7 +660,7 @@
			'smtpd_sasl_auth_enable = yes',
			'broken_sasl_auth_clients = yes',
			'smtpd_sasl_authenticated_header = yes',
			'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:'.$config_dir.'/mysql-virtual_recipient.cf, reject_unauth_destination',
			'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:'.$config_dir.'/mysql-virtual_recipient.cf, reject_unauth_destination'. $rbl_list,
			'smtpd_use_tls = yes',
			'smtpd_tls_security_level = may',
			'smtpd_tls_cert_file = '.$config_dir.'/smtpd.cert',
			@@ -669,9 +690,9 @@

			//* Create the mailman files
			exec('mkdir -p /var/lib/mailman/data');
			touch('/var/lib/mailman/data/aliases');
			exec('postmap /var/lib/mailman/data/aliases');
			touch('/var/lib/mailman/data/virtual-mailman');
			if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
			exec('postalias /var/lib/mailman/data/aliases');
			if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
			exec('postmap /var/lib/mailman/data/virtual-mailman');

			//* Make a backup copy of the main.cf file
			@@ -886,7 +907,7 @@
			if(is_file($config_dir.'/'.$configfile)) {
			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
			}
			chmod($config_dir.'/'.$configfile.'~', 0400);
			if(is_file($config_dir.'/'.$configfile.'~')) chmod($config_dir.'/'.$configfile.'~', 0400);
			$content = rf('tpl/debian_dovecot-sql.conf.master');
			$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
			$content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
			@@ -923,12 +944,7 @@
			$postconf_commands = array ();

			// Check for amavisd -> pure webserver with postfix for mailing without antispam
			// Check for different names
			system('which amavisd-new', $retval); // Debian, Ubuntu, ?
			if ($retval !== 0){
			system('which amavisd', $retval); // CentOS
			}
			if ($retval === 0) {
			if ($conf['amavis']['installed']) {
			$postconf_commands[] = 'content_filter = amavis:[127.0.0.1]:10024';
			$postconf_commands[] = 'receive_override_options = no_address_mappings';
			}
			@@ -1259,6 +1275,10 @@
			*/
			}

			public function configure_fail2ban() {
			// To Do
			}

			public function configure_squid()
			{
			global $conf;
			@@ -1278,6 +1298,7 @@
			exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
			}

			/*
			public function configure_ufw_firewall()
			{
			$configfile = 'ufw.conf';
			@@ -1287,6 +1308,7 @@
			exec('chmod 600 /etc/ufw/ufw.conf');
			exec('chown root:root /etc/ufw/ufw.conf');
			}
			*/

			public function configure_firewall() {
			global $conf;
			@@ -1393,7 +1415,11 @@
			$command = 'adduser '.$conf['apache']['user'].' '.$apps_vhost_group;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			if(!@is_dir($install_dir)) mkdir($install_dir, 0755, true);
			if(!@is_dir($install_dir)){
			mkdir($install_dir, 0755, true);
			} else {
			chmod($install_dir, 0755);
			}
			chown($install_dir, $apps_vhost_user);
			chgrp($install_dir, $apps_vhost_group);

			@@ -1452,7 +1478,11 @@
			$command = 'adduser '.$conf['nginx']['user'].' '.$apps_vhost_group;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			if(!@is_dir($install_dir)) mkdir($install_dir, 0755, true);
			if(!@is_dir($install_dir)){
			mkdir($install_dir, 0755, true);
			} else {
			chmod($install_dir, 0755);
			}
			chown($install_dir, $apps_vhost_user);
			chgrp($install_dir, $apps_vhost_group);

			@@ -1469,20 +1499,29 @@
			} else {
			$apps_vhost_ip = $conf['web']['apps_vhost_ip'].':';
			}

			$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
			if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
			if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
			$fpm_socket = $socket_dir.'apps.sock';
			$cgi_socket = escapeshellcmd($conf['nginx']['cgi_socket']);

			$content = str_replace('{apps_vhost_ip}', $apps_vhost_ip, $content);
			$content = str_replace('{apps_vhost_port}', $conf['web']['apps_vhost_port'], $content);
			$content = str_replace('{apps_vhost_dir}', $conf['web']['website_basedir'].'/apps', $content);
			$content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content);
			$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
			//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
			$content = str_replace('{fpm_socket}', $fpm_socket, $content);
			$content = str_replace('{cgi_socket}', $cgi_socket, $content);

			wf($vhost_conf_dir.'/apps.vhost', $content);

			// PHP-FPM
			// Dont just copy over the php-fpm pool template but add some custom settings
			$content = rf('tpl/php_fpm_pool.conf.master');
			$content = rf('tpl/apps_php_fpm_pool.conf.master');
			$content = str_replace('{fpm_pool}', 'apps', $content);
			$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
			//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
			$content = str_replace('{fpm_socket}', $fpm_socket, $content);
			$content = str_replace('{fpm_user}', $apps_vhost_user, $content);
			$content = str_replace('{fpm_group}', $apps_vhost_group, $content);
			wf($conf['nginx']['php_fpm_pool_dir'].'/apps.conf', $content);
			@@ -1665,13 +1704,9 @@
			$dns_server_enabled = ($conf['services']['dns'])?1:0;
			$file_server_enabled = ($conf['services']['file'])?1:0;
			$db_server_enabled = ($conf['services']['db'])?1:0;
			$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
			$vserver_server_enabled = ($conf['openvz']['installed'])?1:0;
			$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
			$firewall_server_enabled = ($conf['services']['firewall'])?1:0;





			$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled' WHERE server_id = ".intval($conf['server_id']);

			@@ -1727,12 +1762,32 @@
			chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
			chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
			}

			if(is_file($install_dir.'/interface/invoices')) {
			chmod($install_dir.'/interface/invoices', 0770);
			chown($install_dir.'/interface/invoices', 'ispconfig');
			chgrp($install_dir.'/interface/invoices', 'ispconfig');
			}

			// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
			// and must be fixed as this will allow the apache user to read the ispconfig files.
			// Later this must run as own apache server or via suexec!
			$command = 'adduser www-data ispconfig';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			if($conf['apache']['installed'] == true){
			$command = 'adduser '.$conf['apache']['user'].' ispconfig';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			if(is_group('ispapps')){
			$command = 'adduser '.$conf['apache']['user'].' ispapps';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			}
			}
			if($conf['nginx']['installed'] == true){
			$command = 'adduser '.$conf['nginx']['user'].' ispconfig';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			if(is_group('ispapps')){
			$command = 'adduser '.$conf['nginx']['user'].' ispapps';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			}
			}

			//* Make the shell scripts executable
			$command = "chmod +x $install_dir/server/scripts/*.sh";
			@@ -1799,8 +1854,14 @@
			$content = str_replace('{fastcgi_ssl}', 'off', $content);
			}

			$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);

			$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
			if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
			if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
			$fpm_socket = $socket_dir.'ispconfig.sock';

			//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
			$content = str_replace('{fpm_socket}', $fpm_socket, $content);

			wf($vhost_conf_dir.'/ispconfig.vhost', $content);

			unset($content);
			@@ -1809,7 +1870,8 @@
			// Dont just copy over the php-fpm pool template but add some custom settings
			$content = rf('tpl/php_fpm_pool.conf.master');
			$content = str_replace('{fpm_pool}', 'ispconfig', $content);
			$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
			//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
			$content = str_replace('{fpm_socket}', $fpm_socket, $content);
			$content = str_replace('{fpm_user}', 'ispconfig', $content);
			$content = str_replace('{fpm_group}', 'ispconfig', $content);
			wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
			@@ -1900,7 +1962,7 @@
			wf($install_dir.'/server/lib/mysql_clientdb.conf',$content);
			chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
			chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
			chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
			chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');

			}

			@@ -1922,6 +1984,11 @@
			"* * * * * ".$install_dir."/server/server.sh > /dev/null 2>> ".$conf['ispconfig_log_dir']."/cron.log",
			"30 00 * * * ".$install_dir."/server/cron_daily.sh > /dev/null 2>> ".$conf['ispconfig_log_dir']."/cron.log"
			);

			if ($conf['nginx']['installed'] == true) {
			$root_cron_jobs[] = "0 0 * * * ".$install_dir."/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
			}

			foreach($root_cron_jobs as $cron_job) {
			if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
			$existing_root_cron_jobs[] = $cron_job."\n";
			@@ -2012,7 +2079,7 @@
			if ( is_file($tConf) ) {
			$stat = exec('stat -c \'%a %U %G\' '.escapeshellarg($tConf), $output, $res);
			if ($res == 0) { // stat successfull
			list($access, $user, $group) = split(" ", $stat);
			list($access, $user, $group) = explode(" ", $stat);
			}

			if ( copy($tConf, $tConf.'~') ) {