Marius Cramer
2014-01-22 8133de09d462f8221deefa29ef67877c6676d84d
Added: apache version check in system library
Changed: apps vhost is now a template (for apache version)
Changed: template if tags can now be of format 'version' to make version comparisons (e.g. 2.12 > 2.2 !)
Changed: New apache 2.4 syntax for deny from all (-> Require all denied) etc.
7 files modified
255 ■■■■ changed files
server/conf/apache_apps.vhost.master 44 ●●●●● patch | view | raw | blame | history
server/conf/apache_ispconfig.conf.master 65 ●●●● patch | view | raw | blame | history
server/conf/vhost.conf.master 54 ●●●● patch | view | raw | blame | history
server/lib/classes/system.inc.php 25 ●●●●● patch | view | raw | blame | history
server/lib/classes/tpl.inc.php 21 ●●●● patch | view | raw | blame | history
server/plugins-available/apache2_plugin.inc.php 7 ●●●● patch | view | raw | blame | history
server/plugins-available/apps_vhost_plugin.inc.php 39 ●●●●● patch | view | raw | blame | history
server/conf/apache_apps.vhost.master
@@ -4,38 +4,46 @@
# for the ISPConfig apps vhost
######################################################
{vhost_port_listen} Listen {apps_vhost_port}
# NameVirtualHost *:{apps_vhost_port}
{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
<VirtualHost {apps_vhost_ip}:{apps_vhost_port}>
<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
  ServerAdmin webmaster@localhost
  {apps_vhost_servername}
  {tmpl_var name='apps_vhost_servername'}
  
  <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
  </FilesMatch>
  
  <IfModule mod_php5.c>
    DocumentRoot {apps_vhost_dir}
    DocumentRoot {tmpl_var name='apps_vhost_dir'}
    AddType application/x-httpd-php .php
    <Directory {apps_vhost_dir}>
      Options FollowSymLinks
      AllowOverride None
      Order allow,deny
      Allow from all
    <Directory {tmpl_var name='apps_vhost_dir'}>
        Options FollowSymLinks
        AllowOverride None
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
    </Directory>
  </IfModule>
  
  <IfModule mod_fcgid.c>
    DocumentRoot {apps_vhost_dir}
    DocumentRoot {tmpl_var name='apps_vhost_dir'}
    SuexecUserGroup ispapps ispapps
    <Directory {apps_vhost_dir}>
      Options Indexes FollowSymLinks MultiViews +ExecCGI
      AllowOverride AuthConfig Indexes Limit Options FileInfo
      AddHandler fcgid-script .php
      FCGIWrapper {apps_vhost_basedir}/php-fcgi-scripts/apps/.php-fcgi-starter .php
      Order allow,deny
      Allow from all
    <Directory {tmpl_var name='apps_vhost_dir'}>
        Options Indexes FollowSymLinks MultiViews +ExecCGI
        AllowOverride AuthConfig Indexes Limit Options FileInfo
        AddHandler fcgid-script .php
        FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
    </Directory>
  </IfModule>
server/conf/apache_ispconfig.conf.master
@@ -8,61 +8,100 @@
<Directory /var/www/clients>
    AllowOverride None
    Order Deny,Allow
    Deny from all
    {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
    Require all deny
    {tmpl_else}
    Order Deny,Allow
    Deny from all
    {/tmpl_if}
</Directory>
# Do not allow access to the root file system of the server for security reasons
<Directory />
    AllowOverride None
    Order Deny,Allow
    Deny from all
    {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
    Require all deny
    {tmpl_else}
    Order Deny,Allow
    Deny from all
    {/tmpl_if}
</Directory>
<Directory /var/www/conf>
    AllowOverride None
    Order Deny,Allow
    Deny from all
    {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
    Require all deny
    {tmpl_else}
    Order Deny,Allow
    Deny from all
    {/tmpl_if}
</Directory>
# Except of the following directories that contain website scripts
<Directory /usr/share/phpmyadmin>
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
</Directory>
<Directory /usr/share/phpMyAdmin>
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
</Directory>
<Directory /usr/share/squirrelmail>
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
</Directory>
# Allow access to mailman on OpenSuSE
<Directory /usr/lib/mailman/cgi-bin>
        AllowOverride All
        order allow,deny
        allow from all
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
</Directory>
<Directory /usr/lib/mailman/icons>
        order allow,deny
        allow from all
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
</Directory>
<Directory /var/lib/mailman/archives/>
        Options +FollowSymLinks
        order allow,deny
        allow from all
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
</Directory>
# allow path to awstats and alias for awstats icons
<Directory /usr/share/awstats>
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all granted
        {tmpl_else}
        Order allow,deny
        Allow from all
        {/tmpl_if}
</Directory>
Alias /awstats-icon "/usr/share/awstats/icon"
server/conf/vhost.conf.master
@@ -1,8 +1,12 @@
<Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}>
        AllowOverride None
        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
        Require all deny
        {tmpl_else}
        Order Deny,Allow
        Deny from all
        {/tmpl_if}
</Directory>
<tmpl_loop name="vhosts">
@@ -55,8 +59,12 @@
        <Directory {tmpl_var name='web_document_root_www'}>
                Options FollowSymLinks
                AllowOverride <tmpl_var name='allow_override'>
                {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
                Require all granted
                {tmpl_else}
                Order allow,deny
                Allow from all
                {/tmpl_if}
<tmpl_if name='ssi' op='==' value='y'>
                # ssi enabled
@@ -66,17 +74,25 @@
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
                <Files ~ '.php[s3-6]{0,1}$'>
                        {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
                        Require all denied
                        {tmpl_else}
                        Order allow,deny
                        Deny from all
                        Allow from none
                        {/tmpl_if}
                </Files>
</tmpl_if>
        </Directory>
        <Directory {tmpl_var name='web_document_root'}>
                Options FollowSymLinks
                AllowOverride <tmpl_var name='allow_override'>
                {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
                Require all granted
                {tmpl_else}
                Order allow,deny
                Allow from all
                {/tmpl_if}
<tmpl_if name='ssi' op='==' value='y'>
                # ssi enabled
@@ -86,9 +102,13 @@
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
                <Files ~ '.php[s3-6]{0,1}$'>
                        Order allow,deny
                        Deny from all
                        Allow from none
                    {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
                    Require all denied
                    {tmpl_else}
                    Order allow,deny
                    Deny from all
                    Allow from none
                    {/tmpl_if}
                </Files>
</tmpl_if>
        </Directory>
@@ -141,8 +161,12 @@
<tmpl_if name='cgi' op='==' value='y'>
        # cgi enabled
    <Directory {tmpl_var name='document_root'}/cgi-bin>
            {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
            Require all granted
            {tmpl_else}
            Order allow,deny
            Allow from all
            {/tmpl_if}
        </Directory>
        ScriptAlias  /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
        AddHandler cgi-script .cgi
@@ -189,8 +213,12 @@
        Action php5-cgi /php5-cgi
        AddHandler php5-cgi .php .php3 .php4 .php5
        <Directory {tmpl_var name='cgi_starter_path'}>
                Order allow,deny
                Allow from all
            {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
            Require all granted
            {tmpl_else}
            Order allow,deny
            Allow from all
            {/tmpl_if}
        </Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='fast-cgi'>
@@ -224,23 +252,35 @@
                FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
                Options +ExecCGI
                AllowOverride <tmpl_var name='allow_override'>
                {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
                Require all granted
                {tmpl_else}
                Order allow,deny
                Allow from all
                {/tmpl_if}
        </Directory>
        <Directory {tmpl_var name='web_document_root'}>
                AddHandler fcgid-script .php .php3 .php4 .php5
                FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
                Options +ExecCGI
                AllowOverride <tmpl_var name='allow_override'>
                {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
                Require all granted
                {tmpl_else}
                Order allow,deny
                Allow from all
                {/tmpl_if}
        </Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='php-fpm'>
        <IfModule mod_fastcgi.c>
                <Directory {tmpl_var name='document_root'}/cgi-bin>
                        Order allow,deny
                        Allow from all
                    {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
                    Require all granted
                    {tmpl_else}
                    Order allow,deny
                    Allow from all
                    {/tmpl_if}
                </Directory>
                AddHandler php5-fcgi .php
                Action php5-fcgi /php5-fcgi
server/lib/classes/system.inc.php
@@ -1724,6 +1724,31 @@
        if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);
        return $init_script_directory.'/'.$servicename.' '.$action;
    }
    function getapacheversion($get_minor = false) {
        global $app;
        $cmd = '';
        if($this->is_installed('apache2ctl')) $cmd = 'apache2ctl -v';
        elseif($this->is_installed('apachectl')) $cmd = 'apachectl -v';
        else {
            $app->log("Could not check apache version, apachectl not found.", LOGLEVEL_WARN);
            return '2.2';
        }
        exec($cmd, $output, $return_var);
        if($return_var != 0 || !$output[0]) {
            $app->log("Could not check apache version, apachectl did not return any data.", LOGLEVEL_WARN);
            return '2.2';
        }
        if(preg_match('/version:\s*Apache\/(\d+)(\.(\d+)(\.(\d+))*)?(\D|$)/i', $output[0], $matches)) {
            return $matches[1] . (isset($matches[3]) ? '.' . $matches[3] : '') . (isset($matches[5]) && $get_minor == true ? '.' . $matches[5] : '');
        } else {
            $app->log("Could not check apache version, did not find version string in apachectl output.", LOGLEVEL_WARN);
            return '2.2';
        }
    }
}
server/lib/classes/tpl.inc.php
@@ -1109,7 +1109,7 @@
         * @access private
         * @return string used for eval'ing
         */
        function _parseIf ($varname, $value=null, $op=null, $namespace=null) {
        function _parseIf ($varname, $value=null, $op=null, $namespace=null, $format=null) {
            if (isset($namespace)) $namespace = substr($namespace, 0, -1);
            $comp_str = ''; // used for extended if statements
@@ -1151,10 +1151,19 @@
                }
            }
            if ($this->OPTIONS['GLOBAL_VARS'] && empty($namespace)) {
                return '(('.$retstr.'[\''.$varname.'\'] !== null) ? '.$retstr.'[\''.$varname.'\'] : $this->_vars[\''.$varname.'\'])'.$comp_str;
                $retstr = '(('.$retstr.'[\''.$varname.'\'] !== null) ? '.$retstr.'[\''.$varname.'\'] : $this->_vars[\''.$varname.'\'])';
                if(isset($format) && isset($value) && $format == 'version') {
                    return 'version_compare(' . $retstr . ', \'' . $value . '\', ' . (!empty($op) ? $op : '==') . ')';
                } else {
                    return $retstr.$comp_str;
                }
            }
            else {
                return $retstr."['".$varname."']".$comp_str;
                if(isset($format) && isset($value) && $format == 'version') {
                    return 'version_compare(' . $retstr."['".$varname."']" . ', \'' . $value . '\', ' . (!empty($op) ? $op : '==') . ')';
                } else {
                    return $retstr."['".$varname."']".$comp_str;
                }
            }
        }
@@ -1330,15 +1339,15 @@
                break;
            case 'if':
                return '<?php if ('. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
                return '<?php if ('. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
                break;
            case 'unless':
                return '<?php if (!'. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
                return '<?php if (!'. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
                break;
            case 'elseif':
                return '<?php } elseif ('. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
                return '<?php } elseif ('. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
                break;
            case 'loop':
server/plugins-available/apache2_plugin.inc.php
@@ -930,6 +930,7 @@
        }
        $tpl->setVar($vhost_data);
        $tpl->setVar('apache_version', $app->system->getapacheversion());
        // Rewrite rules
        $rewrite_rules = array();
@@ -1136,6 +1137,7 @@
            $fcgi_tpl = new tpl();
            $fcgi_tpl->newTemplate('php-fcgi-starter.master');
            $fcgi_tpl->setVar('apache_version', $app->system->getapacheversion());
            // Support for multiple PHP versions (FastCGI)
            if(trim($data['new']['fastcgi_php_version']) != ''){
@@ -1275,6 +1277,7 @@
            $cgi_tpl = new tpl();
            $cgi_tpl->newTemplate('php-cgi-starter.master');
            $cgi_tpl->setVar('apache_version', $app->system->getapacheversion());
            // This works because PHP "rewrites" a symlink to the physical path
            $php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir'];
@@ -1909,6 +1912,7 @@
        $tpl = new tpl();
        $tpl->newTemplate('apache_ispconfig.conf.master');
        $tpl->setVar('apache_version', $app->system->getapacheversion());
        $records = $app->db->queryAllRecords('SELECT * FROM server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
        $records_out= array();
@@ -2609,7 +2613,8 @@
        $app->load('tpl');
        $tpl = new tpl();
        $tpl->newTemplate('php_fpm_pool.conf.master');
        $tpl->setVar('apache_version', $app->system->getapacheversion());
        if($data['new']['php_fpm_use_socket'] == 'y'){
            $use_tcp = 0;
            $use_socket = 1;
server/plugins-available/apps_vhost_plugin.inc.php
@@ -80,13 +80,12 @@
        $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
        if($web_config['server_type'] == 'apache'){
            // Dont just copy over the virtualhost template but add some custom settings
            if(file_exists($conf["rootpath"]."/conf-custom/apache_apps.vhost.master")) {
                $content = file_get_contents($conf["rootpath"]."/conf-custom/apache_apps.vhost.master");
            } else {
                $content = file_get_contents($conf["rootpath"]."/conf/apache_apps.vhost.master");
            }
            $app->load('tpl');
            $tpl = new tpl();
            $tpl->newTemplate('apache_apps.vhost.master');
            $tpl->setVar('apache_version', $app->system->getapacheversion());
            $vhost_conf_dir = $web_config['vhost_conf_dir'];
            $vhost_conf_enabled_dir = $web_config['vhost_conf_enabled_dir'];
@@ -95,21 +94,31 @@
            $web_config['apps_vhost_port'] = (empty($web_config['apps_vhost_port']))?8081:$web_config['apps_vhost_port'];
            $web_config['apps_vhost_ip'] = (empty($web_config['apps_vhost_ip']))?'_default_':$web_config['apps_vhost_ip'];
            $tpl->setVar('apps_vhost_ip', $web_config['apps_vhost_ip']);
            $tpl->setVar('apps_vhost_port', $web_config['apps_vhost_port']);
            $tpl->setVar('apps_vhost_dir', $web_config['website_basedir'].'/apps');
            $tpl->setVar('apps_vhost_servername', $apps_vhost_servername);
            $tpl->setVar('apps_vhost_basedir', $web_config['website_basedir']);
            $vhost_port_listen = '';
            // comment out the listen directive if port is 80 or 443
            if($web_config['apps_vhost_port'] == 80 or $web_config['apps_vhost_port'] == 443) {
                $vhost_port_listen = '#';
            }
            $tpl->setVar('vhost_port_listen', $vhost_port_listen);
            $content = $tpl->grab();
            /* for backwards compatibility we replace the old syntax by hand now */
            $content = str_replace('{apps_vhost_ip}', $web_config['apps_vhost_ip'], $content);
            $content = str_replace('{apps_vhost_port}', $web_config['apps_vhost_port'], $content);
            $content = str_replace('{apps_vhost_dir}', $web_config['website_basedir'].'/apps', $content);
            $content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content);
            $content = str_replace('{apps_vhost_basedir}', $web_config['website_basedir'], $content);
            $content = str_replace('{vhost_port_listen}', $vhost_port_listen, $content);
            /* end of backwards compatibility section */
            // comment out the listen directive if port is 80 or 443
            if($web_config['apps_vhost_port'] == 80 or $web_config['apps_vhost_port'] == 443) {
                $content = str_replace('{vhost_port_listen}', '#', $content);
            } else {
                $content = str_replace('{vhost_port_listen}', '', $content);
            }
            file_put_contents("$vhost_conf_dir/apps.vhost", $content);
            $app->system->file_put_contents("$vhost_conf_dir/apps.vhost", $content);
            $app->services->restartServiceDelayed('httpd', 'restart');
        }