maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity
Files
e211fb891b1206abe6ed94ca3bf08e16bda1eae4
Froxlor/lib/configfiles/trusty.xml
Rene Pasing 05f3e8f433 Fix problems in Dovecot quota configuration: 
1) Since Dovecot 2.x, quota rules are by default in bytes,
  and not in kilobytes (hence multiplicating with 1024 is
  not going to be megabytes). Fixed this by adding 'M' suffix.

2) Since Dovecot 2.x, the quota rule is always named `quota_rule`
  or (for userdb prefetch) `userdb_quota_rule` (there were some
  incorrect namings in the distribution configs).

Ref: http://wiki2.dovecot.org/Quota/Configuration#MySQL
2015-10-20 02:26:28 +02:00

1613 lines
54 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<froxlor>
<distribution name="Ubuntu" codename="Trusty" version="14.04" defaulteditor="/usr/bin/nano">
<services>
<!-- HTTP -->
<service type="http" title="{{lng.admin.configfiles.http}}">
<!-- general HTTP commands -->
<general>
<commands index="1">
<command>
<visibility mode="isdir">{{settings.system.apacheconf_vhost}}
</visibility>
<content><![CDATA[mkdir -p {{settings.system.apacheconf_vhost}}]]></content>
</command>
<command>
<visibility mode="isfile">{{settings.system.apacheconf_vhost}}
</visibility>
<content><![CDATA[touch {{settings.system.apacheconf_vhost}}]]></content>
</command>
<command><![CDATA[chown root:0 {{settings.system.apacheconf_vhost}}]]></command>
<command><![CDATA[chmod 0600 {{settings.system.apacheconf_vhost}}]]></command>
<command>
<visibility mode="isdir">{{settings.system.apacheconf_diroptions}}
</visibility>
<content><![CDATA[mkdir -p {{settings.system.apacheconf_diroptions}}]]></content>
</command>
<command>
<visibility mode="isfile">{{settings.system.apacheconf_diroptions}}
</visibility>
<content><![CDATA[touch {{settings.system.apacheconf_diroptions}}]]></content>
</command>
<command><![CDATA[chown root:0 {{settings.system.apacheconf_diroptions}}]]></command>
<command><![CDATA[chmod 0600 {{settings.system.apacheconf_diroptions}}]]></command>
<command><![CDATA[mkdir -p {{settings.system.documentroot_prefix}}]]></command>
<command><![CDATA[mkdir -p {{settings.system.logfiles_directory}}]]></command>
<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
<command><![CDATA[chmod 1777 {{settings.system.mod_fcgid_tmpdir}}]]></command>
<command>
<visibility mode="notempty">{{settings.system.deactivateddocroot}}
</visibility>
<content><![CDATA['mkdir -p {{settings.system.deactivateddocroot}}]]></content>
</command>
<command><![CDATA[a2dismod userdir]]></command>
</commands>
</general>
<!-- HTTP Apache -->
<daemon name="apache" version="2.2" title="Apache 2.2"
default="true">
<install><![CDATA[apt-get install apache2]]></install>
<include>//service[@type='http']/general/commands</include>
<file name="/etc/apache2/mods-enabled/fastcgi.conf">
<visibility mode="true">{{settings.phpfpm.enabled}}
</visibility>
<content><![CDATA[
<IfModule mod_fastcgi.c>
FastCgiIpcDir <FPM_IPCDIR>
<Location "/fastcgiphp">
Order Deny,Allow
Deny from All
# Prevent accessing this path directly
Allow from env=REDIRECT_STATUS
</Location>
</IfModule>
]]>
</content>
</file>
<command><![CDATA[service apache2 restart]]></command>
</daemon>
<daemon name="apache" version="2.4" title="Apache 2.4">
<install><![CDATA[apt-get install apache2]]></install>
<include>//service[@type='http']/general/commands</include>
<file name="/etc/apache2/mods-enabled/fastcgi.conf">
<visibility mode="true">{{settings.phpfpm.enabled}}
</visibility>
<content><![CDATA[
<IfModule mod_fastcgi.c>
FastCgiIpcDir <FPM_IPCDIR>
<Location "/fastcgiphp">
Require all granted
Require env REDIRECT_STATUS
</Location>
</IfModule>
]]>
</content>
</file>
<command><![CDATA[service apache2 restart]]></command>
</daemon>
<!-- HTTP Lighttpd -->
<daemon name="lighttpd" title="LigHTTPd">
<install><![CDATA[apt-get install lighttpd]]></install>
<file name="/etc/lighttpd/lighttpd.conf">
<content><![CDATA[
###############################################################################
# Default lighttpd.conf for Froxlor.
###############################################################################
var.basedir = "/var/www"
var.logdir = "/var/log/lighttpd"
var.statedir = "/var/lib/lighttpd"
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_auth",
"mod_fastcgi",
"mod_cgi",
"mod_accesslog"
)
server.username = "www-data"
server.groupname = "www-data"
server.document-root = var.basedir
server.pid-file = "/var/run/lighttpd.pid"
accesslog.filename = var.logdir + "/access.log"
server.errorlog = var.logdir + "/error.log"
server.indexfiles = ("index.php", "index.html",
"index.htm", "default.htm")
server.name = "<SERVERNAME>"
server.port = 80
server.bind = "<SERVERIP>"
url.access-deny = ("~", ".inc")
fastcgi.server = (
".php" => (
"localhost" => (
"socket" => "/tmp/lighttpd-fcgi-sock-lighttpd",
"broken-scriptfilename" => "enable",
"bin-path" => "/usr/bin/php5-cgi",
"min-procs" => 1,
"max-procs" => 1,
"max-load-per-proc" => 4,
"idle-timeout" => 60,
"bin-environment" => (
"UID" => "www-data",
"GID" => "www-data",
"PHP_FCGI_CHILDREN" => "0",
"PHP_FCGI_MAX_REQUESTS" => "10000"
),
"bin-copy-environment" => ( "" )
)
)
)
#### external configuration files
## mimetype mapping
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
]]>
</content>
</file>
<include>//service[@type='http']/general/commands</include>
<command>
<visibility mode="isdir">{{settings.system.apacheconf_vhost}}
</visibility>
<content><![CDATA[echo -e '\\ninclude_shell "cat {{settings.system.apacheconf_vhost}}*.conf"' >> /etc/lighttpd/lighttpd.conf]]></content>
</command>
<command>
<visibility mode="isfile">{{settings.system.apacheconf_vhost}}
</visibility>
<content><![CDATA[echo -e '\\ninclude "{{settings.system.apacheconf_vhost}}"' >> /etc/lighttpd/lighttpd.conf]]></content>
</command>
<command>
<visibility mode="isdir">{{settings.system.apacheconf_diroptions}}
</visibility>
<content><![CDATA[echo -e '\\ninclude_shell "cat {{settings.system.apacheconf_diroptions}}*.conf"' >> /etc/lighttpd/lighttpd.conf]]></content>
</command>
<command>
<visibility mode="isfile">{{settings.system.apacheconf_diroptions}}
</visibility>
<content><![CDATA[echo -e '\\ninclude "{{settings.system.apacheconf_diroptions}}"' >> /etc/lighttpd/lighttpd.conf]]></content>
</command>
<command><![CDATA[lighty-disable-mod cgi]]></command>
<command><![CDATA[lighty-disable-mod fastcgi]]></command>
<command><![CDATA[service lighttpd restart]]></command>
</daemon>
<!-- HTTP Nginx -->
<daemon name="nginx" title="nginx">
<install><![CDATA[apt-get install nginx php5-cli]]></install>
<install>
<visibility mode="false">{{settings.phpfpm.enabled}}
</visibility>
<visibility mode="false">{{settings.system.mod_fcgid}}
</visibility>
<content><![CDATA[apt-get install php5-cgi]]></content>
</install>
<command><![CDATA[rm /etc/nginx/sites-enabled/default]]></command>
<file name="/etc/nginx/nginx.conf">
<content><![CDATA[
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
]]>
</content>
</file>
<file name="/etc/nginx/fastcgi_params">
<content><![CDATA[
fastcgi_index index.php;
fastcgi_connect_timeout 65;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
]]>
</content>
</file>
<file name="/etc/init.d/php-fcgi" chmod="u+x">
<visibility mode="false">{{settings.phpfpm.enabled}}
</visibility>
<visibility mode="false">{{settings.system.mod_fcgid}}
</visibility>
<content><![CDATA[
#!/bin/bash
### BEGIN INIT INFO
# Provides: php-fcgi
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: php-fcgi initscript
# Description: Custom php-fcgi initscript for Froxlor
### END INIT INFO
BIND="127.0.0.1:8888"
USER="www-data"
PHP_FCGI_CHILDREN="15"
PHP_FCGI_MAX_REQUESTS="1000"
PHP_CGI="/usr/bin/php-cgi"
PHP_CGI_NAME="$(basename ${PHP_CGI})"
PHP_CGI_ARGS="- USER=${USER} PATH=/usr/bin PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN} PHP_FCGI_MAX_REQUESTS=${PHP_FCGI_MAX_REQUESTS} ${PHP_CGI} -b ${BIND}"
RETVAL="0"
start() {
echo -n "Starting PHP FastCGI: "
start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- $PHP_CGI_ARGS
RETVAL="$?"
echo "${PHP_CGI_NAME}."
}
stop() {
echo -n "Stopping PHP FastCGI: "
killall -q -w -u ${USER} ${PHP_CGI}
RETVAL="$?"
echo "${PHP_CGI_NAME}."
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage: php-fastcgi {start|stop|restart}"
exit 1
;;
esac
exit "$RETVAL"
]]>
</content>
</file>
<include>//service[@type='http']/general/commands</include>
<command>
<visibility mode="false">{{settings.phpfpm.enabled}}
</visibility>
<visibility mode="false">{{settings.system.mod_fcgid}}
</visibility>
<content><![CDATA[service php-fcgi restart]]></content>
</command>
<command><![CDATA[service nginx restart]]></command>
</daemon>
</service>
<!--DNS -->
<service type="dns" title="{{lng.admin.configfiles.dns}}">
<!--Bind9 -->
<daemon name="bind" title="Bind9 nameserver">
<install><![CDATA[apt-get install bind9]]></install>
<command><![CDATA[echo "include \"{{settings.system.bindconf_directory}}froxlor_bind.conf\";" >> /etc/bind/named.conf]]></command>
<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
<command><![CDATA[chown root:bind {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
<command><![CDATA[service bind9 restart]]></command>
</daemon>
<daemon name="powerdns" title="PowerDNS via bind-backend">
<install><![CDATA[apt-get install pdns-server]]></install>
<file name="/etc/powerdns/pdns.conf" backup="true">
<content><![CDATA[
allow-recursion=127.0.0.1
config-dir=/etc/powerdns
daemon=yes
guardian=yes
launch=bind
lazy-recursion=yes
local-port=53
master=yes
module-dir=/usr/lib/powerdns
setgid=pdns
setuid=pdns
socket-dir=/var/run
version-string=powerdns
bind-config=<BIND_CONFIG_PATH>named.conf
bind-check-interval=300
include=/etc/powerdns/pdns_froxlor.conf
]]>
</content>
</file>
<file name="/etc/powerdns/pdns_froxlor.conf" chown="root:0"
chmod="644">
<content><![CDATA[
allow-axfr-ips=<NAMESERVERS>
#local-ipv6=YOUR_IPv6_(if_any)
bind-config=<BIND_CONFIG_PATH>named.conf
bind-check-interval=180
log-dns-details=yes
local-address=<SERVERIP>,127.0.0.1
]]>
</content>
</file>
<command><![CDATA[service pdns restart]]></command>
</daemon>
</service>
<!-- SMTP services -->
<service type="smtp" title="{{lng.admin.configfiles.smtp}}">
<!-- general SMTP commands -->
<general>
<commands index="1">
<command>
<visibility mode="groupnotexists">{{settings.system.vmail_gid}}
</visibility>
<content><![CDATA[groupadd -g {{settings.system.vmail_gid}} vmail]]></content>
</command>
<command>
<visibility mode="usernotexists">{{settings.system.vmail_uid}}
</visibility>
<content><![CDATA[useradd -u {{settings.system.vmail_uid}} -g vmail vmail]]></content>
</command>
</commands>
<installs index="1">
<install><![CDATA[apt-get install postfix postfix-mysql]]></install>
</installs>
<commands index="2">
<command><![CDATA[mkdir -p /var/spool/postfix/etc/pam.d]]></command>
<command><![CDATA[mkdir -p /var/spool/postfix/var/run/mysqld]]></command>
<command><![CDATA[mkdir -p {{settings.system.vmail_homedir}}]]></command>
<command><![CDATA[chown -R {{settings.system.vmail_uid}}:{{settings.system.vmail_gid}} {{settings.system.vmail_homedir}}]]></command>
<command><![CDATA[chmod 0750 {{settings.system.vmail_homedir}}]]></command>
</commands>
<files index="0">
<file name="/etc/postfix/mysql-virtual_alias_maps.cf" chown="root:postfix"
chmod="0640">
<content><![CDATA[
user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
]]>
</content>
</file>
<file name="/etc/postfix/mysql-virtual_mailbox_domains.cf"
chown="root:postfix" chmod="0640">
<content><![CDATA[
user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
]]>
</content>
</file>
<file name="/etc/postfix/mysql-virtual_mailbox_maps.cf"
chown="root:postfix" chmod="0640">
<content><![CDATA[
user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
expansion_limit = 1
hosts = <SQL_HOST>
query = SELECT CONCAT(homedir,maildir) FROM mail_users WHERE email = '%s'
]]>
</content>
</file>
<file name="/etc/postfix/mysql-virtual_sender_permissions.cf"
chown="root:postfix" chmod="0640">
<content><![CDATA[
user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT DISTINCT username FROM mail_users WHERE email in ((SELECT mail_virtual.email_full FROM mail_virtual WHERE mail_virtual.email = '%s' UNION SELECT mail_virtual.destination FROM mail_virtual WHERE mail_virtual.email = '%s'));
]]>
</content>
</file>
<file name="/etc/postfix/mysql-virtual_uid_maps.cf" chown="root:postfix"
chmod="0640">
<content><![CDATA[
user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
expansion_limit = 1
hosts = <SQL_HOST>
query = SELECT uid FROM mail_users WHERE email = '%s'
]]>
</content>
</file>
<file name="/etc/postfix/mysql-virtual_gid_maps.cf" chown="root:postfix"
chmod="0640">
<content><![CDATA[
user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
expansion_limit = 1
hosts = <SQL_HOST>
query = SELECT gid FROM mail_users WHERE email = '%s'
]]>
</content>
</file>
<file name="/etc/aliases" backup="true">
<content><![CDATA[
# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
# change this to a valid e-mail address you can access
root: root@<SERVERNAME>
]]>
</content>
</file>
</files>
<commands index="3">
<command><![CDATA[newaliases]]></command>
<command><![CDATA[service postfix restart]]></command>
</commands>
</general>
<!-- postfix with dovecot -->
<daemon name="postfix_dovecot" title="Postfix with dovecot"
default="true">
<include>//service[@type='smtp']/general/commands[@index=1]
</include>
<include>//service[@type='smtp']/general/installs[@index=1]
</include>
<include>//service[@type='smtp']/general/commands[@index=2]
</include>
<file name="/etc/postfix/main.cf" chown="root:root" chmod="0644"
backup="true">
<content><![CDATA[
## General Postfix configuration
# should be the default domain from your provider eg. "server100.provider.tld"
mydomain = <SERVERNAME>
# should be different from $mydomain eg. "mail.$mydomain"
myhostname = mail.$mydomain
mydestination = $myhostname,
$mydomain,
localhost.$myhostname,
localhost.$mydomain,
localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
append_dot_mydomain = no
biff = no
# Postfix performance settings
default_destination_concurrency_limit = 20
local_destination_concurrency_limit = 2
# SMTPD Settings
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient
smtpd_sender_restrictions = permit_mynetworks,
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject_unknown_helo_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_client_hostname
# Postfix 2.10 requires this option. Postfix < 2.10 ignores this.
# The option is intentionally left empty.
smtpd_relay_restrictions =
# Maximum size of Message in bytes (50MB)
message_size_limit = 52428800
## SASL Auth Settings
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
## Dovecot Settings for deliver, SASL Auth and virtual transport
smtpd_sasl_type = dovecot
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_path = private/dovecot-auth
# Virtual delivery settings
virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
virtual_uid_maps = static:<VIRTUAL_UID_MAPS>
virtual_gid_maps = static:<VIRTUAL_GID_MAPS>
# Local delivery settings
local_transport = local
alias_maps = $alias_database
# Default Mailbox size, is set to 0 which means unlimited!
mailbox_size_limit = 0
virtual_mailbox_limit = 0
### TLS settings
###
## TLS for outgoing mails from the server to another server
#smtp_tls_security_level = may
#smtp_tls_note_starttls_offer = yes
## TLS for incoming connections (clients or other mail servers)
#smtpd_tls_security_level = may
#smtpd_tls_cert_file = /etc/ssl/server/<SERVERNAME>.pem
#smtpd_tls_key_file = $smtpd_tls_cert_file
#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
]]>
</content>
</file>
<include>//service[@type='smtp']/general/files[@index=0]</include>
<file name="/etc/postfix/master.cf" chown="root:root" chmod="0644"
backup="true" mode="append">
<content><![CDATA[
# Add these lines to be able to use dovecot as delivery agent
# Dovecot LDA
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
]]>
</content>
</file>
<include>//service[@type='smtp']/general/commands[@index=3]
</include>
</daemon>
<!-- postfix with courier -->
<daemon name="postfix_courier" title="Postfix with courier">
<include>//service[@type='smtp']/general/commands[@index=1]
</include>
<include>//service[@type='smtp']/general/installs[@index=1]
</include>
<install><![CDATA[apt-get install libsasl2-2 libsasl2-modules libsasl2-modules-sql]]></install>
<include>//service[@type='smtp']/general/commands[@index=2]
</include>
<file name="/etc/postfix/main.cf" chown="root:root" chmod="0644"
backup="true">
<content><![CDATA[
## General Postfix configuration
# should be the default domain from your provider eg. "server100.provider.tld"
mydomain = <SERVERNAME>
# should be different from $mydomain eg. "mail.$mydomain"
myhostname = mail.$mydomain
mydestination = $myhostname,
$mydomain,
localhost.$myhostname,
localhost.$mydomain,
localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
append_dot_mydomain = no
biff = no
# Postfix performance settings
default_destination_concurrency_limit = 20
local_destination_concurrency_limit = 2
# SMTPD Settings
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient
smtpd_sender_restrictions = permit_mynetworks,
reject_sender_login_mismatch,
permit_sasl_authenticated,
reject_unknown_helo_hostname,
reject_unknown_recipient_domain,
reject_unknown_sender_domain
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_client_hostname
# Postfix 2.10 requires this option. Postfix < 2.10 ignores this.
# The option is intentionally left empty.
smtpd_relay_restrictions =
# Maximum size of Message in bytes (50MB)
message_size_limit = 52428800
## SASL Auth Settings
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
# Virtual delivery settings
virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
virtual_uid_maps = static:<VIRTUAL_UID_MAPS>
virtual_gid_maps = static:<VIRTUAL_GID_MAPS>
# Local delivery settings
local_transport = local
alias_maps = $alias_database
# Default Mailbox size, is set to 0 which means unlimited!
mailbox_size_limit = 0
virtual_mailbox_limit = 0
### TLS settings
###
## TLS for outgoing mails from the server to another server
#smtp_tls_security_level = may
#smtp_tls_note_starttls_offer = yes
## TLS for email client
#smtpd_tls_security_level = may
#smtpd_tls_cert_file = /etc/ssl/server/<SERVERNAME>.pem
#smtpd_tls_key_file = $smtpd_tls_cert_file
#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
#smtpd_tls_loglevel = 1
#smtpd_tls_received_header = yes
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
]]>
</content>
</file>
<include>//service[@type='smtp']/general/files[@index=0]</include>
<file name="/etc/postfix/sasl/smtpd.conf" chown="root:root"
chmod="0600">
<content><![CDATA[
pwcheck_method: auxprop
auxprop_plugin: sql
allowanonymouslogin: no
allowplaintext: yes
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: <SQL_HOST>
sql_user: <SQL_UNPRIVILEGED_USER>
sql_passwd: <SQL_UNPRIVILEGED_PASSWORD>
sql_database: <SQL_DB>
sql_select: SELECT password FROM mail_users WHERE username='%u@%r' OR email='%u@%r'
]]>
</content>
</file>
<include>//service[@type='smtp']/general/commands[@index=3]
</include>
</daemon>
</service>
<!-- IMAP/POP3 services -->
<service type="mail" title="{{lng.admin.configfiles.mail}}">
<!-- Dovecot -->
<daemon name="dovecot" version="2" title="Dovecot" default="true">
<install><![CDATA[apt-get install dovecot-imapd dovecot-pop3d dovecot-mysql mail-stack-delivery]]></install>
<file name="/etc/dovecot/conf.d/01-mail-stack-delivery.conf"
chown="root:root" chmod="0644" backup="true">
<content><![CDATA[
# Some general options
protocols = imap pop3 sieve
disable_plaintext_auth = no
ssl = yes
ssl_cert = </etc/ssl/certs/ssl-mail.pem
ssl_key = </etc/ssl/private/ssl-mail.key
ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
mail_location = maildir:~/Maildir
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
# IMAP configuration
protocol imap {
mail_plugins = quota imap_quota
mail_max_userip_connections = 10
imap_client_workarounds = delay-newmail
# IMAP logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
imap_logout_format = in=%i out=%o
}
# POP3 configuration
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = UID%u-%v
mail_plugins = quota
# POP3 logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %t - number of TOP commands
# %p - number of bytes sent to client as a result of TOP command
# %r - number of RETR commands
# %b - number of bytes sent to client as a result of RETR command
# %d - number of deleted messages
# %m - number of messages (before deletion)
# %s - mailbox size in bytes (before deletion)
# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
pop3_logout_format = in=%i out=%o top=%t/%p retr=%r/%b del=%d/%m size=%s
}
# LDA configuration
protocol lda {
postmaster_address = postmaster@<SERVERNAME>
mail_plugins = sieve quota
quota_full_tempfail = yes
deliver_log_format = msgid=%m: %$
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
# Plugins configuration
plugin {
sieve=~/.dovecot.sieve
sieve_dir=~/sieve
quota = maildir
}
# Authentication configuration
auth_mechanisms = plain login
service auth {
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/dovecot-auth {
mode = 0660
user = postfix
group = postfix
}
}
]]>
</content>
</file>
<file name="/etc/dovecot/conf.d/10-auth.conf" chown="root:root"
chmod="0644" backup="true">
<content><![CDATA[
##
## Authentication processes
##
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
#auth_cache_size = 0
# Time to live for cached data. After TTL expires the cached record is no
# longer used, *except* if the main database lookup returns internal failure.
# We also try to handle password changes automatically: If user's previous
# authentication was successful, but this one wasn't, the cache isn't used.
# For now this works only with plaintext authentication.
#auth_cache_ttl = 1 hour
# TTL for negative hits (user not found, password mismatch).
# 0 disables caching them completely.
#auth_cache_negative_ttl = 1 hour
# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
# Many clients simply use the first one listed here, so keep the default realm
# first.
#auth_realms =
# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm =
# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
# Username character translations before it's looked up from databases. The
# value contains series of from -> to characters. For example "#@/@" means
# that '#' and '/' characters are translated to '@'.
#auth_username_translation =
# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
#auth_username_format =
# If you want to allow master users to log in by specifying the master
# username within the normal username string (ie. not using SASL mechanism's
# support for it), you can specify the separator character here. The format
# is then <username><separator><master username>. UW-IMAP uses "*" as the
# separator, so that could be a good choice.
#auth_master_user_separator =
# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous
# Maximum number of dovecot-auth worker processes. They're used to execute
# blocking passdb and userdb queries (eg. MySQL and PAM). They're
# automatically created and destroyed as needed.
#auth_worker_max_count = 30
# Host name to use in GSSAPI principal names. The default is to use the
# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
# entries.
#auth_gssapi_hostname =
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file.
#auth_krb5_keytab =
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
#auth_use_winbind = no
# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth
# Time to delay before replying to failed authentications.
#auth_failure_delay = 2 secs
# Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no
# Take the username from client's SSL certificate, using
# X509_NAME_get_text_by_NID() which returns the subject's DN's
# CommonName.
#auth_ssl_username_from_cert = no
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
##
## Password and user databases
##
#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>
#!include auth-deny.conf.ext
#!include auth-master.conf.ext
#!include auth-system.conf.ext
!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext
]]>
</content>
</file>
<file name="/etc/dovecot/dovecot-sql.conf.ext" chown="root:0"
chmod="0640" backup="true">
<content><![CDATA[
driver = mysql
connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
default_pass_scheme = CRYPT
password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota, 'M') as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
iterate_query = SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)
]]>
</content>
</file>
<command><![CDATA[service dovecot restart]]></command>
</daemon>
<!-- Courier -->
<daemon name="courier" title="Courier">
<install><![CDATA[apt-get install courier-pop courier-imap courier-authlib-mysql]]></install>
<file name="/etc/courier/authdaemonrc" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc. See COPYING for
# distribution information.
#
# authdaemonrc created from authdaemonrc.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# This file configures authdaemond, the resident authentication daemon.
#
# Comments in this file are ignored. Although this file is intended to
# be sourced as a shell script, authdaemond parses it manually, so
# the acceptable syntax is a bit limited. Multiline variable contents,
# with the \ continuation character, are not allowed. Everything must
# fit on one line. Do not use any additional whitespace for indentation,
# or anything else.
##NAME: authmodulelist:0
#
# The authentication modules that are linked into authdaemond. The
# default list is installed. You may selectively disable modules simply
# by removing them from the following list. The available modules you
# can use are: authcustom authcram authuserdb authldap authmysql authpam
authmodulelist="authmysql"
##NAME: authmodulelistorig:1
#
# This setting is used by Courier's webadmin module, and should be left
# alone
authmodulelistorig="authcustom authcram authuserdb authldap authmysql authpam"
##NAME: daemons:0
#
# The number of daemon processes that are started. authdaemon is typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them running.
# PLEASE NOTE: Some platforms may experience a problem if there's more than
# one daemon. Specifically, SystemV derived platforms that use TLI with
# socket emulation. I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases. Symptoms
# include sporadic authentication failures. If you start getting
# authentication failures, increase daemons. However, the default of 5
# SHOULD be sufficient. Bumping up daemon count is only a short-term
# solution. The permanent solution is to add more resources: RAM, faster
# disks, faster CPUs...
daemons=5
##NAME: version:0
#
# When you have multiple versions of authdaemond.* installed, authdaemond
# just picks the first one it finds. Set "version" to override that.
# For example: version=authdaemond.plain
version=""
##NAME: authdaemonvar:0
#
# authdaemonvar is here, but is not used directly by authdaemond. It's
# used by various configuration and build scripts, so don't touch it!
authdaemonvar=/var/run/courier/authdaemon
]]>
</content>
</file>
<file name="/etc/courier/authmysqlrc" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
MYSQL_SERVER <SQL_HOST>
MYSQL_USERNAME <SQL_UNPRIVILEGED_USER>
MYSQL_PASSWORD <SQL_UNPRIVILEGED_PASSWORD>
MYSQL_PORT 3306
MYSQL_DATABASE <SQL_DB>
MYSQL_USER_TABLE mail_users
MYSQL_CRYPT_PWFIELD password_enc
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD (quota*1024*1024)
MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
]]>
</content>
</file>
<command><![CDATA[service courier-authdaemon restart]]></command>
<command><![CDATA[service courier-pop restart]]></command>
</daemon>
</service>
<!-- FTP services -->
<service type="ftp" title="{{lng.admin.configfiles.ftp}}">
<!-- Proftpd -->
<daemon name="proftpd" title="ProFTPd" default="true">
<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
ServerName "<SERVERNAME> FTP Server"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Allow up- and downloads to be continued
AllowRetrieveRestart On
AllowStoreRestart On
<IfModule mod_quotatab.c>
QuotaEngine on
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine off
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
]]>
</content>
</file>
<file name="/etc/proftpd/modules.conf" chown="root:0" chmod="0644"
backup="true">
<content><![CDATA[
#
# This file is used to manage DSO modules and features.
#
# This is the directory where DSO modules reside
ModulePath /usr/lib/proftpd
# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
# Install proftpd-mod-mysql or proftpd-mod-pgsql to use this
LoadModule mod_sql.c
# Install proftpd-mod-ldap to use this
#LoadModule mod_ldap.c
#
# 'SQLBackend mysql' or 'SQLBackend postgres' directives are required
# to have SQL authorization working. You can also comment out the
# unused module here, in alternative.
#
# Install proftpd-mod-mysql to use this
LoadModule mod_sql_mysql.c
# Install proftpd-mod-pgsql to use this
#LoadModule mod_sql_postgres.c
#LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
# Install proftpd-mod-ldap to use this
#LoadModule mod_quotatab_ldap.c
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
LoadModule mod_quotatab_sql.c
LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
#LoadModule mod_wrap2_sql.c
LoadModule mod_dynmasq.c
# keep this module the last one
LoadModule mod_ifsession.c
]]>
</content>
</file>
<file name="/etc/proftpd/sql.conf" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
<IfModule mod_sql.c>
DefaultRoot ~
RequireValidShell off
AuthOrder mod_sql.c
SQLBackend mysql
SQLEngine on
SQLAuthenticate on
SQLAuthTypes Crypt
SQLAuthenticate users* groups*
SQLConnectInfo <SQL_DB>@<SQL_HOST> <SQL_UNPRIVILEGED_USER> <SQL_UNPRIVILEGED_PASSWORD>
SQLUserInfo ftp_users username password uid gid homedir shell
SQLGroupInfo ftp_groups groupname gid members
SQLUserWhereClause "login_enabled = 'y'"
SQLLog PASS login
SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users
SQLLog RETR download
SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users
SQLLog STOR upload
SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users
QuotaEngine on
QuotaShowQuotas on
QuotaDisplayUnits Mb
QuotaLock /var/lock/ftpd.quotatab.lock
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
</file>
<command><![CDATA[service proftpd restart]]></command>
</daemon>
<!-- Pureftpd -->
<daemon name="pureftpd" title="PureFTPd">
<install><![CDATA[apt-get install pure-ftpd-common pure-ftpd-mysql]]></install>
<file name="/etc/pure-ftpd/conf/MinUID" chown="root:0" chmod="0644">
<content><![CDATA[
1000
]]>
</content>
</file>
<file name="/etc/pure-ftpd/conf/MySQLConfigFile" chown="root:0"
chmod="0644">
<content><![CDATA[
/etc/pure-ftpd/db/mysql.conf
]]>
</content>
</file>
<file name="/etc/pure-ftpd/conf/NoAnonymous" chown="root:0"
chmod="0644">
<content><![CDATA[
yes
]]>
</content>
</file>
<file name="/etc/pure-ftpd/conf/MaxIdleTime" chown="root:0"
chmod="0644">
<content><![CDATA[
15
]]>
</content>
</file>
<file name="/etc/pure-ftpd/conf/ChrootEveryone" chown="root:0"
chmod="0644">
<content><![CDATA[
yes
]]>
</content>
</file>
<file name="/etc/pure-ftpd/conf/PAMAuthentication" chown="root:0"
chmod="0644">
<content><![CDATA[
no
]]>
</content>
</file>
<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
chmod="0640" backup="true">
<content><![CDATA[
MYSQLServer <SQL_HOST>
MYSQLUser <SQL_UNPRIVILEGED_USER>
MYSQLPassword <SQL_UNPRIVILEGED_PASSWORD>
MYSQLDatabase <SQL_DB>
MYSQLCrypt any
MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y"
MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y"
MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y"
MySQLGetQTASZ SELECT panel_customers.diskspace/1024 AS QuotaSize FROM panel_customers, ftp_users WHERE username = "\L" AND panel_customers.loginname = SUBSTRING_INDEX('\L', 'ftp', 1)
]]>
</content>
</file>
<file name="/etc/pure-ftpd/conf/CustomerProof" chown="root:0"
chmod="0644">
<content><![CDATA[
1
]]>
</content>
</file>
<file name="/etc/pure-ftpd/conf/Bind" chown="root:0" chmod="0644">
<content><![CDATA[
21
]]>
</content>
</file>
<file name="/etc/default/pure-ftpd-common" chown="root:0"
chmod="0644" backup="true">
<content><![CDATA[
STANDALONE_OR_INETD=standalone
VIRTUALCHROOT=false
UPLOADSCRIPT=
UPLOADUID=
UPLOADGID=
]]>
</content>
</file>
<command><![CDATA[service pure-ftpd-mysql restart]]></command>
</daemon>
</service>
<!-- System tools/services -->
<service type="system" title="{{lng.admin.configfiles.etc}}">
<!-- Cronjob -->
<daemon name="cron" title="Cronjob for froxlor" mandatory="true">
<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
<content><![CDATA[
#
# Set PATH, otherwise restart-scripts won't find start-stop-daemon
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#
# Regular cron jobs for the froxlor package
#
# Please check that all following paths are correct
#
*/5 * * * * root /usr/bin/nice -n 5 /usr/bin/php5 -q <BASE_PATH>scripts/froxlor_master_cronjob.php
]]>
</content>
</file>
<command><![CDATA[{{settings.system.crondreload}}]]></command>
</daemon>
<!-- AWstats -->
<daemon name="awstats" title="Awstats (webalizer alternative)">
<install><![CDATA[apt-get install awstats]]></install>
<command><![CDATA[cp /usr/share/awstats/tools/awstats_buildstaticpages.pl {{settings.system.awstats_path}}]]></command>
<command><![CDATA[mv {{settings.system.awstats_conf}}/awstats.conf {{settings.system.awstats_conf}}/awstats.model.conf]]></command>
<command><![CDATA[sed -i.bak 's/^DirData/# DirData/' {{settings.system.awstats_conf}}/awstats.model.conf]]></command>
<command><![CDATA[sed -i.bak 's|^\\(DirIcons=\\).*$|\\1\\"/awstats-icon\\"|' {{settings.system.awstats_conf}}/awstats.model.conf]]></command>
<command><![CDATA[rm /etc/cron.d/awstats]]></command>
</daemon>
<!-- libnss-mysql -->
<daemon name="libnss" title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
<install><![CDATA[apt-get install libnss-mysql-bg nscd]]></install>
<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0600"
backup="true">
<content><![CDATA[
getpwnam SELECT username,'x',uid,gid,'Froxlor Customer',homedir,shell \
FROM ftp_users \
WHERE username='%1$s' \
AND login_enabled = 'Y' \
ORDER BY LENGTH(username) \
LIMIT 1
getpwuid SELECT username,'x',uid,gid,'Froxlor Customer',homedir,shell \
FROM ftp_users \
WHERE uid='%1$u' \
AND login_enabled = 'Y' \
ORDER BY LENGTH(username) \
LIMIT 1
getspnam SELECT username,password,FLOOR(UNIX_TIMESTAMP()/86400-1),'1','99999','7','-1','-1','0' \
FROM ftp_users \
WHERE username='%1$s' \
AND login_enabled = 'Y' \
ORDER BY LENGTH(username) \
LIMIT 1
getpwent SELECT username,'x',uid,gid,'Froxlor Customer',homedir,shell \
FROM ftp_users
getspent SELECT username,password,FLOOR(UNIX_TIMESTAMP()/86400-1),'1','99999','7','-1','-1','0' \
FROM ftp_users
getgrnam SELECT groupname,'x',gid \
FROM ftp_groups \
WHERE groupname='%1$s' \
LIMIT 1
getgrgid SELECT groupname,'x',gid \
FROM ftp_groups \
WHERE gid='%1$u' \
LIMIT 1
getgrent SELECT groupname,'x',gid \
FROM ftp_groups
memsbygid SELECT members \
FROM ftp_groups \
WHERE gid='%1$u'
gidsbymem SELECT CONCAT_WS(',', gid) as gid \
FROM ftp_groups \
WHERE FIND_IN_SET('%1$s', members)
host <SQL_HOST>
database <SQL_DB>
username <SQL_UNPRIVILEGED_USER>
password <SQL_UNPRIVILEGED_PASSWORD>
socket /var/run/mysqld/mysqld.sock
]]>
</content>
</file>
<command>
<!-- if a socket is set for the db-server use it -->
<visibility mode="notempty">{{sql.socket}}</visibility>
<content><![CDATA[sed -i.bak 's|^\\(socket\\).*$|\\1\\"{{sql.socket}}\\"|' /etc/libnss-mysql.cfg]]></content>
</command>
<file name="/etc/libnss-mysql-root.cfg" chown="root:root"
chmod="0600" backup="true">
<content><![CDATA[
username <SQL_UNPRIVILEGED_USER>
password <SQL_UNPRIVILEGED_PASSWORD>
]]>
</content>
</file>
<file name="/etc/nsswitch.conf" backup="true">
<content><![CDATA[
# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
# You should place mysql at the end, so that it is queried after the other mechanisams
#
passwd: compat mysql
group: compat mysql
shadow: compat mysql
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files
]]>
</content>
</file>
<command><![CDATA[service nscd restart]]></command>
<!-- clear group chache -->
<command><![CDATA[nscd --invalidate=group]]></command>
</daemon>
<!-- Logrotate -->
<daemon name="logrotate" title="Logrotate">
<install><![CDATA[apt-get install logrotate]]></install>
<file name="/etc/logrotate.d/froxlor" chown="root:root" chmod="0644">
<content><![CDATA[
#
# Froxlor logrotate snipet
#
<CUSTOMER_LOGS>*.log {
missingok
weekly
rotate 4
compress
delaycompress
notifempty
create
sharedscripts
postrotate
<WEBSERVER_RELOAD_CMD> > /dev/null 2>&1 || true
endscript
}
]]>
</content>
</file>
</daemon>
<!-- FCGID -->
<daemon name="fcgid" title="FCGID (alternative to mod_php)">
<install><![CDATA[apt-get install apache2-suexec libapache2-mod-fcgid php5-cgi]]></install>
<command><![CDATA[a2enmod suexec fcgid]]></command>
<commands index="1">
<visibility mode="true">{{settings.system.mod_fcgid_ownvhost}}
</visibility>
<command><![CDATA[groupadd -f {{settings.system.mod_fcgid_httpgroup}}]]></command>
<command><![CDATA[useradd -s /bin/false -g {{settings.system.mod_fcgid_httpgroup}} {{settings.system.mod_fcgid_httpuser}}]]></command>
<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_configdir}}]]></command>
<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
<command><![CDATA[a2dismod php5]]></command>
</commands>
<!-- instead of just restarting apache, we let the cronjob do all the
dirty work -->
<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
</daemon>
<!-- PHP-FPM -->
<daemon name="php-fpm" title="PHP-FPM (alternative to mod_php)">
<commands index="1">
<visibility mode="equals" value="apache2">{{settings.system.webserver}}
</visibility>
<command><![CDATA[# add "non-free" after all occurances of "main" in /etc/apt/sources.list]]></command>
<command><![CDATA[# this is needed for libapache2-mod-fastcgi to install]]></command>
</commands>
<install>
<visibility mode="equals" value="apache2">{{settings.system.webserver}}
</visibility>
<content><![CDATA[apt-get install apache2-suexec libapache2-mod-fastcgi]]></content>
</install>
<install><![CDATA[apt-get install php5-fpm]]></install>
<commands index="2">
<visibility mode="equals" value="apache2">{{settings.system.webserver}}
</visibility>
<command><![CDATA[a2enmod suexec fastcgi actions]]></command>
</commands>
<commands index="3">
<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
</visibility>
<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
</visibility>
<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
</commands>
<commands index="4">
<visibility mode="equals" value="apache2">{{settings.system.webserver}}
</visibility>
<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
</visibility>
<command><![CDATA[a2dismod php5]]></command>
</commands>
<!-- instead of just restarting apache, we let the cronjob do all the
dirty work -->
<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
</daemon>
</service>
</services>
</distribution>
</froxlor>
View Git Blame Copy Permalink