Added: apache version check in system library
Changed: apps vhost is now a template (for apache version)
Changed: template if tags can now be of format 'version' to make version comparisons (e.g. 2.12 > 2.2 !)
Changed: New apache 2.4 syntax for deny from all (-> Require all denied) etc.
| | |
| | | # for the ISPConfig apps vhost |
| | | ###################################################### |
| | | |
| | | {vhost_port_listen} Listen {apps_vhost_port} |
| | | # NameVirtualHost *:{apps_vhost_port} |
| | | {tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'} |
| | | # NameVirtualHost *:{tmpl_var name='apps_vhost_port'} |
| | | |
| | | <VirtualHost {apps_vhost_ip}:{apps_vhost_port}> |
| | | <VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}> |
| | | ServerAdmin webmaster@localhost |
| | | {apps_vhost_servername} |
| | | {tmpl_var name='apps_vhost_servername'} |
| | | |
| | | <FilesMatch "\.ph(p3?|tml)$"> |
| | | SetHandler None |
| | | </FilesMatch> |
| | | |
| | | <IfModule mod_php5.c> |
| | | DocumentRoot {apps_vhost_dir} |
| | | DocumentRoot {tmpl_var name='apps_vhost_dir'} |
| | | AddType application/x-httpd-php .php |
| | | <Directory {apps_vhost_dir}> |
| | | Options FollowSymLinks |
| | | AllowOverride None |
| | | Order allow,deny |
| | | Allow from all |
| | | <Directory {tmpl_var name='apps_vhost_dir'}> |
| | | Options FollowSymLinks |
| | | AllowOverride None |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | </IfModule> |
| | | |
| | | <IfModule mod_fcgid.c> |
| | | DocumentRoot {apps_vhost_dir} |
| | | DocumentRoot {tmpl_var name='apps_vhost_dir'} |
| | | SuexecUserGroup ispapps ispapps |
| | | <Directory {apps_vhost_dir}> |
| | | Options Indexes FollowSymLinks MultiViews +ExecCGI |
| | | AllowOverride AuthConfig Indexes Limit Options FileInfo |
| | | AddHandler fcgid-script .php |
| | | FCGIWrapper {apps_vhost_basedir}/php-fcgi-scripts/apps/.php-fcgi-starter .php |
| | | Order allow,deny |
| | | Allow from all |
| | | <Directory {tmpl_var name='apps_vhost_dir'}> |
| | | Options Indexes FollowSymLinks MultiViews +ExecCGI |
| | | AllowOverride AuthConfig Indexes Limit Options FileInfo |
| | | AddHandler fcgid-script .php |
| | | FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | </IfModule> |
| | | |
| | |
| | | |
| | | <Directory /var/www/clients> |
| | | AllowOverride None |
| | | Order Deny,Allow |
| | | Deny from all |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all deny |
| | | {tmpl_else} |
| | | Order Deny,Allow |
| | | Deny from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | # Do not allow access to the root file system of the server for security reasons |
| | | <Directory /> |
| | | AllowOverride None |
| | | Order Deny,Allow |
| | | Deny from all |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all deny |
| | | {tmpl_else} |
| | | Order Deny,Allow |
| | | Deny from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | <Directory /var/www/conf> |
| | | AllowOverride None |
| | | Order Deny,Allow |
| | | Deny from all |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all deny |
| | | {tmpl_else} |
| | | Order Deny,Allow |
| | | Deny from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | # Except of the following directories that contain website scripts |
| | | <Directory /usr/share/phpmyadmin> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | <Directory /usr/share/phpMyAdmin> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | <Directory /usr/share/squirrelmail> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | # Allow access to mailman on OpenSuSE |
| | | <Directory /usr/lib/mailman/cgi-bin> |
| | | AllowOverride All |
| | | order allow,deny |
| | | allow from all |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | <Directory /usr/lib/mailman/icons> |
| | | order allow,deny |
| | | allow from all |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | <Directory /var/lib/mailman/archives/> |
| | | Options +FollowSymLinks |
| | | order allow,deny |
| | | allow from all |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | # allow path to awstats and alias for awstats icons |
| | | <Directory /usr/share/awstats> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | Alias /awstats-icon "/usr/share/awstats/icon" |
| | |
| | | |
| | | <Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}> |
| | | AllowOverride None |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all deny |
| | | {tmpl_else} |
| | | Order Deny,Allow |
| | | Deny from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | |
| | | <tmpl_loop name="vhosts"> |
| | |
| | | <Directory {tmpl_var name='web_document_root_www'}> |
| | | Options FollowSymLinks |
| | | AllowOverride <tmpl_var name='allow_override'> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | <tmpl_if name='ssi' op='==' value='y'> |
| | | |
| | | # ssi enabled |
| | |
| | | </tmpl_if> |
| | | <tmpl_if name='php' op='==' value='no'> |
| | | <Files ~ '.php[s3-6]{0,1}$'> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all denied |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Deny from all |
| | | Allow from none |
| | | {/tmpl_if} |
| | | </Files> |
| | | </tmpl_if> |
| | | </Directory> |
| | | <Directory {tmpl_var name='web_document_root'}> |
| | | Options FollowSymLinks |
| | | AllowOverride <tmpl_var name='allow_override'> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | <tmpl_if name='ssi' op='==' value='y'> |
| | | |
| | | # ssi enabled |
| | |
| | | </tmpl_if> |
| | | <tmpl_if name='php' op='==' value='no'> |
| | | <Files ~ '.php[s3-6]{0,1}$'> |
| | | Order allow,deny |
| | | Deny from all |
| | | Allow from none |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all denied |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Deny from all |
| | | Allow from none |
| | | {/tmpl_if} |
| | | </Files> |
| | | </tmpl_if> |
| | | </Directory> |
| | |
| | | <tmpl_if name='cgi' op='==' value='y'> |
| | | # cgi enabled |
| | | <Directory {tmpl_var name='document_root'}/cgi-bin> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/ |
| | | AddHandler cgi-script .cgi |
| | |
| | | Action php5-cgi /php5-cgi |
| | | AddHandler php5-cgi .php .php3 .php4 .php5 |
| | | <Directory {tmpl_var name='cgi_starter_path'}> |
| | | Order allow,deny |
| | | Allow from all |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | </tmpl_if> |
| | | <tmpl_if name='php' op='==' value='fast-cgi'> |
| | |
| | | FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php |
| | | Options +ExecCGI |
| | | AllowOverride <tmpl_var name='allow_override'> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | <Directory {tmpl_var name='web_document_root'}> |
| | | AddHandler fcgid-script .php .php3 .php4 .php5 |
| | | FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php |
| | | Options +ExecCGI |
| | | AllowOverride <tmpl_var name='allow_override'> |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | </tmpl_if> |
| | | <tmpl_if name='php' op='==' value='php-fpm'> |
| | | <IfModule mod_fastcgi.c> |
| | | <Directory {tmpl_var name='document_root'}/cgi-bin> |
| | | Order allow,deny |
| | | Allow from all |
| | | {tmpl_if name='apache_version' op='>' value='2.2' format='version'} |
| | | Require all granted |
| | | {tmpl_else} |
| | | Order allow,deny |
| | | Allow from all |
| | | {/tmpl_if} |
| | | </Directory> |
| | | AddHandler php5-fcgi .php |
| | | Action php5-fcgi /php5-fcgi |
| | |
| | | if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1); |
| | | return $init_script_directory.'/'.$servicename.' '.$action; |
| | | } |
| | | |
| | | function getapacheversion($get_minor = false) { |
| | | global $app; |
| | | |
| | | $cmd = ''; |
| | | if($this->is_installed('apache2ctl')) $cmd = 'apache2ctl -v'; |
| | | elseif($this->is_installed('apachectl')) $cmd = 'apachectl -v'; |
| | | else { |
| | | $app->log("Could not check apache version, apachectl not found.", LOGLEVEL_WARN); |
| | | return '2.2'; |
| | | } |
| | | |
| | | exec($cmd, $output, $return_var); |
| | | if($return_var != 0 || !$output[0]) { |
| | | $app->log("Could not check apache version, apachectl did not return any data.", LOGLEVEL_WARN); |
| | | return '2.2'; |
| | | } |
| | | |
| | | if(preg_match('/version:\s*Apache\/(\d+)(\.(\d+)(\.(\d+))*)?(\D|$)/i', $output[0], $matches)) { |
| | | return $matches[1] . (isset($matches[3]) ? '.' . $matches[3] : '') . (isset($matches[5]) && $get_minor == true ? '.' . $matches[5] : ''); |
| | | } else { |
| | | $app->log("Could not check apache version, did not find version string in apachectl output.", LOGLEVEL_WARN); |
| | | return '2.2'; |
| | | } |
| | | } |
| | | |
| | | } |
| | | |
| | |
| | | * @access private |
| | | * @return string used for eval'ing |
| | | */ |
| | | function _parseIf ($varname, $value=null, $op=null, $namespace=null) { |
| | | function _parseIf ($varname, $value=null, $op=null, $namespace=null, $format=null) { |
| | | if (isset($namespace)) $namespace = substr($namespace, 0, -1); |
| | | $comp_str = ''; // used for extended if statements |
| | | |
| | |
| | | } |
| | | } |
| | | if ($this->OPTIONS['GLOBAL_VARS'] && empty($namespace)) { |
| | | return '(('.$retstr.'[\''.$varname.'\'] !== null) ? '.$retstr.'[\''.$varname.'\'] : $this->_vars[\''.$varname.'\'])'.$comp_str; |
| | | $retstr = '(('.$retstr.'[\''.$varname.'\'] !== null) ? '.$retstr.'[\''.$varname.'\'] : $this->_vars[\''.$varname.'\'])'; |
| | | if(isset($format) && isset($value) && $format == 'version') { |
| | | return 'version_compare(' . $retstr . ', \'' . $value . '\', ' . (!empty($op) ? $op : '==') . ')'; |
| | | } else { |
| | | return $retstr.$comp_str; |
| | | } |
| | | } |
| | | else { |
| | | return $retstr."['".$varname."']".$comp_str; |
| | | if(isset($format) && isset($value) && $format == 'version') { |
| | | return 'version_compare(' . $retstr."['".$varname."']" . ', \'' . $value . '\', ' . (!empty($op) ? $op : '==') . ')'; |
| | | } else { |
| | | return $retstr."['".$varname."']".$comp_str; |
| | | } |
| | | } |
| | | } |
| | | |
| | |
| | | break; |
| | | |
| | | case 'if': |
| | | return '<?php if ('. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline; |
| | | return '<?php if ('. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline; |
| | | break; |
| | | |
| | | case 'unless': |
| | | return '<?php if (!'. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline; |
| | | return '<?php if (!'. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline; |
| | | break; |
| | | |
| | | case 'elseif': |
| | | return '<?php } elseif ('. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline; |
| | | return '<?php } elseif ('. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline; |
| | | break; |
| | | |
| | | case 'loop': |
| | |
| | | } |
| | | |
| | | $tpl->setVar($vhost_data); |
| | | $tpl->setVar('apache_version', $app->system->getapacheversion()); |
| | | |
| | | // Rewrite rules |
| | | $rewrite_rules = array(); |
| | |
| | | |
| | | $fcgi_tpl = new tpl(); |
| | | $fcgi_tpl->newTemplate('php-fcgi-starter.master'); |
| | | $fcgi_tpl->setVar('apache_version', $app->system->getapacheversion()); |
| | | |
| | | // Support for multiple PHP versions (FastCGI) |
| | | if(trim($data['new']['fastcgi_php_version']) != ''){ |
| | |
| | | |
| | | $cgi_tpl = new tpl(); |
| | | $cgi_tpl->newTemplate('php-cgi-starter.master'); |
| | | $cgi_tpl->setVar('apache_version', $app->system->getapacheversion()); |
| | | |
| | | // This works because PHP "rewrites" a symlink to the physical path |
| | | $php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir']; |
| | |
| | | |
| | | $tpl = new tpl(); |
| | | $tpl->newTemplate('apache_ispconfig.conf.master'); |
| | | $tpl->setVar('apache_version', $app->system->getapacheversion()); |
| | | $records = $app->db->queryAllRecords('SELECT * FROM server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'"); |
| | | |
| | | $records_out= array(); |
| | |
| | | $app->load('tpl'); |
| | | $tpl = new tpl(); |
| | | $tpl->newTemplate('php_fpm_pool.conf.master'); |
| | | |
| | | $tpl->setVar('apache_version', $app->system->getapacheversion()); |
| | | |
| | | if($data['new']['php_fpm_use_socket'] == 'y'){ |
| | | $use_tcp = 0; |
| | | $use_socket = 1; |
| | |
| | | $web_config = $app->getconf->get_server_config($conf["server_id"], 'web'); |
| | | |
| | | if($web_config['server_type'] == 'apache'){ |
| | | // Dont just copy over the virtualhost template but add some custom settings |
| | | if(file_exists($conf["rootpath"]."/conf-custom/apache_apps.vhost.master")) { |
| | | $content = file_get_contents($conf["rootpath"]."/conf-custom/apache_apps.vhost.master"); |
| | | } else { |
| | | $content = file_get_contents($conf["rootpath"]."/conf/apache_apps.vhost.master"); |
| | | } |
| | | $app->load('tpl'); |
| | | |
| | | $tpl = new tpl(); |
| | | $tpl->newTemplate('apache_apps.vhost.master'); |
| | | |
| | | $tpl->setVar('apache_version', $app->system->getapacheversion()); |
| | | |
| | | $vhost_conf_dir = $web_config['vhost_conf_dir']; |
| | | $vhost_conf_enabled_dir = $web_config['vhost_conf_enabled_dir']; |
| | |
| | | $web_config['apps_vhost_port'] = (empty($web_config['apps_vhost_port']))?8081:$web_config['apps_vhost_port']; |
| | | $web_config['apps_vhost_ip'] = (empty($web_config['apps_vhost_ip']))?'_default_':$web_config['apps_vhost_ip']; |
| | | |
| | | $tpl->setVar('apps_vhost_ip', $web_config['apps_vhost_ip']); |
| | | $tpl->setVar('apps_vhost_port', $web_config['apps_vhost_port']); |
| | | $tpl->setVar('apps_vhost_dir', $web_config['website_basedir'].'/apps'); |
| | | $tpl->setVar('apps_vhost_servername', $apps_vhost_servername); |
| | | $tpl->setVar('apps_vhost_basedir', $web_config['website_basedir']); |
| | | |
| | | $vhost_port_listen = ''; |
| | | // comment out the listen directive if port is 80 or 443 |
| | | if($web_config['apps_vhost_port'] == 80 or $web_config['apps_vhost_port'] == 443) { |
| | | $vhost_port_listen = '#'; |
| | | } |
| | | $tpl->setVar('vhost_port_listen', $vhost_port_listen); |
| | | |
| | | $content = $tpl->grab(); |
| | | |
| | | /* for backwards compatibility we replace the old syntax by hand now */ |
| | | $content = str_replace('{apps_vhost_ip}', $web_config['apps_vhost_ip'], $content); |
| | | $content = str_replace('{apps_vhost_port}', $web_config['apps_vhost_port'], $content); |
| | | $content = str_replace('{apps_vhost_dir}', $web_config['website_basedir'].'/apps', $content); |
| | | $content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content); |
| | | $content = str_replace('{apps_vhost_basedir}', $web_config['website_basedir'], $content); |
| | | $content = str_replace('{vhost_port_listen}', $vhost_port_listen, $content); |
| | | /* end of backwards compatibility section */ |
| | | |
| | | |
| | | // comment out the listen directive if port is 80 or 443 |
| | | if($web_config['apps_vhost_port'] == 80 or $web_config['apps_vhost_port'] == 443) { |
| | | $content = str_replace('{vhost_port_listen}', '#', $content); |
| | | } else { |
| | | $content = str_replace('{vhost_port_listen}', '', $content); |
| | | } |
| | | |
| | | file_put_contents("$vhost_conf_dir/apps.vhost", $content); |
| | | $app->system->file_put_contents("$vhost_conf_dir/apps.vhost", $content); |
| | | $app->services->restartServiceDelayed('httpd', 'restart'); |
| | | } |
| | | |