diff --git a/jessie/alternc-roundcube.postinst b/jessie/alternc-roundcube.postinst index 0d99169d..5c54e746 100644 --- a/jessie/alternc-roundcube.postinst +++ b/jessie/alternc-roundcube.postinst @@ -1,49 +1,19 @@ -#!/bin/bash - -set -e - -# Source debconf library. -. /usr/share/debconf/confmodule - -CONFIGFILE="/etc/alternc/local.sh" -LOGROTATE="/etc/logrotate.d/roundcube-core" - -case "$1" in - configure) - - # add alternc-roundcube user for php-itk special rights - if ! getent passwd alternc-roundcube; then - useradd -g nogroup -u 1996 alternc-roundcube -d /usr/share/roundcube - fi - - # removed from 3.1 & 3.2 : - dpkg-statoverride --list /var/lib/roundcube/temp >/dev/null && - dpkg-statoverride --remove /var/lib/roundcube/temp - chown -R www-data:root /var/lib/roundcube/temp - chmod -R 750 /var/lib/roundcube/temp - - dpkg-statoverride --list /etc/roundcube/debian-db.php >/dev/null && - dpkg-statoverride --remove /etc/roundcube/debian-db.php - chown -R www-data:root /etc/roundcube/debian-db.php - chmod -R 460 /etc/roundcube/debian-db.php - - dpkg-statoverride --list /etc/roundcube/config.inc.php >/dev/null && - dpkg-statoverride --remove /etc/roundcube/config.inc.php - chown -R www-data:root /etc/roundcube/config.inc.php - chmod -R 460 /etc/roundcube/config.inc.php - - dpkg-statoverride --list /var/log/roundcube >/dev/null && - dpkg-statoverride --remove /var/log/roundcube - chown -R www-data:root /var/log/roundcube - chmod -R 750 /var/log/roundcube - - echo "**********************************************" - echo "* ALTERNC-ROUNDCUBE: *" - echo "* Please run alternc.install to fully deploy *" - echo "**********************************************" - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. -#DEBHELPER# +diff --git a/debian/alternc-roundcube.postinst b/debian/alternc-roundcube.postinst +index 0d99169d..6dfe23c9 100644 +--- a/debian/alternc-roundcube.postinst ++++ b/debian/alternc-roundcube.postinst +@@ -27,10 +27,10 @@ case "$1" in + chown -R www-data:root /etc/roundcube/debian-db.php + chmod -R 460 /etc/roundcube/debian-db.php + +- dpkg-statoverride --list /etc/roundcube/config.inc.php >/dev/null && +- dpkg-statoverride --remove /etc/roundcube/config.inc.php +- chown -R www-data:root /etc/roundcube/config.inc.php +- chmod -R 460 /etc/roundcube/config.inc.php ++ dpkg-statoverride --list /etc/roundcube/main.inc.php >/dev/null && ++ dpkg-statoverride --remove /etc/roundcube/main.inc.php ++ chown -R www-data:root /etc/roundcube/main.inc.php ++ chmod -R 460 /etc/roundcube/main.inc.php + + dpkg-statoverride --list /var/log/roundcube >/dev/null && + dpkg-statoverride --remove /var/log/roundcube diff --git a/jessie/alternc-ssl.install.php b/jessie/alternc-ssl.install.php index ba568910..9d524944 100644 --- a/jessie/alternc-ssl.install.php +++ b/jessie/alternc-ssl.install.php @@ -1,67 +1,39 @@ -#!/usr/bin/php -query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES - ('vhost-ssl', 'Locally hosted forcing HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);"); - - $db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES - ('vhost-mixssl', 'Locally hosted HTTP and HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 1);"); - - $db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES - ('panel-ssl', 'HTTPS AlternC panel access', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'txt,mx,mx2,defmx,defmx2', 'ALL', 0, 0, 1);"); - - $db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES - ('url-ssl', 'URL redirection, HTTP & HTTPS', 'URL', '%SUB% IN A @@PUBLIC_IP@@', 'txt,mx,mx2,defmx,defmx2', 'ALL', 0, 0, 1);"); - - $db->query("SELECT * FROM domaines_type WHERE name='roundcube';"); - if ($db->next_record()) { - $db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES - ('roundcube-ssl', 'HTTPS Roundcube Webmail', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'mx,mx2,defmx,defmx2,txt', 'ALL', 0, 0, 1);"); - } else { - $db->query("DELETE FROM domaines_type WHERE name='roundcube-ssl';"); - $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='roundcube-ssl';"); - } - - $db->query("SELECT * FROM domaines_type WHERE name='squirrelmail';"); - if ($db->next_record()) { - $db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES - ('squirrelmail-ssl', 'HTTPS Squirrelmail Webmail', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'mx,mx2,defmx,defmx2,txt', 'ALL', 0, 0, 1);"); - } else { - $db->query("DELETE FROM domaines_type WHERE name='squirrelmail-ssl';"); - $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='squirrelmail-ssl';"); - } - - $db->query("SELECT * FROM domaines_type WHERE name='php52';"); - if ($db->next_record()) { - $db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES - ('php52-ssl', 'php52 forcing HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);"); - $db->query("INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, enable, only_dns, need_dns, advanced ) VALUES - ('php52-mixssl', 'php52 HTTP and HTTPS', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,txt,defmx,defmx2,mx,mx2', 'ALL', 0, 0, 0);"); - } else { - $db->query("DELETE FROM domaines_type WHERE name='php52-ssl';"); - $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='php52-ssl';"); - $db->query("DELETE FROM domaines_type WHERE name='php52-mixssl';"); - $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='php52-mixssl';"); - } - -} // before-reload +diff --git a/ssl/alternc-ssl.install.php b/ssl/alternc-ssl.install.php +index ba568910..041eef80 100644 +--- a/ssl/alternc-ssl.install.php ++++ b/ssl/alternc-ssl.install.php +@@ -9,7 +9,9 @@ if ($argv[1] == "templates") { + // install ssl.conf + echo "[alternc-ssl] Installing ssl.conf template\n"; + copy("/etc/alternc/templates/apache2/mods-available/ssl.conf","/etc/apache2/mods-available/ssl.conf"); +- mkdir("/var/run/alternc-ssl"); ++ if (!is_dir('/var/run/alternc-ssl')) { ++ mkdir("/var/run/alternc-ssl"); ++ } + chown("/var/run/alternc-ssl","alterncpanel"); + chgrp("/var/run/alternc-ssl","alterncpanel"); + // replace open_basedir line if necessary : +@@ -64,4 +66,23 @@ if ($argv[1] == "before-reload") { + $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE type='php52-mixssl';"); + } + ++ // Enable name-based virtual hosts in Apache2 : ++ $f = fopen("/etc/apache2/ports.conf", "rb"); ++ if (!$f) { ++ echo "FATAL: there is no /etc/apache2/ports.conf ! I can't configure name-based virtual hosts\n"; ++ } else { ++ $found = false; ++ while ($s = fgets($f, 1024)) { ++ if (preg_match(":^[^#]*NameVirtualHost.*443:", $s)) { ++ $found = true; ++ break; ++ } ++ } ++ fclose($f); ++ if (!$found) { ++ $f = fopen("/etc/apache2/ports.conf", "ab"); ++ fputs($f, "\n\n NameVirtualHost *:443\n\n\n"); ++ fclose($f); ++ } ++ } + } // before-reload diff --git a/jessie/alternc.install b/jessie/alternc.install index 95060b7c..16de5a72 100644 --- a/jessie/alternc.install +++ b/jessie/alternc.install @@ -1,666 +1,118 @@ -#!/bin/bash - -# ---------------------------------------------------------------------- -# AlternC - Web Hosting System -# Copyright (C) 2000-2012 by the AlternC Development Team. -# https://alternc.org/ -# ---------------------------------------------------------------------- -# LICENSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License (GPL) -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# To read the license please visit http://www.gnu.org/copyleft/gpl.html -# ---------------------------------------------------------------------- -# Purpose of file: Main install script, launch it anytime ;) -# ---------------------------------------------------------------------- - -# Somes check before start operations -if [ `id -u` -ne 0 ]; then - echo "must be launched as root" - exit 1 -fi - -for i in $*; do - case "$i" in - -f|--force) - export force=1; shift;; - -s|--slave) - export slave=1; shift;; - --) - break;; - *) - echo "unknown option $i"; shift;; - esac -done - -. /usr/lib/alternc/functions.sh - -# Lock the jobs ! -lock_jobs - -# hook -run-parts --arg=startup /usr/lib/alternc/install.d - -####################################################################### -# Script configuration -# - -# Configuration template location -TEMPLATE_DIR="/etc/alternc/templates" - -# Find needed configuration files (without the initial '/') -# replace this one unconditionnally -CONFIG_FILES="etc/alternc/bureau.conf etc/apache2/envvars etc/alternc/apache2.conf etc/alternc/apache_logformat.conf etc/alternc/phpmyadmin.inc.php" - -if [ -e /etc/bind/named.conf ]; then - CONFIG_FILES="$CONFIG_FILES etc/bind/named.conf.options" -fi -if [ -d /etc/postfix ]; then - CONFIG_FILES="$CONFIG_FILES etc/postfix/master.cf etc/postfix/myalias.cf etc/postfix/myrelay.cf - etc/postfix/mydomain.cf etc/postfix/myrelay-domain.cf etc/postfix/mymail2mail.cf etc/postfix/mygid.cf etc/postfix/myquota.cf - etc/postfix/myvirtual.cf etc/postfix/mytransport.cf etc/postfix/sasl/smtpd.conf - etc/alternc/postfix/postfix.cf etc/alternc/postfix/postfix-slave.cf - etc/opendkim.conf etc/default/opendkim" -fi -if [ -e /etc/proftpd/proftpd.conf ]; then - CONFIG_FILES="$CONFIG_FILES etc/proftpd/proftpd.conf etc/proftpd/welcome.msg etc/proftpd/modules.conf" -fi - -if [ -e /etc/default/saslauthd ]; then - CONFIG_FILES="$CONFIG_FILES etc/default/saslauthd" -fi - -if [ -e /etc/dovecot/dovecot.conf ]; then - CONFIG_FILES="$CONFIG_FILES etc/dovecot/alternc-sql.conf etc/dovecot/alternc-dict-quota.conf etc/dovecot/conf.d/95_alternc.conf" -fi - -INSTALLED_CONFIG_TAR="/var/lib/alternc/backups/etc-installed.tar.gz" - -####################################################################### -# Look for modified configuration files -# -if [ -f "$INSTALLED_CONFIG_TAR" ]; then - CHANGED="`env LANG=C tar -zdf "$INSTALLED_CONFIG_TAR" -C / 2> /dev/null | - grep -v 'postfix/main.cf' | grep -v 'Uid differs'|grep -v 'Gid differs' |grep -v 'Mode differs' | - sed -e 's#^\([^:]*\).*# /\1#' | sort -u`" - if [ ! -z "$CHANGED" ]; then - echo "The following configuration files has changed since last AlternC" - echo "installation :" - echo "$CHANGED" - echo "" - if [ "$force" = "1" ]; then - echo "Replacing them as you requested." - else - echo "These configuration files should normally be modified by" - echo "changing the template in $TEMPLATE_DIR and then calling" - echo "$0 to perform the update." - echo "" - echo "Please examine the situation closely and call '$0 -f'" - echo "if you still want to actually overwrite these files." - exit 1 - fi - fi -fi - -# Upgrade the DATA and DB SCHEMA -/usr/share/alternc/install/upgrade_check.sh -# Launch upgrade of alternc modules -run-parts --arg=upgrade /usr/lib/alternc/install.d - - -####################################################################### -# Prepare template expansions -# - -chown :alterncpanel /etc/alternc/local.sh -. /etc/alternc/local.sh - -# May be missing -test -d /var/run/alternc || ( mkdir -p /var/run/alternc && chown alterncpanel:alterncpanel /var/run/alternc ) - -# Create the target directory -for i in "$ALTERNC_HTML" "$ALTERNC_MAIL" "$ALTERNC_LOGS" ; do - test -d "$i" || mkdir -p "$i" -done - -for i in a b c d e f g h i j k l m n o p q r s t u v w x y z _ 0 1 2 3 4 5 6 7 8 9; do - test -d "$ALTERNC_HTML/$i" || ( mkdir -p "$ALTERNC_HTML/$i" && chown alterncpanel:alterncpanel "$ALTERNC_HTML/$i" && chmod 775 "$ALTERNC_HTML/$i" ) - test -d "$ALTERNC_MAIL/$i" || ( mkdir -p "$ALTERNC_MAIL/$i" && chown vmail:vmail "$ALTERNC_MAIL/$i" && chmod 775 "$ALTERNC_MAIL/$i" ) -done - -find $ALTERNC_LOGS -maxdepth 1 -type d -exec chown alterncpanel:adm {} \; -find $ALTERNC_HTML -maxdepth 1 -type d -exec chown alterncpanel:alterncpanel {} \; -find $ALTERNC_MAIL -maxdepth 1 -type d -exec chown vmail:vmail {} \; - -# Check ACL -aclcheckfile="$ALTERNC_HTML/test-acl" -touch "$aclcheckfile" -setfacl -m u:root:rwx "$aclcheckfile" 2>/dev/null || ( echo "Error : ACL aren't activated on $ALTERNC_HTML . AlternC can't work without it." ; test -e "$aclcheckfile" && rm -f "$aclcheckfile" ; exit 2) -test -e "$aclcheckfile" && rm -f "$aclcheckfile" - -# XXX: copy-paste from debian/config -if [ -r /etc/alternc/my.cnf ]; then - # make mysql configuration available as shell variables - # to convert from .cnf to shell syntax, we: - # * match only lines with "equal" in them (/=/) - # * remove whitespace around the = and add a left quote operator ' (;s) - # * add a right quote operator at the end of line (;s) - # * convert mysql variables into our MYSQL_ naming convention (;s) - # * print the result (;p) - eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf` - chown root:alterncpanel /etc/alternc/my.cnf - chmod 640 /etc/alternc/my.cnf -fi - -if [ -r /etc/alternc/my_mail.cnf ]; then - # make mysql configuration available as shell variables - # to convert from .cnf to shell syntax, we: - # * match only lines with "equal" in them (/=/) - # * remove whitespace around the = and add a left quote operator ' (;s) - # * add a right quote operator at the end of line (;s) - # * convert mysql variables into our MYSQL_ naming convention (;s) - # * print the result (;p) - eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_MAIL_USER/;s/password/MYSQL_MAIL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my_mail.cnf` - chown root:alterncpanel /etc/alternc/my_mail.cnf - chmod 640 /etc/alternc/my_mail.cnf -fi - -WARNING="WARNING: Do not edit this file, edit the one in /etc/alternc/templates and launch alternc.install again." - -if [ "$slave" = "1" ]; then - VERSION="`dpkg -s alternc-slave | sed -n -e 's/^Version: \(.*\)/\1/p'`" -else - VERSION="`dpkg -s alternc | sed -n -e 's/^Version: \(.*\)/\1/p'`" -fi - -# /var/ alternc/dns/d/www.example.com -FQDN_LETTER="`echo $FQDN | sed -e 's/.*\.\([^\.]\)[^\.]*\.[^\.]*$/\1/'`" -if [ "$FQDN_LETTER" = "$FQDN" ] -then - FQDN_LETTER="_" -fi - -NS2_IP=`perl -e "\\$h = (gethostbyname(\"$NS2_HOSTNAME\"))[4]; - @ip = unpack('C4', \\$h); - print join (\".\", @ip);"` - -if [ -z "$MONITOR_IP" ]; then - MONITOR_IP="127.0.0.1" -fi - -PUBLIC_IP_BEGIN=$(echo $PUBLIC_IP|cut -c 1) - -# Secret for PhpMyAdmin sessions -PHPMYADMIN_BLOWFISH="$(generate_string 24)" - -# XXX: I assume this is secure if /tmp is sticky (+t) -# we should have a better way to deal with templating, of course. -SED_SCRIPT="/tmp/alternc.install.sedscript" -cat > $SED_SCRIPT < $DB_BACKUP || echo "backup of the main database failed" - -####################################################################### -# Backup configuration files -# -BACKUP_FILE="/var/lib/alternc/backups/etc-original-`date +%Y%m%d-%H%M`.tar.gz" - -# Only backup what we are really going to replace -BACKUPS="" -for file in $CONFIG_FILES; do - TEMPLATE="$TEMPLATE_DIR/${file##etc/}" - if [ -f "$TEMPLATE" ]; then - BACKUPS="$BACKUPS $file" - fi -done - -# also backup main.cf since we're doing major changes to it -BACKUPS="$BACKUPS etc/postfix/main.cf" - -tar -zcf "$BACKUP_FILE" -C / $BACKUPS 2>/dev/null || true -chmod 600 "$BACKUP_FILE" - -####################################################################### -# Expand templates in the right place -# -echo -n "Expanding variables in configuration files:" -for file in $CONFIG_FILES; do - TEMPLATE="$TEMPLATE_DIR/${file##etc/}" - echo -n " $file" - if [ -f "$TEMPLATE" ]; then - sed -f "$SED_SCRIPT" < $TEMPLATE > /$file - fi -done -echo "." -rm -f $SED_SCRIPT - -######################################################################## -# Ad-hoc fixes -# - -php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.*\)\.so$/\1/' | tail -1`" -if [ "$php" = "7.0" ] -then - ln -fs /etc/alternc/alternc.ini /etc/php/$php/apache2/conf.d/alternc.ini || true - ln -fs /etc/alternc/alternc.ini /etc/php/$php/cli/conf.d/alternc.ini || true -else - ln -fs /etc/alternc/alternc.ini /etc/php$php/apache2/conf.d/alternc.ini || true - ln -fs /etc/alternc/alternc.ini /etc/php$php/cli/conf.d/alternc.ini || true -fi - -if [ -x /usr/sbin/apache2 ]; then - # hook - run-parts --arg=apache2 /usr/lib/alternc/install.d - a2enmod mpm_itk - - s="" - # unused from AlternC 1.0, FIXME: remove it later - if [ -L /etc/apache2/mods-enabled/vhost_alias.load ] - then - a2dismod vhost_alias - s="apache2" - fi - if ! [ -L /etc/apache2/mods-enabled/php$php.load ] - then - a2enmod php$php - fi - if ! [ -L /etc/apache2/mods-enabled/rewrite.load ] - then - a2enmod rewrite - fi - if [ -e /etc/alternc/apache.pem ]; then - # We enable proftpd tls module - cat /etc/proftpd/modules.conf | sed -e 's/^#LoadModule mod_tls.c/LoadModule mod_tls.c/' > /etc/proftpd/modules.conf.alternc-new - mv /etc/proftpd/modules.conf.alternc-new /etc/proftpd/modules.conf - cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/ - # We enable apache2 SSL : - if [ ! -L /etc/apache2/mods-enabled/ssl.load ] ; then - a2enmod ssl - s="apache2" - fi - if [ ! -h /etc/apache2/conf-available/alternc-ssl.conf ] && [ -e /etc/apache2/conf-available/ ]; then - ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf-available/alternc-ssl.conf - a2enconf alternc-ssl - s="apache2" - fi - - # We enable dovecot SSL certificate instructions: (on wheezy we should use a new file in /etc/dovecot/conf.d/ ) - ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = /etc/dovecot/conf.d/96_ssl.conf - - else - # We disable proftpd tls module - cat /etc/proftpd/modules.conf | sed -e 's/^LoadModule mod_tls.c/#LoadModule mod_tls.c/' > /etc/proftpd/modules.conf.alternc-new - mv /etc/proftpd/modules.conf.alternc-new /etc/proftpd/modules.conf - cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/ - - # We disable dovecot SSL certificate instructions: (on wheezy we should remove a file in /etc/dovecot/conf.d/ ) - ( echo "# Don't change this file, it will be overwriten by alternc.install. Change ssl parameters in a file named 99_ssl.conf instead" ; echo "ssl_cert = /etc/dovecot/conf.d/96_ssl.conf - - echo "SSL not configured" - echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install" - fi - if [ ! -h /etc/apache2/conf-available/alternc.conf ] && [ -e /etc/apache2/conf-available/ ]; then - ln -sf /etc/alternc/apache2.conf /etc/apache2/conf-available/alternc.conf - a2enconf alternc.conf - s="apache2" - fi - if [ -e /etc/apache2/sites-enabled/000-default.conf ]; then - a2dissite 000-default - s="apache2" - fi - SERVICES="$SERVICES $s" -fi - -# Manage sudoers.d include appearing in Squeeze: -# if the "includedir" is not here, we add it ONLY IF visudo -c is happy. -if ! grep -q "#includedir */etc/sudoers.d" /etc/sudoers ; then - if ! cat /etc/sudoers.d/* | visudo -c -f - >/dev/null ; then - echo -e "\033[31m**********************************************" - echo "* *" - echo "* ALTERNC ACTION REQUESTED *" - echo "* *" - echo "* SUDO is NOT configured properly *" - echo "* check your files in /etc/sudoers.d ! *" - echo "* then launch alternc.install again *" - echo "* *" - echo "**********************************************" - echo -e "\033[0m" - exit 1 - else - echo "#includedir */etc/sudoers.d" >>/etc/sudoers - fi -fi - -# Copy postfix *_checks if they do not exist -for file in body_checks header_checks; do - if [ ! -e "/etc/postfix/$file" ]; then - cp /usr/share/alternc/install/$file /etc/postfix - fi -done - -# Attribute the correct rights to critical postfix files -if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfix/mygid.cf -o -e /etc/postfix/myrelay-domain.sh -o -e /etc/postfix/myvirtual.cf -o -e /etc/postfix/myrelay.cf -o -e /etc/postfix/myquota.cf ]; then - chown root:postfix /etc/postfix/my* - chmod 640 /etc/postfix/my* -fi - -if [ ! -f /etc/postfix/main.cf ] -then - echo -e "\033[31m**********************************************" - echo "* *" - echo "* ALTERNC ACTION REQUESTED *" - echo "* *" - echo "* POSTFIX is NOT configured properly *" - echo "* launch dpkg-reconfigure -plow postfix *" - echo "* and choose 'Internet Site' *" - echo "* then launch alternc.install again *" - echo "* *" - echo "**********************************************" - echo -e "\033[0m" - exit 1 -fi - -# configure Postfix appropriatly for our needs -if [ "$slave" = "1" ]; then - postfix_conf=/etc/alternc/postfix/postfix-slave.cf -else - postfix_conf=/etc/alternc/postfix/postfix.cf -fi -grep -v '^\ *#' $postfix_conf |while read line ; do - if echo "$line" | grep -qi '^smtpd_tls_dcert_file' ;then - line_strip=`echo "$line"|tr -d '[:blank:]'` - pattern="*=" - cert_file=${line_strip#$pattern} - echo $cert_file - echo $line - echo $line_strip - if [ -e $cert_file ];then - postconf -e "$line" - else - echo -e "\033[31m*****************************************************" - echo "* The certificate file : $cert_file does not exists *" - echo "* If you want to be able to use SSL/TLS *" - echo "* please go to https://alternc.com/SSL *" - echo "* to get information on how to create a certificate *" - echo "* Finally relaunch alternc.install *" - echo "*****************************************************" - echo -e "\033[0m" - fi - else - postconf -e "$line" - fi -done - -# Conviguring delivery used by Postfix -/usr/lib/alternc/alternc_add_policy_dovecot - -# Bug #1215: configure mydestination when $FQDN is not in -OLDDESTINATION=`postconf mydestination | awk -F '=' '{print $2}'` -echo "$OLDDESTINATION" | grep -q -v "$FQDN" && postconf -e "mydestination = $FQDN, $OLDDESTINATION" - -# Remove phpmyadmin apache2 configuration -a2disconf phpmyadmin - -# Configure PHPMyAdmin -include_str='include("/etc/alternc/phpmyadmin.inc.php")' -pma_config='/etc/phpmyadmin/config.inc.php' - -# Sur une configuration vierge, inclure la configuration alternc -if ! grep -e "${include_str/\"/\\\"}" $pma_config > /dev/null 2>&1; then - echo "$include_str;" >> $pma_config -fi - -# Le template de /etc/alternc/phpmyadmin.inc.php viens d'être réappliqué, on -# regénére la liste des serveurs MySQL disponible dedans. -mysql_query "select id,host,name from db_servers;" | while read id host name ; do -echo " -// Server #$id in db_servers -\$i++; -\$cfg['Servers'][\$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket') -\$cfg['Servers'][\$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)? -\$cfg['Servers'][\$i]['hide_db'] = 'information_schema'; -\$cfg['Servers'][\$i]['verbose'] = '$name'; // human name -\$cfg['Servers'][\$i]['host'] = '$host'; // MySQL hostname or IP address -" >> '/etc/alternc/phpmyadmin.inc.php' -done - -# Reload incron. Useless, but who know? -SERVICES="$SERVICES incron" +diff --git a/install/alternc.install b/install/alternc.install +index 95060b7c..5d92cf0c 100644 +--- a/install/alternc.install ++++ b/install/alternc.install +@@ -279,20 +279,12 @@ rm -f $SED_SCRIPT + # Ad-hoc fixes + # -if [ -e /etc/proftpd.conf ] ; then - chmod 640 /etc/proftpd/proftpd.conf -fi - -if [ -x /usr/sbin/locale-gen ] ; then - touch /etc/locale.gen - LOCALECHANGED="" - # Add de_DE ISO-8859-1, en_US ISO-8859-1, es_ES ISO-8859-1, fr_FR ISO-8859-1 to the locales : - if ! grep -q "^de_DE ISO-8859-1$" /etc/locale.gen ; then - echo "de_DE ISO-8859-1" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^en_US ISO-8859-1$" /etc/locale.gen ; then - echo "en_US ISO-8859-1" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^es_ES ISO-8859-1$" /etc/locale.gen ; then - echo "es_ES ISO-8859-1" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^fr_FR ISO-8859-1$" /etc/locale.gen ; then - echo "fr_FR ISO-8859-1" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^de_DE.UTF-8 UTF-8$" /etc/locale.gen ; then - echo "de_DE.UTF-8 UTF-8" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^fr_FR.UTF-8 UTF-8$" /etc/locale.gen ; then - echo "fr_FR.UTF-8 UTF-8" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^es_ES.UTF-8 UTF-8$" /etc/locale.gen ; then - echo "es_ES.UTF-8 UTF-8" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^en_US.UTF-8 UTF-8$" /etc/locale.gen ; then - echo "en_US.UTF-8 UTF-8" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^it_IT.UTF-8 UTF-8$" /etc/locale.gen ; then - echo "it_IT.UTF-8 UTF-8" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if ! grep -q "^nl_NL.UTF-8 UTF-8$" /etc/locale.gen ; then - echo "nl_NL.UTF-8 UTF-8" >>/etc/locale.gen - LOCALECHANGED=1 - fi - if [ "$LOCALECHANGED" ] ; then - locale-gen - fi -fi - -# remaining steps are only for the master -if [ "$slave" = "1" ]; then - exit 0 -fi - -####################################################################### -# populate alternc database with the mailname used by postfix to send mail for each vhost -# -# If mailname does not exist, create it. Fix #1495 -test -e "/etc/mailname" || hostname -f > "/etc/mailname" -# Allow for all the users to view /etc/mailname -chmod +r "/etc/mailname" - -####################################################################### -# Save installed files to check them during next install -# -tar -zcf "$INSTALLED_CONFIG_TAR" -C / $CONFIG_FILES - -####################################################################### -# Last touches -# - -find $ALTERNC_HTML -maxdepth 1 -type d -exec setfacl -b -k -m d:g:alterncpanel:-wx -m d:u:alterncpanel:-wx -m u:alterncpanel:-wx -m g:alterncpanel:-wx {} \; - -#creating log file -if [ ! -e "/var/log/alternc/bureau.log" ]; then - test -d "/var/log/alternc/" || mkdir -p "/var/log/alternc/" - touch "/var/log/alternc/bureau.log" -fi - -if [ ! -e "/var/log/alternc/update_domains.log" ]; then - test -d "/var/log/alternc/" || mkdir -p "/var/log/alternc/" - touch "/var/log/alternc/update_domains.log" -fi - -# Be sure of the owner of the logs files -chmod 640 /var/log/alternc/bureau.log /var/log/alternc/update_domains.log -chown alterncpanel:adm /var/log/alternc/bureau.log /var/log/alternc/update_domains.log - -# Creating admin user if needed -HAS_ROOT=`mysql --defaults-file=/etc/alternc/my.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" | tail -1` - -if [ "$HAS_ROOT" != "1" ]; then - echo "Creating admin user..." - echo "" - - if su - alterncpanel -s /bin/bash -c /usr/share/alternc/install/newone.php - then - echo "*******************************************" - echo "* *" - echo "* Admin account *" - echo "* ------------ *" - echo "* *" - echo "* user: admin password: admin *" - echo "* *" - echo "* Please change this as soon as possible! *" - echo "* *" - echo "*******************************************" - else - echo "Unable to create the first AlternC account (named 'admin'). newone.php returned $?. Check your MySQL database, PHP, and the /etc/alternc/local.sh file. Also check for any error above during install." - fi -else - ##UPDATE default db_server following /etc/alternc/my.cnf values - if [ "$MYSQL_HOST" == "localhost" ]; then - MYSQL_HOST_CLIENT="localhost" - else - MYSQL_HOST_CLIENT="%" - fi - mysql --defaults-file=/etc/alternc/my.cnf -e "UPDATE db_servers SET host='$MYSQL_HOST', login='$MYSQL_USER', password='$MYSQL_PASS', client='$MYSQL_HOST_CLIENT' WHERE name='Default';" -fi - -# giving vmail user read access on dovecot sql file -chgrp vmail /etc/dovecot/alternc-sql.conf -chmod g+r /etc/dovecot/alternc-sql.conf -# Override some dovecot 2.0 configuration that may have happened during dovecot postinst: -sed -i -e 's/^ *!include/#!include/' /etc/dovecot/conf.d/10-auth.conf - -# Changing owner of web panel's files -chown -R alterncpanel:alterncpanel "/usr/share/alternc/panel/" - -# We force the re-computing of the DNS zones, since we may have changed the IP address (see #460) -/usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='UPDATE' WHERE gesdns=1;" - -# We ensure localhost is trusted to opendkim -mkdir -p "/etc/opendkim/keys" -touch /etc/opendkim/TrustedHosts /etc/opendkim/SigningTable /etc/opendkim/KeyTable -grep -q "^127.0.0.1\$" /etc/opendkim/TrustedHosts || echo "127.0.0.1" >>/etc/opendkim/TrustedHosts -grep -q "^localhost\$" /etc/opendkim/TrustedHosts || echo "localhost" >>/etc/opendkim/TrustedHosts -grep -q "^$PUBLIC_IP\$" /etc/opendkim/TrustedHosts || echo "$PUBLIC_IP" >>/etc/opendkim/TrustedHosts - -# Add opendkim to service to restart -SERVICES="$SERVICES opendkim bind9" - -# hook -run-parts --arg=before-reload /usr/lib/alternc/install.d - -####################################################################### -# Reload services -# -for service in postfix dovecot cron proftpd ; do - invoke-rc.d $service force-reload || true -done - -# We should restart apaches after all configuration stuff ... -for service in $SERVICES; do - test -x /etc/init.d/$service && invoke-rc.d $service stop || true -done - -# on Jessie, apache2 does not stop/start properly due to "service" and "apache2ctl" having different behavior pid-file-wise -killall apache2 - -for service in $SERVICES; do - test -x /etc/init.d/$service && invoke-rc.d $service start || true -done - -echo "Fix all the permission. May be quite long..." -echo "YOU CAN INTERUPT THIS BY USING Ctrl-c THEN y TO BYPASS THE ERROR." -/usr/lib/alternc/fixperms.sh -echo "Compile PO files" - -# TODO : includes the .MO in debian package ;) -find /usr/share/alternc/panel/locales -maxdepth 1 -mindepth 1 -type d -name "*_*" | while read A -do - B="$A/LC_MESSAGES" - cd $B - rm -f alternc.mo alternc.po - msgcat --use-first *.po alternc >alternc.po - msgfmt alternc.po -o alternc.mo -done - -# Fix some perms -# Fix phpmyadmin import trac#1557 -test -d "/var/lib/phpmyadmin/tmp" && dpkg-statoverride --update --add www-data alterncpanel 0775 "/var/lib/phpmyadmin/tmp" 2>/dev/null || true -test -f "/etc/phpmyadmin/config-db.php" && dpkg-statoverride --update --add www-data alterncpanel 0644 "/etc/phpmyadmin/config-db.php" 2>/dev/null || true - -# hook -run-parts --arg=end /usr/lib/alternc/install.d - -# Unlock jobs ! -unlock_jobs - -# Rebuild all web configuration -/usr/lib/alternc/rebuild_all_webconf.sh --force +-php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.*\)\.so$/\1/' | tail -1`" +-if [ "$php" = "7.0" ] +-then +- ln -fs /etc/alternc/alternc.ini /etc/php/$php/apache2/conf.d/alternc.ini || true +- ln -fs /etc/alternc/alternc.ini /etc/php/$php/cli/conf.d/alternc.ini || true +-else +- ln -fs /etc/alternc/alternc.ini /etc/php$php/apache2/conf.d/alternc.ini || true +- ln -fs /etc/alternc/alternc.ini /etc/php$php/cli/conf.d/alternc.ini || true +-fi +- ++php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.\)\.so$/php\1/' | tail -1`" ++ln -fs /etc/alternc/alternc.ini /etc/$php/apache2/conf.d/alternc.ini || true ++ln -fs /etc/alternc/alternc.ini /etc/$php/cli/conf.d/alternc.ini || true + if [ -x /usr/sbin/apache2 ]; then + # hook + run-parts --arg=apache2 /usr/lib/alternc/install.d +- a2enmod mpm_itk + + s="" + # unused from AlternC 1.0, FIXME: remove it later +@@ -301,9 +293,9 @@ if [ -x /usr/sbin/apache2 ]; then + a2dismod vhost_alias + s="apache2" + fi +- if ! [ -L /etc/apache2/mods-enabled/php$php.load ] ++ if ! [ -L /etc/apache2/mods-enabled/$php.load ] + then +- a2enmod php$php ++ a2enmod $php + fi + if ! [ -L /etc/apache2/mods-enabled/rewrite.load ] + then +@@ -319,9 +311,8 @@ if [ -x /usr/sbin/apache2 ]; then + a2enmod ssl + s="apache2" + fi +- if [ ! -h /etc/apache2/conf-available/alternc-ssl.conf ] && [ -e /etc/apache2/conf-available/ ]; then +- ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf-available/alternc-ssl.conf +- a2enconf alternc-ssl ++ if [ ! -h /etc/apache2/conf.d/alternc-ssl.conf ] && [ -e /etc/apache2/conf.d/ ]; then ++ ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf.d/alternc-ssl.conf + s="apache2" + fi + +@@ -340,13 +331,12 @@ if [ -x /usr/sbin/apache2 ]; then + echo "SSL not configured" + echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install" + fi +- if [ ! -h /etc/apache2/conf-available/alternc.conf ] && [ -e /etc/apache2/conf-available/ ]; then +- ln -sf /etc/alternc/apache2.conf /etc/apache2/conf-available/alternc.conf +- a2enconf alternc.conf ++ if [ ! -h /etc/apache2/conf.d/alternc.conf ] && [ -e /etc/apache2/conf.d/ ]; then ++ ln -sf /etc/alternc/apache2.conf /etc/apache2/conf.d/alternc.conf + s="apache2" + fi +- if [ -e /etc/apache2/sites-enabled/000-default.conf ]; then +- a2dissite 000-default ++ if [ -e /etc/apache2/sites-enabled/000-default ]; then ++ a2dissite default + s="apache2" + fi + SERVICES="$SERVICES $s" +@@ -440,7 +430,7 @@ OLDDESTINATION=`postconf mydestination | awk -F '=' '{print $2}'` + echo "$OLDDESTINATION" | grep -q -v "$FQDN" && postconf -e "mydestination = $FQDN, $OLDDESTINATION" + + # Remove phpmyadmin apache2 configuration +-a2disconf phpmyadmin ++rm -f /etc/apache2/conf.d/phpmyadmin.conf || true + + # Configure PHPMyAdmin + include_str='include("/etc/alternc/phpmyadmin.inc.php")' +@@ -598,9 +588,6 @@ chmod g+r /etc/dovecot/alternc-sql.conf + # Override some dovecot 2.0 configuration that may have happened during dovecot postinst: + sed -i -e 's/^ *!include/#!include/' /etc/dovecot/conf.d/10-auth.conf + +-# Changing owner of web panel's files +-chown -R alterncpanel:alterncpanel "/usr/share/alternc/panel/" +- + # We force the re-computing of the DNS zones, since we may have changed the IP address (see #460) + /usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='UPDATE' WHERE gesdns=1;" + +@@ -612,7 +599,7 @@ grep -q "^localhost\$" /etc/opendkim/TrustedHosts || echo "localhost" >>/etc/ope + grep -q "^$PUBLIC_IP\$" /etc/opendkim/TrustedHosts || echo "$PUBLIC_IP" >>/etc/opendkim/TrustedHosts + + # Add opendkim to service to restart +-SERVICES="$SERVICES opendkim bind9" ++SERVICES="$SERVICES opendkim" + + # hook + run-parts --arg=before-reload /usr/lib/alternc/install.d +@@ -620,7 +607,7 @@ run-parts --arg=before-reload /usr/lib/alternc/install.d + ####################################################################### + # Reload services + # +-for service in postfix dovecot cron proftpd ; do ++for service in postfix bind9 apache2 dovecot cron proftpd ; do + invoke-rc.d $service force-reload || true + done + +@@ -628,10 +615,6 @@ done + for service in $SERVICES; do + test -x /etc/init.d/$service && invoke-rc.d $service stop || true + done +- +-# on Jessie, apache2 does not stop/start properly due to "service" and "apache2ctl" having different behavior pid-file-wise +-killall apache2 +- + for service in $SERVICES; do + test -x /etc/init.d/$service && invoke-rc.d $service start || true + done diff --git a/jessie/apache2.conf b/jessie/apache2.conf index 0732de07..a5920e1e 100644 --- a/jessie/apache2.conf +++ b/jessie/apache2.conf @@ -1,81 +1,43 @@ -# AUTO GENERATED FILE -# Modify template in /etc/alternc/templates/ -# and launch alternc.install if you want -# to modify this file. -# -# This module is loaded in /etc/apache/modules, and enabled by apache-modconf -# LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so - -# Define the default user and group for mpm-itk -AssignUserId www-data www-data - -# Deny access to the root filesystem - - Options +FollowSymLinks - AllowOverride None - Order allow,deny - Deny from all - -#### End security parameters - -ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - - - - - Order allow,deny - Allow from all - - php_admin_flag safe_mode_gid off - php_admin_flag safe_mode off - AddDefaultCharset UTF-8 -# open_basedir allows access to specifics directories. We need to grant access to these directories for alternc, awstats, mailman... - php_admin_value open_basedir /usr/share/alternc-mailman/patches/:/etc/alternc/:/run/alternc:/var/run/alternc/:/usr/share/alternc/panel/:%%ALTERNC_HTML%%/:/tmp:/usr/share/php/:/var/cache/alternc-webalizer/:/etc/locale.gen:%%ALTERNC_LOGS%%:/etc/awstats/:/var/log/alternc/:/var/lib/alternc/panel/ - - - - - - AllowOverride AuthConfig FileInfo Limit Options Indexes - Options -Indexes +Includes -FollowSymLinks +MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - php_admin_flag safe_mode_gid off - php_admin_flag safe_mode off - php_admin_flag enable_dl off - - php_admin_value disable_functions chmod,chown,chgrp,link,symlink - php_admin_value safe_mode_exec_dir /usr/lib/alternc/safe_mode_exec_dir - php_admin_value disable_functions chgrp,link,symlink - php_admin_value sendmail_path /usr/lib/alternc/sendmail - - # Default upload_tmp_dir is /tmp . Be carefull, this value MUST be surcharged - # by the vhost to be a directory INSIDE the home of the user. If you don't do - # that, ACLs could be "strange" or inexistent. - php_admin_value upload_tmp_dir /tmp - - - - AllowOverride AuthConfig Options FileInfo Limit Indexes - Options +Indexes +Includes +FollowSymLinks +MultiViews - Order allow,deny - Allow from all - - - AllowOverride AuthConfig Options FileInfo Limit Indexes - Options +Indexes +Includes +FollowSymLinks +MultiViews - Order allow,deny - Allow from all - - - - Include /etc/alternc/bureau.conf - - -# Now we include all the generated configuration -Include /var/lib/alternc/apache-vhost/vhosts_all.conf +diff --git a/etc/alternc/templates/alternc/apache2.conf b/etc/alternc/templates/alternc/apache2.conf +index 0732de07..514d695d 100644 +--- a/etc/alternc/templates/alternc/apache2.conf ++++ b/etc/alternc/templates/alternc/apache2.conf +@@ -9,9 +9,12 @@ + # Define the default user and group for mpm-itk + AssignUserId www-data www-data + ++# Logformat information ++Include /etc/alternc/apache_logformat.conf ++ + # Deny access to the root filesystem + +- Options +FollowSymLinks ++ Options FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all +@@ -42,7 +45,7 @@ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + + AllowOverride AuthConfig FileInfo Limit Options Indexes +- Options -Indexes +Includes -FollowSymLinks +MultiViews +SymLinksIfOwnerMatch ++ Options Indexes Includes -FollowSymLinks MultiViews SymLinksIfOwnerMatch + Order allow,deny + Allow from all + php_admin_flag safe_mode_gid off +@@ -62,13 +65,13 @@ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + + AllowOverride AuthConfig Options FileInfo Limit Indexes +- Options +Indexes +Includes +FollowSymLinks +MultiViews ++ Options Indexes Includes FollowSymLinks MultiViews + Order allow,deny + Allow from all + + + AllowOverride AuthConfig Options FileInfo Limit Indexes +- Options +Indexes +Includes +FollowSymLinks +MultiViews ++ Options Indexes Includes FollowSymLinks MultiViews + Order allow,deny + Allow from all + diff --git a/jessie/bureau.conf b/jessie/bureau.conf index 65bca635..208ca040 100644 --- a/jessie/bureau.conf +++ b/jessie/bureau.conf @@ -1,37 +1,11 @@ - - AssignUserId alterncpanel alterncpanel - SetEnv LOGIN "0000-panel" - - DocumentRoot /usr/share/alternc/panel/admin - ServerName %%fqdn%% - - # Mail autoconfig - ServerAlias autoconfig.* - ServerAlias autodiscover.* - - RewriteEngine on - RewriteRule ^/admin/(.*) /$1 [R=301,L] - - alias /alternc-sql /usr/share/phpmyadmin - - RewriteEngine On - RewriteRule ^webmail /webmail-redirect.php [L] - - # Mail autoconfig - RewriteRule ^/mail/mailautoconfig.xml$ /mailautoconfig_thunderbird.php [L] - RewriteRule ^/mail/config-v1.1.xml$ /mailautoconfig_thunderbird.php [L] - RewriteRule ^mail/mailautoconfig.xml$ /mailautoconfig_thunderbird.php [L] - RewriteRule ^mail/config-v1.1.xml$ /mailautoconfig_thunderbird.php [L] - RewriteRule ^/autodiscover/autodiscover.xml$ /mailautoconfig_outlook.php [L] - RewriteRule ^/Autodiscover/Autodiscover.xml$ /mailautoconfig_outlook.php [L] - RewriteRule ^/Autodiscover.xml$ mailautoconfig_outlook.php [L] - RewriteRule ^/autodiscover.xml$ mailautoconfig_outlook.php [L] - RewriteRule ^autodiscover/autodiscover.xml$ /mailautoconfig_outlook.php [L] - RewriteRule ^Autodiscover/Autodiscover.xml$ /mailautoconfig_outlook.php [L] - RewriteRule ^Autodiscover.xml$ mailautoconfig_outlook.php [L] - RewriteRule ^autodiscover.xml$ mailautoconfig_outlook.php [L] - - - # will be used to define aliases such as /javascript /webmail /squirrelmail ... - IncludeOptional /etc/alternc/apache-panel.d/*.conf - +diff --git a/etc/alternc/templates/alternc/bureau.conf b/etc/alternc/templates/alternc/bureau.conf +index 65bca635..aa7066b9 100644 +--- a/etc/alternc/templates/alternc/bureau.conf ++++ b/etc/alternc/templates/alternc/bureau.conf +@@ -33,5 +33,5 @@ + + + # will be used to define aliases such as /javascript /webmail /squirrelmail ... +- IncludeOptional /etc/alternc/apache-panel.d/*.conf ++ Include /etc/alternc/apache-panel.d/*.conf + diff --git a/jessie/changelog b/jessie/changelog new file mode 100644 index 00000000..76d43552 --- /dev/null +++ b/jessie/changelog @@ -0,0 +1,15 @@ +diff --git a/debian/changelog b/debian/changelog +index 3ed86856..75cd7999 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,10 +1,3 @@ +-alternc (3.3.10) stable; urgency=low +- +- * Version identical to 3.1 for Squeeze +- * Includes small patches / dependency for apache & dovecot 2.0 for Jessie +- +- -- Benjamin Sonntag Fri, 15 Jan 2016 15:26:00 +0100 +- + alternc (3.2.10) oldstable; urgency=low + + * Version identical to 3.1 for Squeeze diff --git a/jessie/changelog.diff b/jessie/changelog.diff deleted file mode 100644 index 017bbc43..00000000 --- a/jessie/changelog.diff +++ /dev/null @@ -1,13 +0,0 @@ ---- changelog 2014-06-24 13:42:50.234304438 +0200 -+++ changelog.wheezy 2014-06-24 13:43:51.978313552 +0200 -@@ -1,1 +1,8 @@ -+alternc (3.3.10) stable; urgency=low -+ -+ * Version identical to 3.1 for Squeeze -+ * Includes small patches / dependency for apache & dovecot 2.0 for Jessie -+ -+ -- Benjamin Sonntag Fri, 15 Jan 2016 15:26:00 +0100 -+ - alternc (3.2.10) oldstable; urgency=low - - * Version identical to 3.1 for Squeeze diff --git a/jessie/config.inc.php b/jessie/config.inc.php new file mode 100644 index 00000000..891252d2 --- /dev/null +++ b/jessie/config.inc.php @@ -0,0 +1,449 @@ +diff --git a/roundcube/templates/roundcube/plugins/password/config.inc.php b/roundcube/templates/roundcube/plugins/password/config.inc.php +index 6d49ef6e..f2741c57 100644 +--- a/roundcube/templates/roundcube/plugins/password/config.inc.php ++++ b/roundcube/templates/roundcube/plugins/password/config.inc.php +@@ -1,56 +1,47 @@ + /dev/null'; ++$rcmail_config['password_chpasswd_cmd'] = 'sudo /usr/sbin/chpasswd 2> /dev/null'; + + + // XMail Driver options + // --------------------- +-$config['xmail_host'] = 'localhost'; +-$config['xmail_user'] = 'YourXmailControlUser'; +-$config['xmail_pass'] = 'YourXmailControlPass'; +-$config['xmail_port'] = 6017; ++$rcmail_config['xmail_host'] = 'localhost'; ++$rcmail_config['xmail_user'] = 'YourXmailControlUser'; ++$rcmail_config['xmail_pass'] = 'YourXmailControlPass'; ++$rcmail_config['xmail_port'] = 6017; + + + // hMail Driver options +@@ -312,9 +293,9 @@ $config['xmail_port'] = 6017; + // Remote hMailServer configuration + // true: HMailserver is on a remote box (php.ini: com.allow_dcom = true) + // false: Hmailserver is on same box as PHP +-$config['hmailserver_remote_dcom'] = false; ++$rcmail_config['hmailserver_remote_dcom'] = false; + // Windows credentials +-$config['hmailserver_server'] = array( ++$rcmail_config['hmailserver_server'] = array( + 'Server' => 'localhost', // hostname or ip address + 'Username' => 'administrator', // windows username + 'Password' => 'password' // windows user password +@@ -332,70 +313,6 @@ $config['hmailserver_server'] = array( + // 5: domain-username + // 6: username_domain + // 7: domain_username +-$config['password_virtualmin_format'] = 0; +- +- +-// pw_usermod Driver options +-// -------------------------- +-// Use comma delimited exlist to disable password change for users +-// Add the following line to visudo to tighten security: +-// www ALL=NOPASSWORD: /usr/sbin/pw +-$config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n'; +- +- +-// DBMail Driver options +-// ------------------- +-// Additional arguments for the dbmail-users call +-$config['password_dbmail_args'] = '-p sha512'; +- +- +-// Expect Driver options +-// --------------------- +-// Location of expect binary +-$config['password_expect_bin'] = '/usr/bin/expect'; +- +-// Location of expect script (see helpers/passwd-expect) +-$config['password_expect_script'] = ''; +- +-// Arguments for the expect script. See the helpers/passwd-expect file for details. +-// This is probably a good starting default: +-// -telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log +-$config['password_expect_params'] = ''; +- +- +-// smb Driver options +-// --------------------- +-// Samba host (default: localhost) +-// Supported replacement variables: +-// %n - hostname ($_SERVER['SERVER_NAME']) +-// %t - hostname without the first part +-// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) +-$config['password_smb_host'] = 'localhost'; +-// Location of smbpasswd binary +-$config['password_smb_cmd'] = '/usr/bin/smbpasswd'; +- +-// gearman driver options +-// --------------------- +-// Gearman host (default: localhost) +-$config['password_gearman_host'] = 'localhost'; +- +- +- +-// Plesk/PPA Driver options +-// -------------------- +-// You need to allow RCP for IP of roundcube-server in Plesk/PPA Panel +- +-// Plesk RCP Host +-$config['password_plesk_host'] = '10.0.0.5'; +- +-// Plesk RPC Username +-$config['password_plesk_user'] = 'admin'; +- +-// Plesk RPC Password +-$config['password_plesk_pass'] = 'password'; +- +-// Plesk RPC Port +-$config['password_plesk_rpc_port'] = '8443'; ++$rcmail_config['password_virtualmin_format'] = 0; + +-// Plesk RPC Path +-$config['password_plesk_rpc_path'] = 'enterprise/control/agent.php'; ++?> diff --git a/jessie/control b/jessie/control new file mode 100644 index 00000000..db7ee3d4 --- /dev/null +++ b/jessie/control @@ -0,0 +1,30 @@ +diff --git a/debian/control b/debian/control +index 551f6171..ac10f87d 100644 +--- a/debian/control ++++ b/debian/control +@@ -38,9 +38,9 @@ Depends: debianutils (>= 1.13.1) + , sudo + , adduser + , dnsutils +- , dovecot-core (>=1:2.1.7) +- , dovecot-imapd (>=1:2.1.7) +- , dovecot-pop3d (>=1:2.1.7) ++ , dovecot-common (>=1:2.1.7) ++ , dovecot-imapd ++ , dovecot-pop3d + , dovecot-mysql + , vlogger + , mailutils | mailx +@@ -126,9 +126,9 @@ Depends: debianutils (>= 1.13.1) + , gettext (>= 0.10.40-5) + , adduser + , sudo +- , dovecot-core (>=1:2.1.7) +- , dovecot-imapd (>=1:2.1.7) +- , dovecot-pop3d (>=1:2.1.7) ++ , dovecot-common (>=1:2.1.7) ++ , dovecot-imapd ++ , dovecot-pop3d + , dovecot-mysql + , vlogger + , mailutils | mailx diff --git a/jessie/control.diff b/jessie/control.diff deleted file mode 100644 index 2b8b28ee..00000000 --- a/jessie/control.diff +++ /dev/null @@ -1,28 +0,0 @@ ---- control.wheezy 2017-10-06 12:13:49.765062335 +0200 -+++ control 2017-10-06 12:15:52.021333089 +0200 -@@ -38,9 +38,9 @@ - , sudo - , adduser - , dnsutils -- , dovecot-common (>=1:2.1.7) -- , dovecot-imapd -- , dovecot-pop3d -+ , dovecot-core (>=1:2.1.7) -+ , dovecot-imapd (>=1:2.1.7) -+ , dovecot-pop3d (>=1:2.1.7) - , dovecot-mysql - , vlogger - , mailutils | mailx -@@ -126,9 +126,9 @@ - , gettext (>= 0.10.40-5) - , adduser - , sudo -- , dovecot-common (>=1:2.1.7) -- , dovecot-imapd -- , dovecot-pop3d -+ , dovecot-core (>=1:2.1.7) -+ , dovecot-imapd (>=1:2.1.7) -+ , dovecot-pop3d (>=1:2.1.7) - , dovecot-mysql - , vlogger - , mailutils | mailx diff --git a/jessie/main.inc.php b/jessie/main.inc.php new file mode 100644 index 00000000..f9114d9c --- /dev/null +++ b/jessie/main.inc.php @@ -0,0 +1,809 @@ +diff --git a/roundcube/templates/roundcube/main.inc.php b/roundcube/templates/roundcube/main.inc.php +new file mode 100644 +index 00000000..97c9f6bf +--- /dev/null ++++ b/roundcube/templates/roundcube/main.inc.php +@@ -0,0 +1,803 @@ ++/sendmail or to syslog ++$rcmail_config['smtp_log'] = true; ++ ++// Log successful logins to /userlogins or to syslog ++$rcmail_config['log_logins'] = false; ++ ++// Log session authentication errors to /session or to syslog ++$rcmail_config['log_session'] = false; ++ ++// Log SQL queries to /sql or to syslog ++$rcmail_config['sql_debug'] = false; ++ ++// Log IMAP conversation to /imap or to syslog ++$rcmail_config['imap_debug'] = false; ++ ++// Log LDAP conversation to /ldap or to syslog ++$rcmail_config['ldap_debug'] = false; ++ ++// Log SMTP conversation to /smtp or to syslog ++$rcmail_config['smtp_debug'] = false; ++ ++// ---------------------------------- ++// IMAP ++// ---------------------------------- ++ ++// the mail host chosen to perform the log-in ++// leave blank to show a textbox at login, give a list of hosts ++// to display a pulldown menu or set one host as string. ++// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// ++// Supported replacement variables: ++// %n - http hostname ($_SERVER['SERVER_NAME']) ++// %d - domain (http hostname without the first part) ++// %s - domain name after the '@' from e-mail address provided at login screen ++// For example %n = mail.domain.tld, %d = domain.tld ++$rcmail_config['default_host'] = 'localhost'; ++ ++// TCP port used for IMAP connections ++$rcmail_config['default_port'] = 143; ++ ++// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use ++// best server supported one) ++$rcmail_config['imap_auth_type'] = null; ++ ++// If you know your imap's folder delimiter, you can specify it here. ++// Otherwise it will be determined automatically ++$rcmail_config['imap_delimiter'] = null; ++ ++// If IMAP server doesn't support NAMESPACE extension, but you're ++// using shared folders or personal root folder is non-empty, you'll need to ++// set these options. All can be strings or arrays of strings. ++// Folders need to be ended with directory separator, e.g. "INBOX." ++// (special directory "~" is an exception to this rule) ++// These can be used also to overwrite server's namespaces ++$rcmail_config['imap_ns_personal'] = null; ++$rcmail_config['imap_ns_other'] = null; ++$rcmail_config['imap_ns_shared'] = null; ++ ++// By default IMAP capabilities are readed after connection to IMAP server ++// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list ++// after login. Set to True if you've got this case. ++$rcmail_config['imap_force_caps'] = false; ++ ++// By default list of subscribed folders is determined using LIST-EXTENDED ++// extension if available. Some servers (dovecot 1.x) returns wrong results ++// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 ++// Enable this option to force LSUB command usage instead. ++$rcmail_config['imap_force_lsub'] = true; ++ ++// IMAP connection timeout, in seconds. Default: 0 (no limit) ++$rcmail_config['imap_timeout'] = 10; ++ ++// Optional IMAP authentication identifier to be used as authorization proxy ++$rcmail_config['imap_auth_cid'] = null; ++ ++// Optional IMAP authentication password to be used for imap_auth_cid ++$rcmail_config['imap_auth_pw'] = null; ++ ++// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. ++$rcmail_config['imap_cache'] = null; ++ ++// Enables messages cache. Only 'db' cache is supported. ++$rcmail_config['messages_cache'] = false; ++ ++ ++// ---------------------------------- ++// SMTP ++// ---------------------------------- ++ ++// SMTP server host (for sending mails). ++// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// ++// If left blank, the PHP mail() function is used ++// Supported replacement variables: ++// %h - user's IMAP hostname ++// %n - http hostname ($_SERVER['SERVER_NAME']) ++// %d - domain (http hostname without the first part) ++// %z - IMAP domain (IMAP hostname without the first part) ++// For example %n = mail.domain.tld, %d = domain.tld ++$rcmail_config['smtp_server'] = 'localhost'; ++ ++// SMTP port (default is 25; 465 for SSL) ++$rcmail_config['smtp_port'] = 25; ++ ++// SMTP username (if required) if you use %u as the username Roundcube ++// will use the current username for login ++$rcmail_config['smtp_user'] = '%u'; ++ ++// SMTP password (if required) if you use %p as the password Roundcube ++// will use the current user's password for login ++$rcmail_config['smtp_pass'] = '%p'; ++ ++// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use ++// best server supported one) ++$rcmail_config['smtp_auth_type'] = ''; ++ ++// Optional SMTP authentication identifier to be used as authorization proxy ++$rcmail_config['smtp_auth_cid'] = null; ++ ++// Optional SMTP authentication password to be used for smtp_auth_cid ++$rcmail_config['smtp_auth_pw'] = null; ++ ++// SMTP HELO host ++// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages ++// Leave this blank and you will get the server variable 'server_name' or ++// localhost if that isn't defined. ++$rcmail_config['smtp_helo_host'] = ''; ++ ++// SMTP connection timeout, in seconds. Default: 0 (no limit) ++$rcmail_config['smtp_timeout'] = 0; ++ ++// ---------------------------------- ++// SYSTEM ++// ---------------------------------- ++ ++// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. ++// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! ++$rcmail_config['enable_installer'] = false; ++ ++// use this folder to store log files (must be writeable for apache user) ++// This is used by the 'file' log driver. ++$rcmail_config['log_dir'] = 'logs/'; ++ ++// use this folder to store temp files (must be writeable for apache user) ++$rcmail_config['temp_dir'] = 'temp/'; ++ ++// lifetime of message cache ++// possible units: s, m, h, d, w ++$rcmail_config['message_cache_lifetime'] = '10d'; ++ ++// enforce connections over https ++// with this option enabled, all non-secure connections will be redirected. ++// set the port for the ssl connection as value of this option if it differs from the default 443 ++$rcmail_config['force_https'] = false; ++ ++// tell PHP that it should work as under secure connection ++// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) ++// e.g. when you're running Roundcube behind a https proxy ++$rcmail_config['use_https'] = false; ++ ++// Allow browser-autocompletion on login form. ++// 0 - disabled, 1 - username and host only, 2 - username, host, password ++$rcmail_config['login_autocomplete'] = 2; ++ ++// If users authentication is not case sensitive this must be enabled. ++// You can also use it to force conversion of logins to lower case. ++// After enabling it all user records need to be updated, e.g. with query: ++// UPDATE users SET username = LOWER(username); ++$rcmail_config['login_lc'] = false; ++ ++// automatically create a new Roundcube user when log-in the first time. ++// a new user will be created once the IMAP login succeeds. ++// set to false if only registered users can use this service ++$rcmail_config['auto_create_user'] = true; ++ ++// replace Roundcube logo with this image ++// specify an URL relative to the document root of this Roundcube installation ++$rcmail_config['skin_logo'] = 'skins/default/images/roundcube_alternc_logo.png'; ++ ++// Includes should be interpreted as PHP files ++$rcmail_config['skin_include_php'] = false; ++ ++// Session lifetime in minutes ++// must be greater than 'keep_alive'/60 ++$rcmail_config['session_lifetime'] = 60; ++ ++// session domain: .example.org ++$rcmail_config['session_domain'] = ''; ++ ++// session name. Default: 'roundcube_sessid' ++$rcmail_config['session_name'] = null; ++ ++// Backend to use for session storage. Can either be 'db' (default) or 'memcache' ++// If set to memcache, a list of servers need to be specified in 'memcache_hosts' ++// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed ++$rcmail_config['session_storage'] = 'db'; ++ ++// Use these hosts for accessing memcached ++// Define any number of hosts in the form hostname:port ++$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211' ); ++ ++// check client IP in session athorization ++$rcmail_config['ip_check'] = false; ++ ++// check referer of incoming requests ++$rcmail_config['referer_check'] = false; ++ ++// X-Frame-Options HTTP header value sent to prevent from Clickjacking. ++// Possible values: sameorigin|deny. Set to false in order to disable sending them ++$rcmail_config['x_frame_options'] = 'sameorigin'; ++ ++// this key is used to encrypt the users imap password which is stored ++// in the session record (and the client cookie if remember password is enabled). ++// please provide a string of exactly 24 chars. ++$rcmail_config['des_key'] = '%%deskey%%'; ++ ++// Automatically add this domain to user names for login ++// Only for IMAP servers that require full e-mail addresses for login ++// Specify an array with 'host' => 'domain' values to support multiple hosts ++// Supported replacement variables: ++// %h - user's IMAP hostname ++// %n - http hostname ($_SERVER['SERVER_NAME']) ++// %d - domain (http hostname without the first part) ++// %z - IMAP domain (IMAP hostname without the first part) ++// For example %n = mail.domain.tld, %d = domain.tld ++$rcmail_config['username_domain'] = ''; ++ ++// This domain will be used to form e-mail addresses of new users ++// Specify an array with 'host' => 'domain' values to support multiple hosts ++// Supported replacement variables: ++// %h - user's IMAP hostname ++// %n - http hostname ($_SERVER['SERVER_NAME']) ++// %d - domain (http hostname without the first part) ++// %z - IMAP domain (IMAP hostname without the first part) ++// For example %n = mail.domain.tld, %d = domain.tld ++$rcmail_config['mail_domain'] = ''; ++ ++// Password charset. ++// Use it if your authentication backend doesn't support UTF-8. ++// Defaults to ISO-8859-1 for backward compatibility ++$rcmail_config['password_charset'] = 'ISO-8859-1'; ++ ++// How many seconds must pass between emails sent by a user ++$rcmail_config['sendmail_delay'] = 0; ++ ++// Maximum number of recipients per message. Default: 0 (no limit) ++$rcmail_config['max_recipients'] = 0; ++ ++// Maximum allowednumber of members of an address group. Default: 0 (no limit) ++// If 'max_recipients' is set this value should be less or equal ++$rcmail_config['max_group_members'] = 0; ++ ++// add this user-agent to message headers when sending ++$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; ++ ++// use this name to compose page titles ++$rcmail_config['product_name'] = 'Roundcube Webmail'; ++ ++// try to load host-specific configuration ++// see http://trac.roundcube.net/wiki/Howto_Config for more details ++$rcmail_config['include_host_config'] = false; ++ ++// path to a text file which will be added to each sent message ++// paths are relative to the Roundcube root folder ++$rcmail_config['generic_message_footer'] = ''; ++ ++// path to a text file which will be added to each sent HTML message ++// paths are relative to the Roundcube root folder ++$rcmail_config['generic_message_footer_html'] = ''; ++ ++// add a received header to outgoing mails containing the creators IP and hostname ++$rcmail_config['http_received_header'] = false; ++ ++// Whether or not to encrypt the IP address and the host name ++// these could, in some circles, be considered as sensitive information; ++// however, for the administrator, these could be invaluable help ++// when tracking down issues. ++$rcmail_config['http_received_header_encrypt'] = false; ++ ++// This string is used as a delimiter for message headers when sending ++// a message via mail() function. Leave empty for auto-detection ++$rcmail_config['mail_header_delimiter'] = NULL; ++ ++// number of chars allowed for line when wrapping text. ++// text wrapping is done when composing/sending messages ++$rcmail_config['line_length'] = 72; ++ ++// send plaintext messages as format=flowed ++$rcmail_config['send_format_flowed'] = true; ++ ++// don't allow these settings to be overriden by the user ++$rcmail_config['dont_override'] = array(); ++ ++// Set identities access level: ++// 0 - many identities with possibility to edit all params ++// 1 - many identities with possibility to edit all params but not email address ++// 2 - one identity with possibility to edit all params ++// 3 - one identity with possibility to edit all params but not email address ++$rcmail_config['identities_level'] = 0; ++ ++// Mimetypes supported by the browser. ++// attachments of these types will open in a preview window ++// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' ++$rcmail_config['client_mimetypes'] = null; # null == default ++ ++// mime magic database ++$rcmail_config['mime_magic'] = '/usr/share/misc/magic'; ++ ++// path to imagemagick identify binary ++$rcmail_config['im_identify_path'] = '/usr/bin/identify'; ++ ++// path to imagemagick convert binary ++$rcmail_config['im_convert_path'] = '/usr/bin/convert'; ++ ++// maximum size of uploaded contact photos in pixel ++$rcmail_config['contact_photo_size'] = 160; ++ ++// Enable DNS checking for e-mail address validation ++$rcmail_config['email_dns_check'] = true; ++ ++// ---------------------------------- ++// PLUGINS ++// ---------------------------------- ++ ++// List of active plugins (in plugins/ directory) ++$rcmail_config['plugins'] = array("managesieve","password"); ++ ++// ---------------------------------- ++// USER INTERFACE ++// ---------------------------------- ++ ++// default messages sort column. Use empty value for default server's sorting, ++// or 'arrival', 'date', 'subject', 'from', 'to', 'size', 'cc' ++$rcmail_config['message_sort_col'] = ''; ++ ++// default messages sort order ++$rcmail_config['message_sort_order'] = 'DESC'; ++ ++// These cols are shown in the message list. Available cols are: ++// subject, from, to, cc, replyto, date, size, status, flag, attachment, 'priority' ++$rcmail_config['list_cols'] = array('subject', 'status', 'from', 'date', 'size', 'flag', 'attachment'); ++ ++// the default locale setting (leave empty for auto-detection) ++// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR ++$rcmail_config['language'] = null; ++ ++// use this format for date display (date or strftime format) ++$rcmail_config['date_format'] = 'Y-m-d'; ++ ++// give this choice of date formats to the user to select from ++$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); ++ ++// use this format for time display (date or strftime format) ++$rcmail_config['time_format'] = 'H:i'; ++ ++// give this choice of time formats to the user to select from ++$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); ++ ++// use this format for short date display (derived from date_format and time_format) ++$rcmail_config['date_short'] = 'D H:i'; ++ ++// use this format for detailed date/time formatting (derived from date_format and time_format) ++$rcmail_config['date_long'] = 'Y-m-d H:i'; ++ ++// store draft message is this mailbox ++// leave blank if draft messages should not be stored ++// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) ++$rcmail_config['drafts_mbox'] = 'Drafts'; ++ ++// store spam messages in this mailbox ++// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) ++$rcmail_config['junk_mbox'] = 'Junk'; ++ ++// store sent message is this mailbox ++// leave blank if sent messages should not be stored ++// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) ++$rcmail_config['sent_mbox'] = 'Sent'; ++ ++// move messages to this folder when deleting them ++// leave blank if they should be deleted directly ++// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) ++$rcmail_config['trash_mbox'] = 'Trash'; ++ ++// display these folders separately in the mailbox list. ++// these folders will also be displayed with localized names ++// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) ++$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash'); ++ ++// automatically create the above listed default folders on first login ++$rcmail_config['create_default_folders'] = true; ++ ++// protect the default folders from renames, deletes, and subscription changes ++$rcmail_config['protect_default_folders'] = true; ++ ++// if in your system 0 quota means no limit set this option to true ++$rcmail_config['quota_zero_as_unlimited'] = true; ++ ++// Make use of the built-in spell checker. It is based on GoogieSpell. ++// Since Google only accepts connections over https your PHP installatation ++// requires to be compiled with Open SSL support ++$rcmail_config['enable_spellcheck'] = true; ++ ++// Enables spellchecker exceptions dictionary. ++// Setting it to 'shared' will make the dictionary shared by all users. ++$rcmail_config['spellcheck_dictionary'] = false; ++ ++// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, ++// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. ++$rcmail_config['spellcheck_engine'] = 'pspell'; ++ ++// For a locally installed Nox Spell Server, please specify the URI to call it. ++// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 ++// Leave empty to use the Google spell checking service, what means ++// that the message content will be sent to Google in order to check spelling ++$rcmail_config['spellcheck_uri'] = ''; ++ ++// These languages can be selected for spell checking. ++// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); ++// Leave empty for default set of available language. ++$rcmail_config['spellcheck_languages'] = NULL; ++ ++// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) ++$rcmail_config['spellcheck_ignore_caps'] = false; ++ ++// Makes that words with numbers will be ignored (e.g. g00gle) ++$rcmail_config['spellcheck_ignore_nums'] = false; ++ ++// Makes that words with symbols will be ignored (e.g. g@@gle) ++$rcmail_config['spellcheck_ignore_syms'] = false; ++ ++// Use this char/string to separate recipients when composing a new message ++$rcmail_config['recipients_separator'] = ','; ++ ++// don't let users set pagesize to more than this value if set ++$rcmail_config['max_pagesize'] = 200; ++ ++// Minimal value of user's 'keep_alive' setting (in seconds) ++// Must be less than 'session_lifetime' ++$rcmail_config['min_keep_alive'] = 60; ++ ++// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. ++// By default refresh time is set to 1 second. You can set this value to true ++// or any integer value indicating number of seconds. ++$rcmail_config['upload_progress'] = false; ++ ++// Specifies for how many seconds the Undo button will be available ++// after object delete action. Currently used with supporting address book sources. ++// Setting it to 0, disables the feature. ++$rcmail_config['undo_timeout'] = 0; ++ ++// ---------------------------------- ++// ADDRESSBOOK SETTINGS ++// ---------------------------------- ++ ++// This indicates which type of address book to use. Possible choises: ++// 'sql' (default) and 'ldap'. ++// If set to 'ldap' then it will look at using the first writable LDAP ++// address book as the primary address book and it will not display the ++// SQL address book in the 'Address Book' view. ++$rcmail_config['address_book_type'] = 'sql'; ++ ++// In order to enable public ldap search, configure an array like the Verisign ++// example further below. if you would like to test, simply uncomment the example. ++// Array key must contain only safe characters, ie. a-zA-Z0-9_ ++$rcmail_config['ldap_public'] = array(); ++ ++// If you are going to use LDAP for individual address books, you will need to ++// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. ++// ++// The recommended directory structure for LDAP is to store all the address book entries ++// under the users main entry, e.g.: ++// ++// o=root ++// ou=people ++// uid=user@domain ++// mail=contact@contactdomain ++// ++// So the base_dn would be uid=%fu,ou=people,o=root ++// The bind_dn would be the same as based_dn or some super user login. ++/* ++* example config for Verisign directory ++* ++$rcmail_config['ldap_public']['Verisign'] = array( ++'name' => 'Verisign.com', ++// Replacement variables supported in host names: ++// %h - user's IMAP hostname ++// %n - http hostname ($_SERVER['SERVER_NAME']) ++// %d - domain (http hostname without the first part) ++// %z - IMAP domain (IMAP hostname without the first part) ++// For example %n = mail.domain.tld, %d = domain.tld ++'hosts' => array('directory.verisign.com'), ++'port' => 389, ++'use_tls' => false, ++'ldap_version' => 3, // using LDAPv3 ++'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. ++// %fu - The full username provided, assumes the username is an email ++// address, uses the username_domain value if not an email address. ++// %u - The username prior to the '@'. ++// %d - The domain name after the '@'. ++// %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" ++// %dn - DN found by ldap search when search_filter/search_base_dn are used ++'base_dn' => '', ++'bind_dn' => '', ++'bind_pass' => '', ++// It's possible to bind for an individual address book ++// The login name is used to search for the DN to bind with ++'search_base_dn' => '', ++'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' ++// DN and password to bind as before searching for bind DN, if anonymous search is not allowed ++'search_bind_dn' => '', ++'search_bind_pw' => '', ++// Default for %dn variable if search doesn't return DN value ++'search_dn_default' => '', ++// Optional authentication identifier to be used as SASL authorization proxy ++// bind_dn need to be empty ++'auth_cid' => '', ++// SASL authentication method (for proxy auth), e.g. DIGEST-MD5 ++'auth_method' => '', ++// Indicates if the addressbook shall be hidden from the list. ++// With this option enabled you can still search/view contacts. ++'hidden' => false, ++// Indicates if the addressbook shall not list contacts but only allows searching. ++'searchonly' => false, ++// Indicates if we can write to the LDAP directory or not. ++// If writable is true then these fields need to be populated: ++// LDAP_Object_Classes, required_fields, LDAP_rdn ++'writable' => false, ++// To create a new contact these are the object classes to specify ++// (or any other classes you wish to use). ++'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), ++// The RDN field that is used for new entries, this field needs ++// to be one of the search_fields, the base of base_dn is appended ++// to the RDN to insert into the LDAP directory. ++'LDAP_rdn' => 'mail', ++// The required fields needed to build a new contact as required by ++// the object classes (can include additional fields not required by the object classes). ++'required_fields' => array('cn', 'sn', 'mail'), ++'search_fields' => array('mail', 'cn'), // fields to search in ++// mapping of contact fields to directory attributes ++'fieldmap' => array( ++// Roundcube => LDAP ++'name' => 'cn', ++'surname' => 'sn', ++'firstname' => 'givenName', ++'email' => 'mail', ++'phone:home' => 'homePhone', ++'phone:work' => 'telephoneNumber', ++'phone:mobile' => 'mobile', ++'street' => 'street', ++'zipcode' => 'postalCode', ++'locality' => 'l', ++'country' => 'c', ++'organization' => 'o', ++), ++'sort' => 'cn', // The field to sort the listing by. ++'scope' => 'sub', // search mode: sub|base|list ++'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act ++'fuzzy_search' => true, // server allows wildcard search ++'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) ++'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting ++'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. ++'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. ++'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups ++ ++// definition for contact groups (uncomment if no groups are supported) ++// for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) ++// if the groups base_dn is empty, the contact base_dn is used for the groups as well ++// -> in this case, assure that groups and contacts are separated due to the concernig filters! ++'groups' => array( ++'base_dn' => '', ++'filter' => '(objectClass=groupOfNames)', ++'object_classes' => array("top", "groupOfNames"), ++'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember ++'name_attr' => 'cn', // attribute to be used as group name ++), ++); ++*/ ++ ++// An ordered array of the ids of the addressbooks that should be searched ++// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); ++$rcmail_config['autocomplete_addressbooks'] = array('sql'); ++ ++// The minimum number of characters required to be typed in an autocomplete field ++// before address books will be searched. Most useful for LDAP directories that ++// may need to do lengthy results building given overly-broad searches ++$rcmail_config['autocomplete_min_length'] = 1; ++ ++// Number of parallel autocomplete requests. ++// If there's more than one address book, n parallel (async) requests will be created, ++// where each request will search in one address book. By default (0), all address ++// books are searched in one request. ++$rcmail_config['autocomplete_threads'] = 0; ++ ++// Max. numer of entries in autocomplete popup. Default: 15. ++$rcmail_config['autocomplete_max'] = 15; ++ ++// show address fields in this order ++// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} ++$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; ++ ++// Matching mode for addressbook search (including autocompletion) ++// 0 - partial (*abc*), default ++// 1 - strict (abc) ++// 2 - prefix (abc*) ++// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode ++$rcmail_config['addressbook_search_mode'] = 0; ++ ++// ---------------------------------- ++// USER PREFERENCES ++// ---------------------------------- ++ ++// Use this charset as fallback for message decoding ++$rcmail_config['default_charset'] = 'UTF-8'; ++ ++// skin name: folder from skins/ ++$rcmail_config['skin'] = 'default'; ++ ++// show up to X items in list view ++$rcmail_config['pagesize'] = 40; ++ ++// use this timezone to display date/time ++$rcmail_config['timezone'] = 'auto'; ++ ++// is daylight saving On? Default: (bool)date('I'); ++$rcmail_config['dst_active'] = null; ++ ++// prefer displaying HTML messages ++$rcmail_config['prefer_html'] = true; ++ ++// display remote inline images ++// 0 - Never, always ask ++// 1 - Ask if sender is not in address book ++// 2 - Always show inline images ++$rcmail_config['show_images'] = 0; ++ ++// compose html formatted messages by default ++// 0 - never, 1 - always, 2 - on reply to HTML message only ++$rcmail_config['htmleditor'] = 0; ++ ++// show pretty dates as standard ++$rcmail_config['prettydate'] = true; ++ ++// save compose message every 300 seconds (5min) ++$rcmail_config['draft_autosave'] = 300; ++ ++// default setting if preview pane is enabled ++$rcmail_config['preview_pane'] = true; ++ ++// Mark as read when viewed in preview pane (delay in seconds) ++// Set to -1 if messages in preview pane should not be marked as read ++$rcmail_config['preview_pane_mark_read'] = -1; ++ ++// Clear Trash on logout ++$rcmail_config['logout_purge'] = true; ++ ++// Compact INBOX on logout ++$rcmail_config['logout_expunge'] = false; ++ ++// Display attached images below the message body ++$rcmail_config['inline_images'] = true; ++ ++// Encoding of long/non-ascii attachment names: ++// 0 - Full RFC 2231 compatible ++// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) ++// 2 - Full 2047 compatible ++$rcmail_config['mime_param_folding'] = 1; ++ ++// Set true if deleted messages should not be displayed ++// This will make the application run slower ++$rcmail_config['skip_deleted'] = false; ++ ++// Set true to Mark deleted messages as read as well as deleted ++// False means that a message's read status is not affected by marking it as deleted ++$rcmail_config['read_when_deleted'] = true; ++ ++// Set to true to never delete messages immediately ++// Use 'Purge' to remove messages marked as deleted ++$rcmail_config['flag_for_deletion'] = false; ++ ++// Default interval for keep-alive/check-recent requests (in seconds) ++// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' ++$rcmail_config['keep_alive'] = 60; ++ ++// If true all folders will be checked for recent messages ++$rcmail_config['check_all_folders'] = true; ++ ++// If true, after message delete/move, the next message will be displayed ++$rcmail_config['display_next'] = true; ++ ++// 0 - Do not expand threads ++// 1 - Expand all threads automatically ++// 2 - Expand only threads with unread messages ++$rcmail_config['autoexpand_threads'] = 0; ++ ++// When replying place cursor above original message (top posting) ++$rcmail_config['top_posting'] = false; ++ ++// When replying strip original signature from message ++$rcmail_config['strip_existing_sig'] = true; ++ ++// Show signature: ++// 0 - Never ++// 1 - Always ++// 2 - New messages only ++// 3 - Forwards and Replies only ++$rcmail_config['show_sig'] = 1; ++ ++// When replying or forwarding place sender's signature above existing message ++$rcmail_config['sig_above'] = false; ++ ++// Use MIME encoding (quoted-printable) for 8bit characters in message body ++$rcmail_config['force_7bit'] = false; ++ ++// Defaults of the search field configuration. ++// The array can contain a per-folder list of header fields which should be considered when searching ++// The entry with key '*' stands for all folders which do not have a specific list set. ++// Please note that folder names should to be in sync with $rcmail_config['default_imap_folders'] ++$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); ++ ++// Defaults of the addressbook search field configuration. ++$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); ++ ++// 'Delete always' ++// This setting reflects if mail should be always deleted ++// when moving to Trash fails. This is necessary in some setups ++// when user is over quota and Trash is included in the quota. ++$rcmail_config['delete_always'] = false; ++ ++// Behavior if a received message requests a message delivery notification (read receipt) ++// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) ++// 3 = send automatically if sender is in addressbook, otherwise ask the user ++// 4 = send automatically if sender is in addressbook, otherwise ignore ++$rcmail_config['mdn_requests'] = 2; ++ ++// Return receipt checkbox default state ++$rcmail_config['mdn_default'] = 0; ++ ++// Delivery Status Notification checkbox default state ++$rcmail_config['dsn_default'] = 0; ++ ++// Place replies in the folder of the message being replied to ++$rcmail_config['reply_same_folder'] = false; ++ ++// Sets default mode of Forward feature to "forward as attachment" ++$rcmail_config['forward_attachment'] = false; ++ ++// Defines address book (internal index) to which new contacts will be added ++// By default it is the first writeable addressbook. ++// Note: Use '0' for built-in address book. ++$rcmail_config['default_addressbook'] = null; ++ ++// Enables spell checking before sending a message. ++$rcmail_config['spellcheck_before_send'] = false; ++ ++// Skip alternative email addresses in autocompletion (show one address per contact) ++$rcmail_config['autocomplete_single'] = false; ++ ++// end of config file ++ ++?> diff --git a/jessie/patch.sh b/jessie/patch.sh index 65434bc0..c3e02db9 100755 --- a/jessie/patch.sh +++ b/jessie/patch.sh @@ -1,28 +1,18 @@ #!/bin/bash -# Migrate a repository to WHEEZY +# Apply diffs to build for jessie # DON'T COMMIT ANYTHING AFTER launching this -# reset your subversion repos back to the serverside one! +# reset your repos back to the serverside one! -cd `dirname $0` +# The patch files were generated by running +# REV_NEW=ebb3471f04d49dd839237608bafc396e8b5090e5 REV_OLD=3ae6c0a5c2eecf864319dd42afbfc995baee9f68 \ +# for i in `git diff --name-only $REV_NEW $REV_OLD` ; do BASE_NAME=`echo $i | rev | cut -d '/' -f 1 | rev` ; \ +# git diff -p $REV_NEW $REV_OLD -- "$i" > jessie/$BASE_NAME ; done -pushd ../debian -patch <../jessie/control.diff -patch <../jessie/changelog.diff -popd +DIR_NAME=`dirname $0` +cd "$DIR_NAME"/../ -cp vhost.conf ../etc/alternc/templates/apache2/ -cp bureau.conf ../etc/alternc/templates/alternc/ -cp alternc.install ../install/ -cp apache2.conf ../etc/alternc/templates/alternc/ -# alternc-roundcube package : -cp roundcube.config.inc.php ../roundcube/templates/roundcube/config.inc.php -rm ../roundcube/templates/roundcube/main.inc.php -cp roundcube.password.config.inc.php ../roundcube/templates/roundcube/plugins/password/config.inc.php -cp roundcube-install ../roundcube/ -cp alternc-roundcube.postinst ../debian/ - -# alternc-ssl package : -cp ssl.conf ../ssl/ -cp alternc-ssl.install.php ../ssl/ +for i in `ls "$DIR_NAME"`; do + patch -p1 < "$DIR_NAME/$i" +done diff --git a/jessie/roundcube-install b/jessie/roundcube-install index 59a26119..2d40c42a 100644 --- a/jessie/roundcube-install +++ b/jessie/roundcube-install @@ -1,98 +1,33 @@ -#!/bin/bash - -# ---------------------------------------------------------------------- -# AlternC - Web Hosting System -# Copyright (C) 2000-2012 by the AlternC Development Team. -# https://alternc.org/ -# ---------------------------------------------------------------------- -# LICENSE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License (GPL) -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# To read the license please visit http://www.gnu.org/copyleft/gpl.html -# ---------------------------------------------------------------------- -# Purpose of file: Install roundcube conf files. -# ---------------------------------------------------------------------- - -if [ "$1" = "templates" ] -then - echo "Installing Roundcube Templates ..." -# cp -f /etc/alternc/templates/roundcube/avelsieve-config.php /etc/alternc/templates/roundcube/apache.conf /etc/roundcube/ -# cp -f /etc/alternc/templates/javascript-common/javascript-common.conf /etc/javascript-common/ - - LOGIN="0000_roundcube" - PASSWORD="`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..10)'`" - DESKEY="`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..24)'`" - - # Add new variables to the sed script ... - SED_SCRIPT="/tmp/alternc-roundcube.sedscript" - # cf alternc.install for more explanations on this horror : - eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf` - . /etc/alternc/local.sh - # Configuration template location - TEMPLATE_DIR="/etc/alternc/templates" - CONFIG_FILES="etc/roundcube/config.inc.php etc/roundcube/plugins/password/config.inc.php" - - cat > $SED_SCRIPT < /$file - fi - done - - rm -f $SED_SCRIPT - - echo " Done" - - . /usr/lib/alternc/functions.sh - - echo "giving write access to roundcube to the email password ..." - # now database host user and password are mysql root account values ;) - mysql_query "GRANT UPDATE (password) ON ${database}.address TO '${LOGIN}'@'${MYSQL_CLIENT}' IDENTIFIED BY '${PASSWORD}';" - mysql_query "GRANT SELECT ON ${database}.address TO '${LOGIN}'@'${MYSQL_CLIENT}';" - mysql_query "GRANT SELECT ON ${database}.domaines TO '${LOGIN}'@'${MYSQL_CLIENT}';" - echo " Done" - - echo "Setting roundcube domaintype" - mysql_query "INSERT IGNORE INTO domaines_type (name ,description ,target ,entry ,compatibility ,enable ,only_dns ,need_dns ,advanced )VALUES ('roundcube','Roundcube Webmail access', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'txt', 'ALL', '0', '0', '0');" - echo " Done" - - echo "Migrating old webmail domaine type to roundcube one:" - # migration of the "webmail" hosts to "roundcube" hosts: - mysql_query "INSERT IGNORE INTO sub_domaines (compte, domaine, sub, valeur, type, web_action, web_result, enable) SELECT compte, domaine, sub, valeur,'roundcube', 'UPDATE',0, enable FROM sub_domaines WHERE type='WEBMAIL';" - mysql_query "UPDATE sub_domaines SET web_action='DELETE' WHERE type='WEBMAIL';" - echo " Done" - - echo "Deconfiguring javascript-common alias" - if [ -f /etc/apache2/conf.d/javascript-common.conf ]; then - rm -f /etc/apache2/conf.d/javascript-common.conf - fi - if [ -f /etc/apache2/conf-available/javascript-common.conf ] ; then - a2disconf javascript-common.conf - service apache2 reload - fi - # just in case - if [ -f /etc/javascript-common/javascript-common.conf ]; then - sed -i -e "s/^Alias \/javascript/# Do not uncomment, commented by AlternC to prevent a global alias\n#Alias \/javascript/" /etc/javascript-common/javascript-common.conf - fi - echo " Done" - -fi - +diff --git a/roundcube/roundcube-install b/roundcube/roundcube-install +index 59a26119..81011d12 100644 +--- a/roundcube/roundcube-install ++++ b/roundcube/roundcube-install +@@ -39,7 +39,7 @@ then + . /etc/alternc/local.sh + # Configuration template location + TEMPLATE_DIR="/etc/alternc/templates" +- CONFIG_FILES="etc/roundcube/config.inc.php etc/roundcube/plugins/password/config.inc.php" ++ CONFIG_FILES="etc/roundcube/main.inc.php etc/roundcube/plugins/password/config.inc.php etc/roundcube/plugins/managesieve/config.inc.php" + + cat > $SED_SCRIPT < 'localhost', // hostname or ip address - 'Username' => 'administrator', // windows username - 'Password' => 'password' // windows user password -); - - -// Virtualmin Driver options -// ------------------------- -// Username format: -// 0: username@domain -// 1: username%domain -// 2: username.domain -// 3: domain.username -// 4: username-domain -// 5: domain-username -// 6: username_domain -// 7: domain_username -$config['password_virtualmin_format'] = 0; - - -// pw_usermod Driver options -// -------------------------- -// Use comma delimited exlist to disable password change for users -// Add the following line to visudo to tighten security: -// www ALL=NOPASSWORD: /usr/sbin/pw -$config['password_pw_usermod_cmd'] = 'sudo /usr/sbin/pw usermod -h 0 -n'; - - -// DBMail Driver options -// ------------------- -// Additional arguments for the dbmail-users call -$config['password_dbmail_args'] = '-p sha512'; - - -// Expect Driver options -// --------------------- -// Location of expect binary -$config['password_expect_bin'] = '/usr/bin/expect'; - -// Location of expect script (see helpers/passwd-expect) -$config['password_expect_script'] = ''; - -// Arguments for the expect script. See the helpers/passwd-expect file for details. -// This is probably a good starting default: -// -telent -host localhost -output /tmp/passwd.log -log /tmp/passwd.log -$config['password_expect_params'] = ''; - - -// smb Driver options -// --------------------- -// Samba host (default: localhost) -// Supported replacement variables: -// %n - hostname ($_SERVER['SERVER_NAME']) -// %t - hostname without the first part -// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) -$config['password_smb_host'] = 'localhost'; -// Location of smbpasswd binary -$config['password_smb_cmd'] = '/usr/bin/smbpasswd'; - -// gearman driver options -// --------------------- -// Gearman host (default: localhost) -$config['password_gearman_host'] = 'localhost'; - - - -// Plesk/PPA Driver options -// -------------------- -// You need to allow RCP for IP of roundcube-server in Plesk/PPA Panel - -// Plesk RCP Host -$config['password_plesk_host'] = '10.0.0.5'; - -// Plesk RPC Username -$config['password_plesk_user'] = 'admin'; - -// Plesk RPC Password -$config['password_plesk_pass'] = 'password'; - -// Plesk RPC Port -$config['password_plesk_rpc_port'] = '8443'; - -// Plesk RPC Path -$config['password_plesk_rpc_path'] = 'enterprise/control/agent.php'; diff --git a/jessie/ssl.conf b/jessie/ssl.conf index 68b422b3..f933b97b 100644 --- a/jessie/ssl.conf +++ b/jessie/ssl.conf @@ -1,91 +1,13 @@ -# ############################################################################ -# WARNING : this file is overwritten by alternc.install. -# Edit /etc/alternc/templates/apache2/mods-available/ instead. -# ############################################################################ - - -# -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the SSL library. -# The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -# -SSLRandomSeed startup builtin -SSLRandomSeed startup file:/dev/urandom 512 -SSLRandomSeed connect builtin -SSLRandomSeed connect file:/dev/urandom 512 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -# (The mechanism dbm has known memory leaks and should not be used). -#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache -SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -Mutex file:${APACHE_RUN_DIR} - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. See the -# ciphers(1) man page from the openssl package for list of all available -# options. -# Enable only secure ciphers: -#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 -SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM -# Other possible ciphersuite (requires wheezy-version of apache2 at least) - #SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" - -# Speed-optimized SSL Cipher configuration: -# If speed is your main concern (on busy HTTPS servers e.g.), -# you might want to force clients to specific, performance -# optimized ciphers. In this case, prepend those ciphers -# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. -# Caveat: by giving precedence to RC4-SHA and AES128-SHA -# (as in the example below), most connections will no longer -# have perfect forward secrecy - if the server's key is -# compromised, captures of past or future traffic must be -# considered compromised, too. -#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 -SSLHonorCipherOrder on - -# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 -#SSLProtocol all -SSLv2 -SSLProtocol all -SSLv2 -SSLv3 - -# Allow insecure renegotiation with clients which do not yet support the -# secure renegotiation protocol. Default: Off -#SSLInsecureRenegotiation on - -# Whether to forbid non-SNI clients to access name based virtual hosts. -# Default: Off -SSLStrictSNIVHostCheck Off - - +diff --git a/ssl/ssl.conf b/ssl/ssl.conf +index 68b422b3..c3a599d5 100644 +--- a/ssl/ssl.conf ++++ b/ssl/ssl.conf +@@ -51,7 +51,7 @@ SSLSessionCacheTimeout 300 + # Semaphore: + # Configure the path to the mutual exclusion semaphore the + # SSL engine uses internally for inter-process synchronization. +-Mutex file:${APACHE_RUN_DIR} ++SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex + + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. See the diff --git a/jessie/vhost.conf b/jessie/vhost.conf index 8b4f304f..f8b933a9 100644 --- a/jessie/vhost.conf +++ b/jessie/vhost.conf @@ -1,25 +1,17 @@ - - ServerName %%fqdn%% - DocumentRoot "%%document_root%%" - AssignUserId #%%UID%% #%%GID%% - SetEnv LOGIN "%%UID%%-%%LOGIN%%" - - - php_admin_value open_basedir "%%account_root%%:/usr/share/php/" - php_admin_value upload_tmp_dir %%account_root%%/tmp - php_admin_value sendmail_path '/usr/lib/alternc/sendmail "%%mail_account%%" ' - php_admin_flag mail.add_x_header on - Options -MultiViews -FollowSymLinks +SymLinksIfOwnerMatch - AllowOverride AuthConfig FileInfo Limit Options Indexes - Order allow,deny - Allow from all - Require all granted - - -# If you want to log the errors also in /var/log/alternc/sites/ -# WARNING: this WILL FORK a vlogger for EACH VHOST havingg this !!! the load on the machine may be high -# on hosting with many vhosts. as a consequence, this is disabled by default -# ErrorLog "|| /usr/sbin/vlogger -e -u alterncpanel -g alterncpanel -s error.log -t \"error-%Y%m%d.log\" /var/log/alternc/sites/%%UID%%-%%LOGIN%%/" - - - +diff --git a/etc/alternc/templates/apache2/vhost.conf b/etc/alternc/templates/apache2/vhost.conf +index 8b4f304f..77f5e038 100644 +--- a/etc/alternc/templates/apache2/vhost.conf ++++ b/etc/alternc/templates/apache2/vhost.conf +@@ -9,11 +9,8 @@ + php_admin_value upload_tmp_dir %%account_root%%/tmp + php_admin_value sendmail_path '/usr/lib/alternc/sendmail "%%mail_account%%" ' + php_admin_flag mail.add_x_header on +- Options -MultiViews -FollowSymLinks +SymLinksIfOwnerMatch ++ Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch + AllowOverride AuthConfig FileInfo Limit Options Indexes +- Order allow,deny +- Allow from all +- Require all granted + + + # If you want to log the errors also in /var/log/alternc/sites/