From a7bdf8d0bfd77eb99f1972dd41f04a068212361a Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 22 Sep 2011 07:32:33 -0400
Subject: [PATCH] Implemented: FS#334 - IPv6 support Implemented: FS#1113 - Force client to use only allowed IPs
---
server/conf/vhost.conf.master | 241 ++--------------------------------
/dev/null | 39 -----
install/sql/ispconfig3.sql | 1
server/plugins-available/apache2_plugin.inc.php | 29 ++++
install/sql/incremental/upd_0022.sql | 1
interface/web/sites/lib/lang/en_web_domain.lng | 3
interface/web/sites/web_domain_edit.php | 58 +++++++
interface/web/sites/ajax_get_ip.php | 4
interface/web/sites/form/web_domain.tform.php | 17 ++
interface/web/sites/templates/web_domain_edit.htm | 17 ++
10 files changed, 130 insertions(+), 280 deletions(-)
diff --git a/install/sql/incremental/upd_0022.sql b/install/sql/incremental/upd_0022.sql
new file mode 100644
index 0000000..e6ea922
--- /dev/null
+++ b/install/sql/incremental/upd_0022.sql
@@ -0,0 +1 @@
+ALTER TABLE `web_domain` ADD `ipv6_address` VARCHAR( 255 ) default NULL AFTER `ip_address`;
\ No newline at end of file
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 0a9d8d9..d6f645e 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1474,6 +1474,7 @@
`sys_perm_other` varchar(5) default NULL,
`server_id` int(11) unsigned NOT NULL default '0',
`ip_address` varchar(39) default NULL,
+ `ipv6_address` VARCHAR( 255 ) default NULL
`domain` varchar(255) default NULL,
`type` varchar(32) default NULL,
`parent_domain_id` int(11) unsigned NOT NULL default '0',
diff --git a/interface/web/sites/ajax_get_ip.php b/interface/web/sites/ajax_get_ip.php
index 0d3227b..62d62e8 100644
--- a/interface/web/sites/ajax_get_ip.php
+++ b/interface/web/sites/ajax_get_ip.php
@@ -35,10 +35,12 @@
$app->auth->check_module_permissions('sites');
$server_id = intval($_GET["server_id"]);
+$client_group_id = intval($_GET["client_group_id"]);
+$ip_type = $app->db->quote($_GET['ip_type']);
if($_SESSION["s"]["user"]["typ"] == 'admin') {
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = '$ip_type' AND server_id = $server_id";
$ips = $app->db->queryAllRecords($sql);
// $ip_select = "<option value=''></option>";
$ip_select = "*";
diff --git a/interface/web/sites/form/web_domain.tform.php b/interface/web/sites/form/web_domain.tform.php
index 5e3a873..b5032e0 100644
--- a/interface/web/sites/form/web_domain.tform.php
+++ b/interface/web/sites/form/web_domain.tform.php
@@ -82,11 +82,22 @@
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => '',
- 'datasource' => array ( 'type' => 'SQL',
- 'querystring' => 'SELECT ip_address,ip_address FROM server_ip WHERE {AUTHSQL} ORDER BY ip_address',
+ /*'datasource' => array ( 'type' => 'SQL',
+ 'querystring' => "SELECT ip_address,ip_address FROM server_ip WHERE ip_type = 'IPv4' AND {AUTHSQL} ORDER BY ip_address",
'keyfield'=> 'ip_address',
'valuefield'=> 'ip_address'
- ),
+ ),*/
+ 'value' => ''
+ ),
+ 'ipv6_address' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'default' => '',
+ /*'datasource' => array ( 'type' => 'SQL',
+ 'querystring' => "SELECT ip_address,ip_address FROM server_ip WHERE ip_type = 'IPv6' AND {AUTHSQL} ORDER BY ip_address",
+ 'keyfield'=> 'ip_address',
+ 'valuefield'=> 'ip_address'
+ ),*/
'value' => ''
),
'domain' => array (
diff --git a/interface/web/sites/lib/lang/en_web_domain.lng b/interface/web/sites/lib/lang/en_web_domain.lng
index 9bc71ad..40e1fad 100644
--- a/interface/web/sites/lib/lang/en_web_domain.lng
+++ b/interface/web/sites/lib/lang/en_web_domain.lng
@@ -21,7 +21,8 @@
$wb["document_root_txt"] = 'Documentroot';
$wb["system_user_txt"] = 'Linux User';
$wb["system_group_txt"] = 'Linux Group';
-$wb["ip_address_txt"] = 'IP-Address';
+$wb["ip_address_txt"] = 'IPv4-Address';
+$wb["ipv6_address_txt"] = 'IPv6-Address';
$wb["vhost_type_txt"] = 'VHost Type';
$wb["hd_quota_txt"] = 'Harddisk Quota';
$wb["traffic_quota_txt"] = 'Traffic Quota';
diff --git a/interface/web/sites/templates/web_domain_edit.htm b/interface/web/sites/templates/web_domain_edit.htm
index 9e2a6b5..f8c5174 100644
--- a/interface/web/sites/templates/web_domain_edit.htm
+++ b/interface/web/sites/templates/web_domain_edit.htm
@@ -15,14 +15,14 @@
<input type="hidden" name="server_id" value="{tmpl_var name='server_id_value'}" />
<tmpl_else>
<label for="server_id">{tmpl_var name='server_id_txt'}</label>
- <select name="server_id" id="server_id" class="selectInput" onChange="loadOptionInto('ip_address','sites/ajax_get_ip.php?server_id='+document.getElementById('server_id').value)">
+ <select name="server_id" id="server_id" class="selectInput" onChange="reloadWebIP()">
{tmpl_var name='server_id'}
</select>
</tmpl_if>
</div>
<div class="ctrlHolder">
<label for="client_group_id">{tmpl_var name='client_group_id_txt'}</label>
- <select name="client_group_id" id="client_group_id" class="selectInput">
+ <select name="client_group_id" id="client_group_id" class="selectInput" onChange="reloadWebIP()">
{tmpl_var name='client_group_id'}
</select>
</div>
@@ -30,7 +30,7 @@
<tmpl_if name="is_reseller">
<div class="ctrlHolder">
<label for="client_group_id">{tmpl_var name='client_group_id_txt'}</label>
- <select name="client_group_id" id="client_group_id" class="selectInput">
+ <select name="client_group_id" id="client_group_id" class="selectInput" onChange="reloadWebIP()">
{tmpl_var name='client_group_id'}
</select>
</div>
@@ -39,6 +39,12 @@
<label for="ip_address">{tmpl_var name='ip_address_txt'}</label>
<select name="ip_address" id="ip_address" class="selectInput formLengthIPv4">
{tmpl_var name='ip_address'}
+ </select>
+ </div>
+ <div class="ctrlHolder">
+ <label for="ipv6_address">{tmpl_var name='ipv6_address_txt'}</label>
+ <select name="ipv6_address" id="ipv6_address" class="selectInput formLengthIPv4">
+ {tmpl_var name='ipv6_address'}
</select>
</div>
<div class="ctrlHolder">
@@ -158,5 +164,10 @@
}
});
}
+
+ function reloadWebIP() {
+ loadOptionInto('ip_address','sites/ajax_get_ip.php?ip_type=IPv4&server_id='+document.getElementById('server_id').value)&client_group_id='+document.getElementById('client_group_id').value);
+ loadOptionInto('ipv6_address','sites/ajax_get_ip.php?ip_type=IPv6&server_id='+document.getElementById('server_id').value)&client_group_id='+document.getElementById('client_group_id').value);
+ }
</script>
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index b552a64..ee865c5 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -94,8 +94,8 @@
$app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
unset($tmp);
- // Fill the IP select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND client_id=0 OR client_id=".$_SESSION['s']['user']['client_id'];
+ //* Fill the IPv4 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -106,6 +106,21 @@
}
}
$app->tpl->setVar("ip_address",$ip_select);
+ unset($tmp);
+ unset($ips);
+
+ //* Fill the IPv6 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
@@ -135,8 +150,8 @@
}
$app->tpl->setVar("client_group_id",$client_select);
- // Fill the IP select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND client_id=0 OR client_id=".$_SESSION['s']['user']['client_id'];
+ //* Fill the IPv4 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -147,6 +162,21 @@
}
}
$app->tpl->setVar("ip_address",$ip_select);
+ unset($tmp);
+ unset($ips);
+
+ //* Fill the IPv6 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
@@ -161,8 +191,9 @@
$tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE web_server = 1 ORDER BY server_name LIMIT 0,1");
$server_id = $tmp['server_id'];
}
-
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
+
+ //* Fill the IPv4 select field
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = $server_id";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -175,6 +206,21 @@
$app->tpl->setVar("ip_address",$ip_select);
unset($tmp);
unset($ips);
+
+ //* Fill the IPv6 select field
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = $server_id";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
+ unset($tmp);
+ unset($ips);
// Fill the client select field
$sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0 ORDER BY name";
diff --git a/server/conf/nginx_reverseproxy_rewrites.conf.master b/server/conf/nginx_reverseproxy_rewrites.conf.master
deleted file mode 100644
index c9080a7..0000000
--- a/server/conf/nginx_reverseproxy_rewrites.conf.master
+++ /dev/null
@@ -1,9 +0,0 @@
-server {
- listen 80 default_server;
- listen 443 default_server;
- server_name _;
- include /etc/nginx/proxy.conf;
- <tmpl_loop name="nginx_rewrite_rules">
- rewrite ^{tmpl_var name="rewrite_url_src"} {tmpl_var name="rewrite_url_dst"};
- </tmpl_loop>
-}
diff --git a/server/conf/nginx_reverseproxy_vhost.conf.master b/server/conf/nginx_reverseproxy_vhost.conf.master
deleted file mode 100644
index 40df895..0000000
--- a/server/conf/nginx_reverseproxy_vhost.conf.master
+++ /dev/null
@@ -1,69 +0,0 @@
-server {
- listen 80;
- server_name <tmpl_var name='alias'> <tmpl_var name='domain'>;
-
- access_log /var/log/ispconfig/nginx/<tmpl_var name='domain'>/access.log;
- error_log /var/log/ispconfig/nginx/<tmpl_var name='domain'>/error.log;
-
- include /etc/nginx/proxy.conf;
-
- location / {
- proxy_pass http://<tmpl_var name='ip_address'>:80;
- }
-
- location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
- # Cache static-looking files for 120 minutes, setting a 10 day expiry time in the HTTP header,
- # whether logged in or not (may be too heavy-handed).
- proxy_cache_valid 200 120m;
- expires 864000;
- proxy_pass http://<tmpl_var name='ip_address'>:80;
- }
-
- <tmpl_if name='nginx_directives'>
- <tmpl_var name='nginx_directives'>
- </tmpl_if>
-
-
-
-}
-
-
-<tmpl_if name='ssl_enabled'>
-###########################################################
-# SSL Vhost
-###########################################################
-server {
- listen 443;
- server_name <tmpl_var name='ssl_domain'> <tmpl_var name='alias'>;
-
- access_log /var/log/ispconfig/nginx/<tmpl_var name='domain'>/access.log
- error_log /var/log/ispconfig/nginx/<tmpl_var name='domain'>/error.log
-
- ### SSL cert files ###
- ssl_certificate <tmpl_var name='config_dir'>/ssl/<tmpl_var name='ssl_domain'>.crt
- ssl_certificate_key <tmpl_var name='config_dir'>/ssl/<tmpl_var name='ssl_domain'>.crt
-
- <tmpl_if name='has_bundle_cert'>
- ssl_client_certificate <tmpl_var name='config_dir'>/ssl/<tmpl_var name='ssl_domain'>.bundle
- </tmpl_if>
-
- ### Add SSL specific settings here ###
- keepalive_timeout 60;
-
- ### Limiting Ciphers ########################
- # Uncomment as per your setup
- #ssl_ciphers HIGH:!ADH;
- #ssl_perfer_server_ciphers on;
- #ssl_protocols SSLv3;
- ##############################################
-
- include /etc/nginx/proxy.conf;
-
- ### Most PHP, Python, Rails, Java App can use this header ###
- proxy_set_header X-Forwarded-Proto https;
-
- location / {
- proxy_pass https://<tmpl_var name='ip_address'>:443;
- }
-}
-</tmpl_if>
diff --git a/server/conf/ufw.before.rules.master b/server/conf/ufw.before.rules.master
deleted file mode 100644
index 613e525..0000000
--- a/server/conf/ufw.before.rules.master
+++ /dev/null
@@ -1,78 +0,0 @@
-#
-# rules.before
-#
-# Rules that should be run before the ufw command line added rules. Custom
-# rules should be added to one of these chains:
-# ufw-before-input
-# ufw-before-output
-# ufw-before-forward
-#
-
-# Don't delete these required lines, otherwise there will be errors
-*filter
-:ufw-before-input - [0:0]
-:ufw-before-output - [0:0]
-:ufw-before-forward - [0:0]
-:ufw-not-local - [0:0]
-# End required lines
-
-
-# allow all on loopback
--A ufw-before-input -i lo -j ACCEPT
--A ufw-before-output -o lo -j ACCEPT
-
-# connection tracking rules
--A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-# drop INVALID packets (logs these in loglevel medium and higher)
--A ufw-before-input -m state --state INVALID -j ufw-logging-deny
--A ufw-before-input -m state --state INVALID -j DROP
-
-# connection tracking for outbound
--A ufw-before-output -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
--A ufw-before-output -p udp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-
-# ok icmp codes
--A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
--A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
--A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
--A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
--A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
-
-# allow dhcp client to work
--A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
-
-#
-# ufw-not-local
-#
--A ufw-before-input -j ufw-not-local
-
-# if LOCAL, RETURN
--A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-
-# if MULTICAST, RETURN
--A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-
-# if BROADCAST, RETURN
--A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-
-# all other non-local packets are dropped
--A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
--A ufw-not-local -j DROP
-
-# allow MULTICAST, be sure the MULTICAST line above is uncommented
--A ufw-before-input -s 224.0.0.0/4 -j ACCEPT
--A ufw-before-input -d 224.0.0.0/4 -j ACCEPT
-
-COMMIT
-
-# nat Table rules
-*nat
-:POSTROUTING ACCEPT [0:0]
-
--A POSTROUTING -s 192.168.5.2/24 -o eth0 -j SNAT --to 192.168.5.105
-
--A PREROUTING -p tcp -d 192.168.5.105 --dport 80 -i eth0 -j DNAT --to-destination 192.168.5.200:80
-
-# don't delete the 'COMMIT' line or these rules won't be processed
-COMMIT
diff --git a/server/conf/ufw.conf.master b/server/conf/ufw.conf.master
deleted file mode 100644
index a3710d7..0000000
--- a/server/conf/ufw.conf.master
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/ufw/ufw.conf
-#
-
-# set to yes to start on boot
-ENABLED={tmpl_var name='enable'}
-
-# set to one of 'off', 'low', 'medium', 'high'
-LOGLEVEL={tmpl_var name='log_level'}
diff --git a/server/conf/ufw.default.master b/server/conf/ufw.default.master
deleted file mode 100644
index 2deb421..0000000
--- a/server/conf/ufw.default.master
+++ /dev/null
@@ -1,39 +0,0 @@
-# /etc/default/ufw
-#
-
-# set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
-# accepted). You will need to 'disable' and then 'enable' the firewall for
-# the changes to take affect.
-IPV6={tmpl_var name='ipv6'}
-
-# set the default input policy to ACCEPT, DROP or REJECT. Please note that if
-# you change this you will most likely want to adjust your rules
-DEFAULT_INPUT_POLICY="{tmpl_var name='default_input_policy'}"
-
-# set the default output policy to ACCEPT, DROP, or REJECT. Please note that
-# if you change this you will most likely want to adjust your rules
-DEFAULT_OUTPUT_POLICY="{tmpl_var name='default_output_policy'}T"
-
-# set the default forward policy to ACCEPT, DROP or REJECT. Please note that
-# if you change this you will most likely want to adjust your rules
-DEFAULT_FORWARD_POLICY="{tmpl_var name='default_forward_policy'}"
-
-# set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
-# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
-# details
-DEFAULT_APPLICATION_POLICY="{tmpl_var name='default_application_policy'}"
-
-# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
-# manage the built-in chains too. Warning: setting this to 'yes' will break
-# non-ufw managed firewall rules
-MANAGE_BUILTINS={tmpl_var name='manage_builtins'}
-
-#
-# IPT backend
-#
-# only enable if using iptables backend
-IPT_SYSCTL=/etc/ufw/sysctl.conf
-
-# extra connection tracking modules to load
-IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"
-
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index e1d59d4..ad722c5 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -5,7 +5,8 @@
Deny from all
</Directory>
-<VirtualHost <tmpl_var name='ip_address'>:80>
+<tmpl_loop name="vhosts">
+<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
<tmpl_if name='php' op='==' value='suphp'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
@@ -34,7 +35,17 @@
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html
</tmpl_if>
-
+
+ <IfModule mod_ssl.c>
+<tmpl_if name='ssl_enabled'>
+ SSLEngine on
+ SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
+ SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
+</tmpl_if>
+<tmpl_if name='has_bundle_cert'>
+ SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
+</tmpl_if>
+ </IfModule>
<Directory {tmpl_var name='web_document_root_www'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
@@ -225,228 +236,4 @@
<tmpl_var name='apache_directives'>
</VirtualHost>
-
-
-
-<tmpl_if name='ssl_enabled'>
-<IfModule mod_ssl.c>
-###########################################################
-# SSL Vhost
-###########################################################
-
-<VirtualHost <tmpl_var name='ip_address'>:443>
-<tmpl_if name='php' op='==' value='suphp'>
- DocumentRoot <tmpl_var name='web_document_root'>
-</tmpl_else>
- <tmpl_if name='php' op='==' value='cgi'>
- DocumentRoot <tmpl_var name='web_document_root'>
- </tmpl_else>
- DocumentRoot <tmpl_var name='web_document_root_www'>
- </tmpl_if>
-</tmpl_if>
-
- ServerName <tmpl_var name='ssl_domain'>
-<tmpl_if name='alias'>
- <tmpl_var name='alias'>
-</tmpl_if>
- ServerAdmin webmaster@<tmpl_var name='domain'>
-
- ErrorLog /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log
-
-<tmpl_if name='errordocs'>
- ErrorDocument 400 /error/400.html
- ErrorDocument 401 /error/401.html
- ErrorDocument 403 /error/403.html
- ErrorDocument 404 /error/404.html
- ErrorDocument 405 /error/405.html
- ErrorDocument 500 /error/500.html
- ErrorDocument 503 /error/503.html
-
-</tmpl_if>
- SSLEngine on
- SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
- SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
-<tmpl_if name='has_bundle_cert'>
- SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
-</tmpl_if>
-
- <Directory {tmpl_var name='web_document_root_www'}>
- Options FollowSymLinks
- AllowOverride <tmpl_var name='allow_override'>
- Order allow,deny
- Allow from all
-<tmpl_if name='ssi' op='==' value='y'>
-
- # ssi enabled
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
- Options +Includes
-</tmpl_if>
-<tmpl_if name='php' op='==' value='no'>
- <Files ~ '.php[s3-6]{0,1}$'>
- Order allow,deny
- Deny from all
- Allow from none
- </Files>
-</tmpl_if>
- </Directory>
- <Directory {tmpl_var name='web_document_root'}>
- Options FollowSymLinks
- AllowOverride <tmpl_var name='allow_override'>
- Order allow,deny
- Allow from all
-<tmpl_if name='ssi' op='==' value='y'>
-
- # ssi enabled
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
- Options +Includes
-</tmpl_if>
-<tmpl_if name='php' op='==' value='no'>
- <Files ~ '.php[s3-6]{0,1}$'>
- Order allow,deny
- Deny from all
- Allow from none
- </Files>
-</tmpl_if>
- </Directory>
-
-<tmpl_if name='cgi' op='==' value='y'>
- # cgi enabled
- <Directory {tmpl_var name='document_root'}/cgi-bin>
- Order allow,deny
- Allow from all
- </Directory>
- ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
- AddHandler cgi-script .cgi
- AddHandler cgi-script .pl
-</tmpl_if>
-<tmpl_if name='ssi'op='==' value='y'>
- # ssi enabled
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
-</tmpl_if>
-<tmpl_if name='suexec'op='==' value='y'>
- # suexec enabled
- SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
-</tmpl_if>
-# Clear PHP settings of this website
- <FilesMatch "\.ph(p3?|tml)$">
- SetHandler None
- </FilesMatch>
-<tmpl_if name='php' op='==' value='mod'>
- # mod_php enabled
- AddType application/x-httpd-php .php .php3 .php4 .php5
- php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
- php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
- php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
- # PHPIniDir <tmpl_var name='custom_php_ini_dir'>
-<tmpl_if name='security_level' op='==' value='20'>
- php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
-</tmpl_if>
-</tmpl_if>
-<tmpl_if name='php' op='==' value='suphp'>
- # suphp enabled
- <Directory {tmpl_var name='web_document_root'}>
- <IfModule mod_suphp.c>
- suPHP_Engine on
- # suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
-<tmpl_if name='has_custom_php_ini'>
- suPHP_ConfigPath <tmpl_var name='custom_php_ini_dir'>
-</tmpl_if>
- AddHandler x-httpd-suphp .php .php3 .php4 .php5
- suPHP_AddHandler x-httpd-suphp
- </IfModule>
- </Directory>
-</tmpl_if>
-<tmpl_if name='php' op='==' value='cgi'>
- # php as cgi enabled
- ScriptAlias /php5-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
- Action php5-cgi /php5-cgi
- AddHandler php5-cgi .php .php3 .php4 .php5
- <Directory {tmpl_var name='cgi_starter_path'}>
- Order allow,deny
- Allow from all
- </Directory>
-</tmpl_if>
-<tmpl_if name='php' op='==' value='fast-cgi'>
- # php as fast-cgi enabled
- # See: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
- <IfModule mod_fcgid.c>
-<tmpl_if name='fastcgi_config_syntax' op='==' value='2'>
- FcgidIdleTimeout 300
- FcgidProcessLifeTime 3600
- FcgidMaxProcesses 1000
- FcgidMinProcessesPerClass 0
- FcgidMaxProcessesPerClass 100
- FcgidConnectTimeout 3
- FcgidIOTimeout 360
- FcgidBusyTimeout 300
-<tmpl_else>
- IdleTimeout 300
- ProcessLifeTime 3600
- # MaxProcessCount 1000
- DefaultMinClassProcessCount 0
- DefaultMaxClassProcessCount 100
- IPCConnectTimeout 3
- IPCCommTimeout 360
- BusyTimeout 300
-</tmpl_if>
- </IfModule>
- <Directory {tmpl_var name='web_document_root_www'}>
- AddHandler fcgid-script .php .php3 .php4 .php5
- FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
- Options +ExecCGI
- AllowOverride <tmpl_var name='allow_override'>
- Order allow,deny
- Allow from all
- </Directory>
- <Directory {tmpl_var name='web_document_root'}>
- AddHandler fcgid-script .php .php3 .php4 .php5
- FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
- Options +ExecCGI
- AllowOverride <tmpl_var name='allow_override'>
- Order allow,deny
- Allow from all
- </Directory>
-</tmpl_if>
-<tmpl_if name="rewrite_enabled">
-
- RewriteEngine on
-
-<tmpl_if name='seo_redirect_enabled'>
-
- RewriteCond %{HTTP_HOST} ^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
- RewriteRule ^(.*)$ https://<tmpl_var name='seo_redirect_target_domain'>/$1 [R=301,L]
-
-</tmpl_if>
-
-<tmpl_loop name="redirects">
- RewriteCond %{HTTP_HOST} ^<tmpl_var name='rewrite_domain'> [NC]
- RewriteRule ^/(.*)$ <tmpl_var name='rewrite_target_ssl'>$1 <tmpl_var name='rewrite_type'>
-</tmpl_loop>
-</tmpl_if>
-
- # add support for apache mpm_itk
- <IfModule mpm_itk_module>
- AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>
- </IfModule>
-
- <IfModule mod_dav_fs.c>
- # Do not execute PHP files in webdav directory
- <Directory {tmpl_var name='document_root'}/webdav>
- <FilesMatch "\.ph(p3?|tml)$">
- SetHandler None
- </FilesMatch>
- </Directory>
- # DO NOT REMOVE THE COMMENTS!
- # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
- # WEBDAV BEGIN
- # WEBDAV END
- </IfModule>
-
-<tmpl_var name='apache_directives'>
-</VirtualHost>
-</IfModule>
-
-</tmpl_if>
+</tmpl_loop>
\ No newline at end of file
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 2f641b1..51c6a66 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -651,6 +651,7 @@
$tpl->newTemplate('vhost.conf.master');
$vhost_data = $data['new'];
+ //unset($vhost_data['ip_address']);
$vhost_data['web_document_root'] = $data['new']['document_root'].'/web';
$vhost_data['web_document_root_www'] = $web_config['website_basedir'].'/'.$data['new']['domain'].'/web';
$vhost_data['web_basedir'] = $web_config['website_basedir'];
@@ -668,6 +669,7 @@
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+ /*
if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
$vhost_data['ssl_enabled'] = 1;
$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
@@ -675,6 +677,7 @@
$vhost_data['ssl_enabled'] = 0;
$app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
}
+ */
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
@@ -951,6 +954,32 @@
//* Make a backup copy of vhost file
if(file_exists($vhost_file)) copy($vhost_file,$vhost_file.'~');
+ //* create empty vhost array
+ $vhosts = array();
+
+ //* Add vhost for ipv4 IP
+ $vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 80 );
+
+ //* Add vhost for ipv4 IP with SSL
+ if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
+ $vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443' );
+ $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
+ }
+
+ //* Add vhost for IPv6 IP
+ if($data['new']['ipv6_address'] != '') {
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80 );
+
+ //* Add vhost for ipv6 IP with SSL
+ if($data['new']['ssl_domain'] != '' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 1, 'port' => '443' );
+ $app->log('Enable SSL for IPv6: '.$domain,LOGLEVEL_DEBUG);
+ }
+ }
+
+ //* Set the vhost loop
+ $tpl->setLoop('vhosts',$vhosts);
+
//* Write vhost file
file_put_contents($vhost_file,$tpl->grab());
$app->log('Writing the vhost file: '.$vhost_file,LOGLEVEL_DEBUG);
--
Gitblit v1.9.1