| | |
|---|
| | | |
|---|
| | | $tpl_ini_array = ini_to_array(rf('tpl/server.ini.master')); |
|---|
| | | |
|---|
| | | // TODO: Update further distribution specific parameters for server config here |
|---|
| | | //* Update further distribution specific parameters for server config here |
|---|
| | | //* HINT: Every line added here has to be added in update.lib.php too!! |
|---|
| | | $tpl_ini_array['web']['vhost_conf_dir'] = $conf['apache']['vhost_conf_dir']; |
|---|
| | | $tpl_ini_array['web']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_enabled_dir']; |
|---|
| | | $tpl_ini_array['jailkit']['jailkit_chroot_app_programs'] = $conf['jailkit']['jailkit_chroot_app_programs']; |
|---|
| | |
|---|
| | | $tpl_ini_array['web']['security_level'] = 20; |
|---|
| | | $tpl_ini_array['web']['user'] = $conf['apache']['user']; |
|---|
| | | $tpl_ini_array['web']['group'] = $conf['apache']['group']; |
|---|
| | | $tpl_ini_array['web']['php_ini_path_apache'] = $conf['apache']['php_ini_path_apache']; |
|---|
| | | $tpl_ini_array['web']['php_ini_path_cgi'] = $conf['apache']['php_ini_path_cgi']; |
|---|
| | | $tpl_ini_array['mail']['pop3_imap_daemon'] = ($conf['dovecot']['installed'] == true)?'dovecot':'courier'; |
|---|
| | | $tpl_ini_array['mail']['mail_filter_syntax'] = ($conf['dovecot']['installed'] == true)?'sieve':'maildrop'; |
|---|
| | | $tpl_ini_array['dns']['bind_user'] = $conf['bind']['bind_user']; |
|---|
| | |
|---|
| | | $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content); |
|---|
| | | $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content); |
|---|
| | | wf("$pam/smtp", $content); |
|---|
| | | // On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect. |
|---|
| | | if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp"); |
|---|
| | | exec("chmod 660 $pam/smtp"); |
|---|
| | | exec("chown daemon:daemon $pam/smtp"); |
|---|
| | | |
|---|
| | |
|---|
| | | public function configure_bind() { |
|---|
| | | global $conf; |
|---|
| | | |
|---|
| | | //* Nothing to do |
|---|
| | | //* Check if the zonefile directory has a slash at the end |
|---|
| | | $content=$conf['bind']['bind_zonefiles_dir']; |
|---|
| | | if(substr($content,-1,1) != '/') { |
|---|
| | | $content .= '/'; |
|---|
| | | } |
|---|
| | | |
|---|
| | | //* Create the slave subdirectory |
|---|
| | | $content .= 'slave'; |
|---|
| | | $content_mkdir = 'mkdir -p '.$content; |
|---|
| | | exec($content_mkdir); |
|---|
| | | |
|---|
| | | //* Chown the slave subdirectory to $conf['bind']['bind_user'] |
|---|
| | | exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content); |
|---|
| | | exec('chmod 770 '.$content); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | exec('mkdir -p /var/log/ispconfig/httpd'); |
|---|
| | | |
|---|
| | | if(is_file('/etc/suphp/suphp.conf')) { |
|---|
| | | replaceLine('/etc/suphp/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0); |
|---|
| | | replaceLine('/etc/suphp/suphp.conf','php=php:/usr/bin','x-httpd-suphp="php:/usr/bin/php-cgi"',0); |
|---|
| | | //replaceLine('/etc/suphp/suphp.conf','docroot=','docroot=/var/clients',0); |
|---|
| | | replaceLine('/etc/suphp/suphp.conf','umask=0077','umask=0022',0); |
|---|
| | | } |
|---|
| | |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function make_ispconfig_ssl_cert() { |
|---|
| | | global $conf; |
|---|
| | | |
|---|
| | | $ssl_crt_file = '/usr/local/ispconfig/interface/ssl/ispserver.crt'; |
|---|
| | | $ssl_csr_file = '/usr/local/ispconfig/interface/ssl/ispserver.csr'; |
|---|
| | | $ssl_key_file = '/usr/local/ispconfig/interface/ssl/ispserver.key'; |
|---|
| | | |
|---|
| | | if(!is_dir('/usr/local/ispconfig/interface/ssl')) exec("mkdir -p /usr/local/ispconfig/interface/ssl"); |
|---|
| | | |
|---|
| | | $ssl_pw = substr(md5(mt_rand()),0,6); |
|---|
| | | exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096"); |
|---|
| | | exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file"); |
|---|
| | | exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650"); |
|---|
| | | exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure"); |
|---|
| | | exec("mv $ssl_key_file $ssl_key_file.secure"); |
|---|
| | | exec("mv $ssl_key_file.insecure $ssl_key_file"); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public function install_ispconfig() { |
|---|
| | |
|---|
| | | $content = str_replace('{vhost_port_listen}', '#', $content); |
|---|
| | | } else { |
|---|
| | | $content = str_replace('{vhost_port_listen}', '', $content); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) { |
|---|
| | | $content = str_replace('{ssl_comment}', '', $content); |
|---|
| | | } else { |
|---|
| | | $content = str_replace('{ssl_comment}', '#', $content); |
|---|
| | | } |
|---|
| | | |
|---|
| | | wf("$vhost_conf_dir/ispconfig.vhost", $content); |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | ?> |
|---|
| | | ?> |
|---|
