function buildHost($uid = null, $hostname, $ssl = null, $d_path = null, $Params = array()) { $prefixOutput = "Starting......: " . date("H:i:s") . " [INIT]: Apache \"{$hostname}\""; echo "{$prefixOutput} [" . __LINE__ . "] Building \"{$hostname}\"\n"; build_progress("create_cron_task()", 6); create_cron_task(); build_progress("CheckLibraries()", 7); CheckLibraries(); $unix = $GLOBALS["CLASS_UNIX"]; $sock = $GLOBALS["CLASS_SOCKETS"]; $users = $GLOBALS["CLASS_USERS_MENUS"]; $AuthLDAP = 0; $mod_pagespedd = null; $EnableLDAPAllSubDirectories = 0; $APACHE_MOD_AUTHNZ_LDAP = $users->APACHE_MOD_AUTHNZ_LDAP; $APACHE_MOD_PAGESPEED = $users->APACHE_MOD_PAGESPEED; build_progress("Loading {$hostname} configuration", 8); $freeweb = new freeweb($hostname); $Params = $freeweb->Params; if ($freeweb->servername == null) { build_progress("Fatal {$hostname} no such servername", 110); echo "{$prefixOutput} [" . __LINE__ . "] freeweb->servername no such servername \n"; return; } $FreeWebsEnableOpenVPNProxy = $sock->GET_INFO("FreeWebsEnableOpenVPNProxy"); $FreeWebsOpenVPNRemotPort = trim($sock->GET_INFO("FreeWebsOpenVPNRemotPort")); $FreeWebDisableSSL = trim($sock->GET_INFO("FreeWebDisableSSL")); if (!is_numeric($FreeWebsEnableOpenVPNProxy)) { $FreeWebsEnableOpenVPNProxy = 0; } if (!is_numeric($FreeWebDisableSSL)) { $FreeWebDisableSSL = 0; } if ($FreeWebDisableSSL == 1) { if ($freeweb->SSL_enabled) { echo "{$prefixOutput} [" . __LINE__ . "] SSL is globally disabled \n"; } $freeweb->SSL_enabled = false; } $d_path = $freeweb->APACHE_DIR_SITES_ENABLED; if (isset($Params["LDAP"]["enabled"])) { $AuthLDAP = $Params["LDAP"]["enabled"]; } if (isset($Params["LDAP"]["EnableLDAPAllSubDirectories"])) { $EnableLDAPAllSubDirectories = $Params["LDAP"]["EnableLDAPAllSubDirectories"]; } //server signature. if (!isset($Params["SECURITY"])) { $Params["SECURITY"]["ServerSignature"] = null; } if (!isset($Params["SECURITY"]["ServerSignature"])) { $Params["SECURITY"]["ServerSignature"] = null; } $ServerSignature = $Params["SECURITY"]["ServerSignature"]; if ($ServerSignature == null) { $ServerSignature = $sock->GET_INFO("ApacheServerSignature"); } if (!is_numeric($ServerSignature)) { $ServerSignature = 1; } if ($ServerSignature == 1) { $ServerSignature = "On"; } else { $ServerSignature = "Off"; } if (!$APACHE_MOD_AUTHNZ_LDAP) { $AuthLDAP = 0; } $apache_usr = $unix->APACHE_SRC_ACCOUNT(); $apache_group = $unix->APACHE_SRC_GROUP(); $FreeWebListenPort = $sock->GET_INFO("FreeWebListenPort"); $FreeWebListenSSLPort = $sock->GET_INFO("FreeWebListenSSLPort"); $FreeWebListen = $unix->APACHE_ListenDefaultAddress(); $FreeWebsDisableSSLv2 = $sock->GET_INFO("FreeWebsDisableSSLv2"); build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 10); if ($apache_usr == null) { build_progress("Fatal could not find apache username", 110); echo "WARNING !!! could not find apache username!!!\n"; return false; } if ($FreeWebListen == null) { $FreeWebListen = "*"; } if ($FreeWebListen != "*") { $FreeWebListenApache = "{$FreeWebListen}"; } if ($FreeWebListenSSLPort == null) { $FreeWebListenSSLPort = 443; } if (!is_numeric($FreeWebListenSSLPort)) { $FreeWebListenSSLPort = 443; } if (!is_numeric($FreeWebListenPort)) { $FreeWebListenPort = 80; } if (!is_numeric($FreeWebsDisableSSLv2)) { $FreeWebsDisableSSLv2 = 0; } $unix = new unix(); if ($unix->isNGnx()) { $FreeWebListenPort = 82; $FreeWebListenSSLPort = 447; $FreeWebListen = "127.0.0.1"; } if ($unix->IsSquidReverse()) { $FreeWebListenPort = 82; $FreeWebListenSSLPort = 447; $FreeWebListen = "127.0.0.1"; } $port = $FreeWebListenPort; if ($uid != null) { $u = new user($uid); $ServerAdmin = $u->mail; } if (!isset($ServerAdmin)) { $ServerAdmin = "webmaster@{$hostname}"; } $DirectoryIndex = $freeweb->DirectoryIndex(); if ($hostname == "_default_") { $FreeWebListen = "_default_"; } $LoadModules = $freeweb->LoadModules(); if ($unix->isNGnx()) { $freeweb->SSL_enabled = 0; } if ($FreeWebDisableSSL == 1) { $freeweb->SSL_enabled = 0; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 11); echo "{$prefixOutput} [" . __LINE__ . "] SSL_enabled = {$freeweb->SSL_enabled}\n"; if ($freeweb->SSL_enabled) { $port = $FreeWebListenSSLPort; if ($freeweb->ServerPort > 0) { $FreeWebListenPort = $freeweb->ServerPort; } $conf[] = "<VirtualHost {$FreeWebListen}:{$FreeWebListenPort}>"; if ($hostname != "_default_") { $conf[] = "\tServerName {$hostname}"; } $conf[] = "\tServerSignature {$ServerSignature}"; $conf[] = "\tRewriteEngine On"; if ($freeweb->Forwarder == 0) { $conf[] = "\tRewriteCond %{HTTPS} off"; } $IsSquidReverse = false; if ($unix->IsSquidReverse()) { $IsSquidReverse = true; } if ($unix->isNGnx()) { $IsSquidReverse = true; } if ($freeweb->Forwarder == 0) { $redirectPage = null; if ($IsSquidReverse) { if ($FreeWebListenSSLPort != 443) { $conf[] = "\tRewriteRule (.*) https://%{HTTP_HOST}:{$FreeWebListenSSLPort}{$redirectPage}"; } else { $conf[] = "\tRewriteRule (.*) https://%{HTTP_HOST}{$redirectPage}"; } } else { $conf[] = "\tRewriteRule (.*) https://%{HTTP_HOST}{$redirectPage}"; } } if ($freeweb->Forwarder == 1) { $conf[] = "\tRewriteRule (.*) {$freeweb->ForwardTo}"; } $conf[] = "</VirtualHost>"; $conf[] = ""; $FreeWebListenPort = $FreeWebListenSSLPort; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 12); $freeweb->CheckDefaultPage(); build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 13); $freeweb->CheckWorkingDirectory(); build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 14); $ServerAlias = $freeweb->ServerAlias(); build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 15); echo "{$prefixOutput} [" . __LINE__ . "] Listen {$FreeWebListen}:{$FreeWebListenPort}\n"; echo "{$prefixOutput} [" . __LINE__ . "] Directory {$freeweb->WORKING_DIRECTORY}\n"; echo "{$prefixOutput} [" . __LINE__ . "] Groupware \"{$freeweb->groupware}\"\n"; if (!preg_match("#[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+#", $freeweb->ServerIP)) { $freeweb->ServerIP = null; } if ($LoadModules != null) { $conf[] = "{$LoadModules}"; } if ($freeweb->ServerIP == null) { if ($freeweb->ServerPort > 0) { $conf[] = "<VirtualHost {$FreeWebListen}:{$freeweb->ServerPort}>"; } else { $conf[] = "<VirtualHost {$FreeWebListen}:{$FreeWebListenPort}>"; } } else { if ($freeweb->ServerPort > 0) { $conf[] = "<VirtualHost {$freeweb->ServerIP}:{$freeweb->ServerPort}>"; } else { $conf[] = "<VirtualHost {$freeweb->ServerIP}:{$FreeWebListenPort}>"; } } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 16); $AddType = $freeweb->AddType(); if ($AddType != null) { $conf[] = $AddType; } if ($freeweb->SSL_enabled) { $conf[] = "\tSetEnvIf User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"; $conf[] = "\tSSLEngine on"; echo "{$prefixOutput} [" . __LINE__ . "] SSLEngine()\n"; $certificates = $freeweb->SSLEngine(); if ($certificates != null) { $conf[] = $certificates; } if ($FreeWebsDisableSSLv2 == 1) { $conf[] = "\tSSLProtocol -ALL +SSLv3 +TLSv1"; $conf[] = "\tSSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"; } } $unix = new unix(); if ($hostname != "_default_") { $conf[] = "\tServerName {$hostname}"; if ($ServerAlias != null) { $conf[] = $ServerAlias; } $sock = new sockets(); $FreeWebsEnableOpenVPNProxy = $sock->GET_INFO("FreeWebsEnableOpenVPNProxy"); $FreeWebsOpenVPNRemotPort = trim($sock->GET_INFO("FreeWebsOpenVPNRemotPort")); if (!is_numeric($FreeWebsEnableOpenVPNProxy)) { $FreeWebsEnableOpenVPNProxy = 0; } if (!is_numeric($FreeWebsOpenVPNRemotPort)) { $FreeWebsOpenVPNRemotPort = 0; } if ($FreeWebsEnableOpenVPNProxy == 1) { if ($FreeWebsOpenVPNRemotPort > 0) { $conf[] = "\tProxyRequests On"; $conf[] = "\tProxyVia On"; $conf[] = "\tAllowCONNECT 1194"; $conf[] = "\tKeepAlive On"; } } } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 17); $content_plus = $freeweb->content_plus; $php_open_base_dir = $freeweb->open_basedir(); $geoip = $freeweb->mod_geoip(); $mod_status = $freeweb->mod_status(); $mod_evasive = $freeweb->mod_evasive(); $Charsets = $freeweb->Charsets(); $php_values = $freeweb->php_values(); $WebdavHeader = $freeweb->WebdavHeader(); $QUOS = $freeweb->QUOS(); $Aliases = $freeweb->Aliases(); $mod_cache = $freeweb->mod_cache(); $mod_fcgid = $freeweb->mod_fcgid(); $RewriteEngine = $freeweb->RewriteEngine(); $mod_bw = $freeweb->mod_bw(); $mpm_itk_module = $freeweb->mpm_itk_module(); $ErrorDocument = $freeweb->ErrorDocument(); $Apache2_AuthenNTLM = $freeweb->Apache2_AuthenNTLM(); if ($APACHE_MOD_PAGESPEED) { $mod_pagespedd = $freeweb->mod_pagespeed(); } $conf[] = "\tServerAdmin {$ServerAdmin}"; $conf[] = "\tServerSignature {$ServerSignature}"; $conf[] = "\tDocumentRoot {$freeweb->WORKING_DIRECTORY}"; if ($content_plus != null) { $conf[] = "\n############## personal content #############\n{$content_plus}\n############################\n"; } if ($ErrorDocument != null) { $conf[] = $ErrorDocument; } if ($mpm_itk_module != null) { $conf[] = $mpm_itk_module; } if ($mod_evasive != null) { $conf[] = $mod_evasive; } if ($Charsets != null) { $conf[] = $Charsets; } if ($php_values != null) { $conf[] = $php_values; } if ($WebdavHeader != null) { $conf[] = $WebdavHeader; } if ($QUOS != null) { $conf[] = $QUOS; } if ($mod_bw != null) { $conf[] = $mod_bw; } if ($Aliases != null) { $conf[] = $Aliases; } if ($mod_cache != null) { $conf[] = $mod_cache; } if ($geoip != null) { $conf[] = $geoip; } if ($mod_pagespedd != null) { $conf[] = $mod_pagespedd; shell_exec("/bin/chown -R {$apache_usr}:{$apache_group} /var/cache/apache2/mod_pagespeed/{$hostname}"); } if ($mod_status != null) { $conf[] = $mod_status; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 18); $ldapRule = null; if ($freeweb->groupware == "ZARAFA") { $ZarafaWebNTLM = $sock->GET_INFO("ZarafaWebNTLM"); if (!is_numeric($ZarafaWebNTLM)) { $ZarafaWebNTLM = 0; } $PARAMS = $freeweb->Params["ZARAFAWEB_PARAMS"]; if (!isset($PARAMS["ZarafaWebNTLM"])) { $PARAMS["ZarafaWebNTLM"] = $ZarafaWebNTLM; } if (!is_numeric($PARAMS["ZarafaWebNTLM"])) { $PARAMS["ZarafaWebNTLM"] = $ZarafaWebNTLM; } $ZarafaWebNTLM = $PARAMS["ZarafaWebNTLM"]; if ($ZarafaWebNTLM == 1) { $AuthLDAP = 1; } } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 19); if ($AuthLDAP == 1) { echo "Starting......: " . date("H:i:s") . " [INIT]: Apache \"{$hostname}\" ldap authentication enabled\n"; $ldap = $GLOBALS["CLASS_LDAP"]; $dn_master_branch = "dc=organizations,{$ldap->suffix}"; if ($uid != null) { $usr = new user($uid); $dn_master_branch = "ou=users,ou={$usr->ou},dc=organizations,{$ldap->suffix}"; } $authentication_banner = base64_decode($freeweb->Params["LDAP"]["authentication_banner"]); if ($authentication_banner == null) { $authentication_banner = "{$hostname} auth:"; } $ldapAuth[] = "\t\tAuthName \"{$authentication_banner}\""; $ldapAuth[] = "\t\tAuthType Basic"; $ldapAuth[] = "\t\tAuthLDAPURL ldap://{$ldap->ldap_host}:{$ldap->ldap_port}/{$dn_master_branch}?uid"; $ldapAuth[] = "\t\tAuthLDAPBindDN cn={$ldap->ldap_admin},{$ldap->suffix}"; $ldapAuth[] = "\t\tAuthLDAPBindPassword {$ldap->ldap_password}"; $ldapAuth[] = "\t\tAuthLDAPGroupAttribute memberUid"; $ldapAuth[] = "\t\tAuthBasicProvider ldap"; $ldapAuth[] = "\t\tAuthzLDAPAuthoritative off"; $AuthUsers = $freeweb->AuthUsers(); if ($AuthUsers != null) { $ldapAuth[] = $AuthUsers; } else { $ldapAuth[] = "\t\trequire valid-user"; } $ldapAuth[] = ""; $ldapRule = @implode("\n", $ldapAuth); } //DIRECTORY build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 20); $OptionExecCGI = null; $allowFrom = $freeweb->AllowFrom(); $JkMount = $freeweb->JkMount(); if ($JkMount != null) { $conf[] = $JkMount; } $WebDav = $freeweb->WebDav(); $AllowOverride = $freeweb->AllowOverride(); $mod_rewrite = $freeweb->mod_rewrite(); $IndexIgnores = $freeweb->IndexIgnores(); $DirectorySecond = $freeweb->DirectorySecond(); if ($mod_fcgid != null) { $OptionExecCGI = " +ExecCGI"; } $DirectoryContent = $freeweb->DirectoryContent(); $SymLinksIfOwnerMatch = null; $FollowSymLinks = null; $Indexes = " Indexes"; if ($freeweb->Params["SECURITY"]["FreeWebsDisableBrowsing"] == 1) { $Indexes = " -Indexes"; } if ($freeweb->Params["SECURITY"]["SymLinksIfOwnerMatch"] == 1) { $SymLinksIfOwnerMatch = " +SymLinksIfOwnerMatch"; } if ($freeweb->Params["SECURITY"]["FollowSymLinks"] == 1) { $FollowSymLinks = " +FollowSymLinks"; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 21); $conf[] = "\n\t<Directory \"{$freeweb->WORKING_DIRECTORY}/\">"; if ($Apache2_AuthenNTLM != null) { $conf[] = $Apache2_AuthenNTLM; } if ($DirectoryContent == null) { $DirectoryIndex = $freeweb->DirectoryIndex(); $conf[] = "\t\tDirectoryIndex {$DirectoryIndex}"; $conf[] = "\t\tOptions{$Indexes}{$FollowSymLinks}{$SymLinksIfOwnerMatch} MultiViews{$OptionExecCGI}"; if ($IndexIgnores != null) { $conf[] = $IndexIgnores; } if ($WebDav != null) { $conf[] = $WebDav; } if ($AllowOverride != null) { $conf[] = $AllowOverride; } else { $conf[] = "\t\tAllowOverride AuthConfig FileInfo"; } $conf[] = "\t\tOrder allow,deny"; if ($allowFrom != null) { $conf[] = $allowFrom; } } else { $conf[] = $DirectoryContent; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 22); if ($geoip != null) { $conf[] = "\t\tDeny from env=BlockCountry"; } if ($mod_rewrite != null) { $conf[] = $mod_rewrite; } if ($ldapRule != null) { $conf[] = $ldapRule; } if ($RewriteEngine != null) { $conf[] = $RewriteEngine; } $conf[] = "\t</Directory>\n"; if ($mod_fcgid != null) { $conf[] = $mod_fcgid; } if ($DirectorySecond != null) { $conf[] = $DirectorySecond; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 23); $zarafaProxy = $freeweb->ZarafaProxyJabberd(); if ($zarafaProxy != null) { $conf[] = $zarafaProxy; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 24); $WebDavFree = $freeweb->WebDavTable(); if ($WebDavFree != null) { $conf[] = $WebDavFree; } if ($freeweb->UseReverseProxy == 1) { $conf[] = $freeweb->ReverseProxy(); $conf[] = "\t<Proxy *>"; $conf[] = "\t\tOrder allow,deny"; $conf[] = $freeweb->AllowFrom(); if ($AuthLDAP == 1) { echo "Starting......: " . date("H:i:s") . " [INIT]: Apache \"{$hostname}\" ldap authentication enabled\n"; $ldap = $GLOBALS["CLASS_LDAP"]; $dn_master_branch = "dc=organizations,{$ldap->suffix}"; if ($uid != null) { $usr = new user($uid); $dn_master_branch = "ou=users,ou={$usr->ou},dc=organizations,{$ldap->suffix}"; } if ($freeweb->Params["LDAP"]["authentication_banner"] == null) { $freeweb->Params["LDAP"]["authentication_banner"] = "Please Logon"; } $conf[] = ""; $conf[] = "\t\tAuthName \"" . base64_decode($freeweb->Params["LDAP"]["authentication_banner"]) . "\""; $conf[] = "\t\tAuthType Basic"; $conf[] = "\t\tAuthLDAPURL ldap://{$ldap->ldap_host}:{$ldap->ldap_port}/{$dn_master_branch}?uid"; $conf[] = "\t\tAuthLDAPBindDN cn={$ldap->ldap_admin},{$ldap->suffix}"; $conf[] = "\t\tAuthLDAPBindPassword {$ldap->ldap_password}"; $conf[] = "\t\tAuthLDAPGroupAttributeIsDN off"; $conf[] = "\t\tAuthLDAPGroupAttribute memberUid"; $conf[] = "\t\tAuthBasicProvider ldap"; $conf[] = "\t\tAuthzLDAPAuthoritative off"; $AuthUsers = $freeweb->AuthUsers(); if ($AuthUsers != null) { $conf[] = $AuthUsers; } else { $conf[] = "\t\trequire valid-user"; } $conf[] = ""; } $conf[] = "\t</Proxy>"; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 25); $conf[] = $freeweb->FilesRestrictions(); build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 26); $conf[] = $freeweb->mod_security(); build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 27); $ScriptAliases = $freeweb->ScriptAliases(); build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 28); if (!is_dir("/var/log/apache2/{$hostname}")) { @mkdir("/var/log/apache2/{$hostname}", 0755, true); } if ($ScriptAliases != null) { $conf[] = $ScriptAliases; } $conf[] = "\tLogFormat \"%h %{X-Forwarded-For}i %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" %V\" combinedv"; $conf[] = "\tCustomLog /var/log/apache2/common-access.log combinedv"; $conf[] = "\tErrorLog /var/log/apache2/error.log"; $conf[] = "\tLogLevel warn"; $conf[] = "</VirtualHost>"; $conf[] = ""; $prefix_filename = "artica-"; $suffix_filename = ".conf"; $middle_filename = $hostname; build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 29); if ($hostname == "_default_") { $prefix_filename = "000-"; $middle_filename = "default"; $suffix_filename = null; if ($freeweb->SSL_enabled) { $prefix_filename = null; $middle_filename = "default-ssl"; @file_put_contents("/etc/apache2/sites-enabled/default-ssl", @implode("\n", $conf)); } } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 30); $FileConfigurationPath = "{$d_path}/{$prefix_filename}{$middle_filename}{$suffix_filename}"; $FileConfigurationBackupPath = "/root/{$prefix_filename}{$middle_filename}{$suffix_filename}"; if (is_file($FileConfigurationPath)) { @unlink($FileConfigurationBackupPath); echo "Starting......: " . date("H:i:s") . " [INIT]: Apache backup old configuration\n"; @copy($FileConfigurationPath, $FileConfigurationBackupPath); } if ($GLOBALS["VERBOSE"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: Apache saving *** {$d_path}/{$prefix_filename}{$middle_filename}{$suffix_filename} *** line " . __LINE__ . "\n"; } build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 31); @file_put_contents($FileConfigurationPath, @implode("\n", $conf)); echo "Starting......: " . date("H:i:s") . " [INIT]: Apache \"{$hostname}\" filename: '" . basename("{$d_path}/{$prefix_filename}{$middle_filename}{$suffix_filename}") . "' done\n"; build_progress("Building {$hostname} configuration [" . __LINE__ . "]", 32); $freeweb->phpmyadmin(); if (!is_dir("{$freeweb->WORKING_DIRECTORY}")) { @mkdir("{$freeweb->WORKING_DIRECTORY}", 0755, true); } if (is_file("/etc/apache2/sites-enabled/000-default")) { @touch("/etc/apache2/sites-enabled/000-default"); } build_progress("Building {$hostname} {testing_configuration}", 33); if (!TestingApacheConfigurationFile()) { build_progress("Building {$hostname} {testing_configuration} {failed}", 110); $freeweb->SetError(1); @unlink($FileConfigurationPath); if (is_file($FileConfigurationBackupPath)) { echo "Starting......: " . date("H:i:s") . " [INIT]: Apache restore old configuration file\n"; @copy($FileConfigurationBackupPath, $FileConfigurationPath); } return false; } else { $freeweb->SetError(0); } $unix = new unix(); $nohup = $unix->find_program("nohup"); $chown = $unix->find_program("chown"); $php = $unix->LOCATE_PHP5_BIN(); if (is_file("/etc/php5/apache2/php.ini")) { $timephpini = $unix->file_time_min("/etc/php5/apache2/php.ini"); if ($timephpini > 60) { shell_exec("{$php} /usr/share/artica-postfix/exec.php.ini.php"); } } build_progress("Building {$hostname} {apply_permissions} - {$freeweb->groupware} -", 34); if ($freeweb->groupware == "EYEOS") { install_EYEOS($hostname); } if ($freeweb->groupware == "GROUPOFFICE") { group_office_install($hostname, true); } if ($freeweb->groupware == "PIWIK") { install_PIWIK($hostname, true); } if ($freeweb->groupware == "DRUPAL") { shell_exec("{$nohup} {$php} /usr/share/artica-postfix/exec.freeweb.php --drupal-infos \"{$hostname}\" >/dev/null 2>&1 &"); } if ($freeweb->groupware == "WORDPRESS") { build_progress("Building {$hostname} verify wordpress website..", 35); system("{$php} /usr/share/artica-postfix/exec.wordpress.php \"{$hostname}\""); if (!is_file("{$freeweb->WORKING_DIRECTORY}/wp-config.php")) { return false; } } build_progress("Building {$hostname} {apply_permissions}", 60); $freeweb->ApplyPermissions(); build_progress("Building {$hostname} {checking_reverse_proxy}", 65); $freeweb->update_groupware_version(); if ($GLOBALS["NGINX_CONFIGURE"]) { $EnableNginx = $sock->GET_INFO("EnableNginx"); if (!is_numeric($EnableNginx)) { $EnableNginx = 1; } if ($EnableNginx == 1) { $php = $unix->LOCATE_PHP5_BIN(); build_progress("Building {$hostname} {checking_reverse_proxy} - NGINX", 70); system("{$php} /usr/share/artica-postfix/exec.nginx.php --reconfigure \"{$hostname}\""); build_progress("Building {$hostname} {checking_reverse_proxy} OK", 75); } } build_progress("Building {$hostname} -> DONE", 80); return true; }
function buildHost($uid = null, $hostname, $ssl = null, $d_path = null, $Params = array()) { echo "Starting......: Apache building \"{$hostname}\"\n"; create_cron_task(); CheckLibraries(); $unix = $GLOBALS["CLASS_UNIX"]; $sock = $GLOBALS["CLASS_SOCKETS"]; $users = $GLOBALS["CLASS_USERS_MENUS"]; $AuthLDAP = 0; $mod_pagespedd = null; $EnableLDAPAllSubDirectories = 0; $APACHE_MOD_AUTHNZ_LDAP = $users->APACHE_MOD_AUTHNZ_LDAP; $APACHE_MOD_PAGESPEED = $users->APACHE_MOD_PAGESPEED; $freeweb = new freeweb($hostname); $Params = $freeweb->Params; if ($freeweb->servername == null) { echo "Starting......: Apache \"{$hostname}\" freeweb->servername no such servername \n"; return; } $FreeWebsEnableOpenVPNProxy = $sock->GET_INFO("FreeWebsEnableOpenVPNProxy"); $FreeWebsOpenVPNRemotPort = trim($sock->GET_INFO("FreeWebsOpenVPNRemotPort")); $FreeWebDisableSSL = trim($sock->GET_INFO("FreeWebDisableSSL")); if (!is_numeric($FreeWebsEnableOpenVPNProxy)) { $FreeWebsEnableOpenVPNProxy = 0; } if (!is_numeric($FreeWebDisableSSL)) { $FreeWebDisableSSL = 0; } if ($FreeWebDisableSSL == 1) { if ($freeweb->SSL_enabled) { echo "Starting......: Apache \"{$hostname}\" SSL is globally disabled \n"; } $freeweb->SSL_enabled = false; } $d_path = $freeweb->APACHE_DIR_SITES_ENABLED; if (isset($Params["LDAP"]["enabled"])) { $AuthLDAP = $Params["LDAP"]["enabled"]; } if (isset($Params["LDAP"]["EnableLDAPAllSubDirectories"])) { $EnableLDAPAllSubDirectories = $Params["LDAP"]["EnableLDAPAllSubDirectories"]; } //server signature. if (!isset($Params["SECURITY"])) { $Params["SECURITY"]["ServerSignature"] = null; } $ServerSignature = $Params["SECURITY"]["ServerSignature"]; if ($ServerSignature == null) { $ServerSignature = $sock->GET_INFO("ApacheServerSignature"); } if (!is_numeric($ServerSignature)) { $ServerSignature = 1; } if ($ServerSignature == 1) { $ServerSignature = "On"; } else { $ServerSignature = "Off"; } if (!$APACHE_MOD_AUTHNZ_LDAP) { $AuthLDAP = 0; } $apache_usr = $unix->APACHE_SRC_ACCOUNT(); $apache_group = $unix->APACHE_SRC_GROUP(); $FreeWebListen = $sock->GET_INFO("FreeWebListen"); $FreeWebListenPort = $sock->GET_INFO("FreeWebListenPort"); $FreeWebListenSSLPort = $sock->GET_INFO("FreeWebListenSSLPort"); $FreeWebListen = $sock->GET_INFO("FreeWebListen"); $FreeWebsDisableSSLv2 = $sock->GET_INFO("FreeWebsDisableSSLv2"); if ($FreeWebListen == null) { $FreeWebListen = "*"; } if ($FreeWebListen != "*") { $FreeWebListenApache = "{$FreeWebListen}"; } if ($FreeWebListenSSLPort == null) { $FreeWebListenSSLPort = 443; } if (!is_numeric($FreeWebListenSSLPort)) { $FreeWebListenSSLPort = 443; } if (!is_numeric($FreeWebListenPort)) { $FreeWebListenPort = 80; } if (!is_numeric($FreeWebsDisableSSLv2)) { $FreeWebsDisableSSLv2 = 0; } $port = $FreeWebListen; if ($uid != null) { $u = new user($uid); $ServerAdmin = $u->mail; } if (!isset($ServerAdmin)) { $ServerAdmin = "webmaster@{$hostname}"; } $DirectoryIndex = $freeweb->DirectoryIndex(); if ($hostname == "_default_") { $FreeWebListen = "_default_"; } if ($freeweb->SSL_enabled) { $unix->vhosts_BuildCertificate($hostname); $port = $FreeWebListenSSLPort; if ($freeweb->ServerPort > 0) { $FreeWebListenPort = $freeweb->ServerPort; } $conf[] = "<VirtualHost {$FreeWebListen}:{$FreeWebListenPort}>"; if ($hostname != "_default_") { $conf[] = "\tServerName {$hostname}"; } $conf[] = "\tServerSignature {$ServerSignature}"; $conf[] = "\tRewriteEngine On"; if ($freeweb->Forwarder == 0) { $conf[] = "\tRewriteCond %{HTTPS} off"; } if ($freeweb->Forwarder == 0) { $conf[] = "\tRewriteRule (.*) https://%{HTTP_HOST}:{$FreeWebListenSSLPort}"; } if ($freeweb->Forwarder == 1) { $conf[] = "\tRewriteRule (.*) {$freeweb->ForwardTo}"; } $conf[] = "</VirtualHost>"; $conf[] = ""; $FreeWebListenPort = $FreeWebListenSSLPort; } $freeweb->CheckDefaultPage(); $freeweb->CheckWorkingDirectory(); $ServerAlias = $freeweb->ServerAlias(); if ($freeweb->ServerPort > 0) { $FreeWebListenPort = $freeweb->ServerPort; } echo "Starting......: Apache \"{$hostname}\" Listen {$FreeWebListen}:{$FreeWebListenPort}\n"; echo "Starting......: Apache \"{$hostname}\" Directory {$freeweb->WORKING_DIRECTORY}\n"; $conf[] = "<VirtualHost {$FreeWebListen}:{$FreeWebListenPort}>"; if ($freeweb->SSL_enabled) { $conf[] = "\tSetEnvIf User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"; $conf[] = "\tSSLEngine on"; $conf[] = "\tSSLCertificateFile {$GLOBALS["SSLKEY_PATH"]}/{$hostname}.crt"; $conf[] = "\tSSLCertificateKeyFile {$GLOBALS["SSLKEY_PATH"]}/{$hostname}.key"; if ($FreeWebsDisableSSLv2 == 1) { $conf[] = "\tSSLProtocol -ALL +SSLv3 +TLSv1"; $conf[] = "\tSSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"; } } if ($hostname != "_default_") { $conf[] = "\tServerName {$hostname}"; if ($ServerAlias != null) { $conf[] = $ServerAlias; } $sock = new sockets(); $FreeWebsEnableOpenVPNProxy = $sock->GET_INFO("FreeWebsEnableOpenVPNProxy"); $FreeWebsOpenVPNRemotPort = trim($sock->GET_INFO("FreeWebsOpenVPNRemotPort")); if (!is_numeric($FreeWebsEnableOpenVPNProxy)) { $FreeWebsEnableOpenVPNProxy = 0; } if (!is_numeric($FreeWebsOpenVPNRemotPort)) { $FreeWebsOpenVPNRemotPort = 0; } if ($FreeWebsEnableOpenVPNProxy == 1) { if ($FreeWebsOpenVPNRemotPort > 0) { $conf[] = "\tProxyRequests On"; $conf[] = "\tProxyVia On"; $conf[] = "\tAllowCONNECT 1194"; $conf[] = "\tKeepAlive On"; } } } $php_open_base_dir = $freeweb->open_basedir(); $geoip = $freeweb->mod_geoip(); $mod_status = $freeweb->mod_status(); $mod_evasive = $freeweb->mod_evasive(); $Charsets = $freeweb->Charsets(); $php_values = $freeweb->php_values(); $WebdavHeader = $freeweb->WebdavHeader(); $QUOS = $freeweb->QUOS(); $Aliases = $freeweb->Aliases(); $mod_cache = $freeweb->mod_cache(); $mod_fcgid = $freeweb->mod_fcgid(); $RewriteEngine = $freeweb->RewriteEngine(); if ($APACHE_MOD_PAGESPEED) { $mod_pagespedd = $freeweb->mod_pagespeed(); } $conf[] = "\tServerAdmin {$ServerAdmin}"; $conf[] = "\tServerSignature {$ServerSignature}"; $conf[] = "\tDocumentRoot {$freeweb->WORKING_DIRECTORY}"; if ($mod_evasive != null) { $conf[] = $mod_evasive; } if ($Charsets != null) { $conf[] = $Charsets; } if ($php_values != null) { $conf[] = $php_values; } if ($WebdavHeader != null) { $conf[] = $WebdavHeader; } if ($QUOS != null) { $conf[] = $QUOS; } if ($QUOS != null) { $conf[] = $QUOS; } if ($Aliases != null) { $conf[] = $Aliases; } if ($mod_cache != null) { $conf[] = $mod_cache; } if ($geoip != null) { $conf[] = $geoip; } if ($mod_pagespedd != null) { $conf[] = $mod_pagespedd; shell_exec("/bin/chown -R {$apache_usr}:{$apache_group} /var/cache/apache2/mod_pagespeed/{$hostname}"); } if ($mod_status != null) { $conf[] = $mod_status; } if ($RewriteEngine != null) { $conf[] = $RewriteEngine; } $ldapRule = null; if ($freeweb->groupware == "ZARAFA") { $ZarafaWebNTLM = $sock->GET_INFO("ZarafaWebNTLM"); if (!is_numeric($ZarafaWebNTLM)) { $ZarafaWebNTLM = 0; } if ($ZarafaWebNTLM == 1) { $AuthLDAP = 1; } } if ($AuthLDAP == 1) { echo "Starting......: Apache \"{$hostname}\" ldap authentication enabled\n"; $ldap = $GLOBALS["CLASS_LDAP"]; $dn_master_branch = "dc=organizations,{$ldap->suffix}"; if ($uid != null) { $usr = new user($uid); $dn_master_branch = "ou=users,ou={$usr->ou},dc=organizations,{$ldap->suffix}"; } $ldapAuth[] = "\t\tAuthName \"" . base64_decode($Params["LDAP"]["authentication_banner"]) . "\""; $ldapAuth[] = "\t\tAuthType Basic"; $ldapAuth[] = "\t\tAuthLDAPURL ldap://{$ldap->ldap_host}:{$ldap->ldap_port}/{$dn_master_branch}?uid"; $ldapAuth[] = "\t\tAuthLDAPBindDN cn={$ldap->ldap_admin},{$ldap->suffix}"; $ldapAuth[] = "\t\tAuthLDAPBindPassword {$ldap->ldap_password}"; $ldapAuth[] = "\t\tAuthLDAPGroupAttribute memberUid"; $ldapAuth[] = "\t\tAuthBasicProvider ldap"; $ldapAuth[] = "\t\tAuthzLDAPAuthoritative off"; $AuthUsers = $freeweb->AuthUsers(); if ($AuthUsers != null) { $ldapAuth[] = $AuthUsers; } else { $ldapAuth[] = "\t\trequire valid-user"; } $ldapAuth[] = ""; $ldapRule = @implode("\n", $ldapAuth); } //DIRECTORY $OptionExecCGI = null; $allowFrom = $freeweb->AllowFrom(); $JkMount = $freeweb->JkMount(); if ($JkMount != null) { $conf[] = $JkMount; } $WebDav = $freeweb->WebDav(); $AllowOverride = $freeweb->AllowOverride(); $mod_rewrite = $freeweb->mod_rewrite(); if ($mod_fcgid != null) { $OptionExecCGI = " +ExecCGI"; } $conf[] = "\n\t<Directory \"{$freeweb->WORKING_DIRECTORY}/\">"; $conf[] = "\t\tDirectoryIndex {$DirectoryIndex}"; $conf[] = "\t\tOptions Indexes +FollowSymLinks MultiViews{$OptionExecCGI}"; $conf[] = "\t\tAllowOverride All"; if ($WebDav != null) { $conf[] = $WebDav; } if ($AllowOverride != null) { $conf[] = $AllowOverride; } $conf[] = "\t\tOrder allow,deny"; if ($allowFrom != null) { $conf[] = $allowFrom; } if ($geoip != null) { $conf[] = "\t\tDeny from env=BlockCountry"; } if ($mod_rewrite != null) { $conf[] = $mod_rewrite; } if ($ldapRule != null) { $conf[] = $ldapRule; } $conf[] = "\t</Directory>\n"; if ($mod_fcgid != null) { $conf[] = $mod_fcgid; } if ($freeweb->UseReverseProxy == 1) { $conf[] = $freeweb->ReverseProxy(); $conf[] = "\t<Proxy *>"; $conf[] = "\t\tOrder allow,deny"; $conf[] = $freeweb->AllowFrom(); if ($AuthLDAP == 1) { echo "Starting......: Apache \"{$hostname}\" ldap authentication enabled\n"; $ldap = $GLOBALS["CLASS_LDAP"]; $dn_master_branch = "dc=organizations,{$ldap->suffix}"; if ($uid != null) { $usr = new user($uid); $dn_master_branch = "ou=users,ou={$usr->ou},dc=organizations,{$ldap->suffix}"; } $conf[] = ""; $conf[] = "\t\tAuthName \"" . base64_decode($Params["LDAP"]["authentication_banner"]) . "\""; $conf[] = "\t\tAuthType Basic"; $conf[] = "\t\tAuthLDAPURL ldap://{$ldap->ldap_host}:{$ldap->ldap_port}/{$dn_master_branch}?uid"; $conf[] = "\t\tAuthLDAPBindDN cn={$ldap->ldap_admin},{$ldap->suffix}"; $conf[] = "\t\tAuthLDAPBindPassword {$ldap->ldap_password}"; $conf[] = "\t\tAuthLDAPGroupAttributeIsDN off"; $conf[] = "\t\tAuthLDAPGroupAttribute memberUid"; $conf[] = "\t\tAuthBasicProvider ldap"; $conf[] = "\t\tAuthzLDAPAuthoritative off"; $AuthUsers = $freeweb->AuthUsers(); if ($AuthUsers != null) { $conf[] = $AuthUsers; } else { $conf[] = "\t\trequire valid-user"; } $conf[] = ""; } $conf[] = "\t</Proxy>"; } $conf[] = $freeweb->FilesRestrictions(); $conf[] = $freeweb->mod_security(); if (!is_dir("/var/log/apache2/{$hostname}")) { @mkdir("/var/log/apache2/{$hostname}", 755, true); } $conf[] = $freeweb->ScriptAliases(); $conf[] = "\tLogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" %V\" combinedv"; $conf[] = "\tCustomLog /var/log/apache2/{$hostname}/access.log combinedv"; $conf[] = "\tErrorLog /var/log/apache2/{$hostname}/error.log"; $conf[] = "\tLogLevel warn"; $conf[] = "</VirtualHost>"; $conf[] = ""; $prefix_filename = "artica-"; $suffix_filename = ".conf"; $middle_filename = $hostname; if ($hostname == "_default_") { $prefix_filename = "000-"; $middle_filename = "default"; $suffix_filename = null; } if ($GLOBALS["VERBOSE"]) { echo "Starting......: Apache saving *** {$d_path}/{$prefix_filename}{$middle_filename}{$suffix_filename} *** line " . __LINE__ . "\n"; } @file_put_contents("{$d_path}/{$prefix_filename}{$middle_filename}{$suffix_filename}", @implode("\n", $conf)); echo "Starting......: Apache \"{$hostname}\" filename: '" . basename("{$d_path}/{$prefix_filename}{$middle_filename}{$suffix_filename}") . "' done\n"; $freeweb->phpmyadmin(); @mkdir("{$freeweb->WORKING_DIRECTORY}", 666, true); if ($freeweb->groupware == "EYEOS") { install_EYEOS($hostname); } if ($freeweb->groupware == "GROUPOFFICE") { group_office_install($hostname, true); } if ($freeweb->groupware == "PIWIK") { install_PIWIK($hostname, true); } if ($freeweb->groupware == "DRUPAL") { $unix = new unix(); $nohup = $unix->find_program("nohup"); shell_exec("{$nohup} " . $unix->LOCATE_PHP5_BIN() . " /usr/share/artica-postfix/exec.freeweb.php --drupal-infos \"{$hostname}\" >/dev/null 2>&1 &"); } }