Compare commits
25 commits
Author | SHA1 | Date | |
---|---|---|---|
Ludovic Poujol | 3400434f90 | ||
Ludovic Poujol | a7c1af3d83 | ||
Ludovic Poujol | 188e63376d | ||
Ludovic Poujol | a30ba3337b | ||
Ludovic Poujol | b014f1584a | ||
99741826f6 | |||
Mathieu Trossevin | 5a22490dc8 | ||
95108897b0 | |||
Mathieu Trossevin | fd0f03ab05 | ||
whirigoyen | 93c9e450ff | ||
Mathieu Trossevin | 2b6b76b78d | ||
Mathieu Trossevin | 21eef58a96 | ||
Mathieu Trossevin | 6951d1fd33 | ||
0dfb19faea | |||
8e15676d05 | |||
f5fe462248 | |||
964f710897 | |||
c385c102c5 | |||
2fd65724f7 | |||
7d8704cd25 | |||
72e39f297e | |||
2e8619e5e6 | |||
Mathieu Trossevin | 9419242465 | ||
bwaegeneire | e76ea90d89 | ||
a7f718c073 |
21
CHANGELOG.md
21
CHANGELOG.md
|
@ -21,6 +21,27 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [24.04]
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
* Prevent op_del to fail and able to remove web account when part of it is already removed
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* Add sendmail_path and open_basedir in LXC PHP pool configs
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
* letsencrypt: Add required check when retrieving certificate. (Avoid TypeError.)
|
||||||
|
* web-add.sh: Fix ssh group membership (#94)
|
||||||
|
|
||||||
|
### Removed
|
||||||
|
|
||||||
|
### Security
|
||||||
|
|
||||||
|
|
||||||
## [23.02] 2023-02-20
|
## [23.02] 2023-02-20
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
|
@ -157,6 +157,9 @@ class LetsEncrypt
|
||||||
{
|
{
|
||||||
$stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
|
$stream = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
|
||||||
$read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
|
$read = stream_socket_client("ssl://" . $domain . ":443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $stream);
|
||||||
|
if ($read === false) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$cont = stream_context_get_params($read);
|
$cont = stream_context_get_params($read);
|
||||||
|
|
||||||
return $cont;
|
return $cont;
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
VERSION="23.02"
|
VERSION="24.04"
|
||||||
HOME="/root"
|
HOME="/root"
|
||||||
CONTACT_MAIL="jdoe@example.org"
|
CONTACT_MAIL="jdoe@example.org"
|
||||||
WWWBOUNCE_MAIL="jdoe@example.org"
|
WWWBOUNCE_MAIL="jdoe@example.org"
|
||||||
|
@ -23,6 +23,7 @@ LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.local.sh"
|
||||||
PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
|
PRE_LOCAL_SCRIPT="$SCRIPTS_PATH/web-add.pre-local.sh"
|
||||||
TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
|
TPL_AWSTATS="$SCRIPTS_PATH/awstats.XXX.conf"
|
||||||
SSH_GROUP="evolinux-ssh"
|
SSH_GROUP="evolinux-ssh"
|
||||||
|
HOST="$(hostname -f)"
|
||||||
|
|
||||||
# Set to nginx if you use nginx and not apache
|
# Set to nginx if you use nginx and not apache
|
||||||
WEB_SERVER="apache"
|
WEB_SERVER="apache"
|
||||||
|
@ -362,14 +363,12 @@ create_www_account() {
|
||||||
lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null
|
lxc-attach -n php"${php_version}" -- /usr/sbin/adduser --disabled-password --home "$HOME_DIR_USER"/www --no-create-home --shell /bin/false --gecos "WWW $in_login" www-"$in_login" --uid "$www_uid" --ingroup "$in_login" --force-badname >/dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
if grep -qE '^AllowGroups' /etc/ssh/sshd_config; then
|
if grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
|
||||||
if ! grep -qE "^AllowGroups(\\s+\\S+)*(\\s+$SSH_GROUP)" /etc/ssh/sshd_config; then
|
|
||||||
sed -i "s/^AllowGroups .*/& $SSH_GROUP/" /etc/ssh/sshd_config
|
|
||||||
groupadd --force $SSH_GROUP
|
|
||||||
fi
|
|
||||||
usermod -a -G $SSH_GROUP "$in_login"
|
|
||||||
elif grep -qE '^AllowUsers' /etc/ssh/sshd_config; then
|
|
||||||
sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
|
sed -i "s/^AllowUsers .*/& $in_login/" /etc/ssh/sshd_config
|
||||||
|
else
|
||||||
|
if getent group "$SSH_GROUP" 1>/dev/null 2>&1; then
|
||||||
|
usermod --append --groups "$SSH_GROUP" "$in_login"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
/etc/init.d/ssh reload
|
/etc/init.d/ssh reload
|
||||||
|
|
||||||
|
@ -435,6 +434,8 @@ create_www_account() {
|
||||||
pool_path="/etc/php/8.0/fpm/pool.d/"
|
pool_path="/etc/php/8.0/fpm/pool.d/"
|
||||||
elif [ "$php_version" = "81" ]; then
|
elif [ "$php_version" = "81" ]; then
|
||||||
pool_path="/etc/php/8.1/fpm/pool.d/"
|
pool_path="/etc/php/8.1/fpm/pool.d/"
|
||||||
|
elif [ "$php_version" = "82" ]; then
|
||||||
|
pool_path="/etc/php/8.2/fpm/pool.d/"
|
||||||
else
|
else
|
||||||
pool_path="/etc/php5/fpm/pool.d/"
|
pool_path="/etc/php5/fpm/pool.d/"
|
||||||
fi
|
fi
|
||||||
|
@ -454,6 +455,8 @@ pm.max_children = 10
|
||||||
pm.process_idle_timeout = 10s
|
pm.process_idle_timeout = 10s
|
||||||
|
|
||||||
php_admin_value[error_log] = /home/${in_login}/log/php.log
|
php_admin_value[error_log] = /home/${in_login}/log/php.log
|
||||||
|
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -f www-${in_login}@${HOST}"
|
||||||
|
php_admin_value[open_basedir] = "/usr/share/php:/home/${in_login}:/tmp"
|
||||||
EOT
|
EOT
|
||||||
step_ok "Création du pool FPM ${php_version}"
|
step_ok "Création du pool FPM ${php_version}"
|
||||||
done
|
done
|
||||||
|
@ -611,6 +614,9 @@ EOT
|
||||||
elif [ "$php_version" = "81" ]; then
|
elif [ "$php_version" = "81" ]; then
|
||||||
initscript_path="/etc/init.d/php8.1-fpm"
|
initscript_path="/etc/init.d/php8.1-fpm"
|
||||||
binary="php-fpm8.1"
|
binary="php-fpm8.1"
|
||||||
|
elif [ "$php_version" = "82" ]; then
|
||||||
|
initscript_path="/etc/init.d/php8.2-fpm"
|
||||||
|
binary="php-fpm8.2"
|
||||||
else
|
else
|
||||||
initscript_path="/etc/init.d/php5-fpm"
|
initscript_path="/etc/init.d/php5-fpm"
|
||||||
binary="php5-fpm"
|
binary="php5-fpm"
|
||||||
|
@ -758,8 +764,10 @@ op_del() {
|
||||||
|
|
||||||
# Deactivate web vhost (apache or nginx)
|
# Deactivate web vhost (apache or nginx)
|
||||||
if [ "$WEB_SERVER" == "apache" ]; then
|
if [ "$WEB_SERVER" == "apache" ]; then
|
||||||
a2dissite "${login}.conf"
|
if a2query -s "${login}" >/dev/null 2&>1; then
|
||||||
rm /etc/apache2/sites-available/"$login.conf"
|
a2dissite "${login}.conf"
|
||||||
|
fi
|
||||||
|
rm -f /etc/apache2/sites-available/"$login.conf"
|
||||||
|
|
||||||
apache2ctl configtest
|
apache2ctl configtest
|
||||||
|
|
||||||
|
@ -779,21 +787,24 @@ op_del() {
|
||||||
elif [ "$php_version" = "81" ]; then
|
elif [ "$php_version" = "81" ]; then
|
||||||
phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
|
phpfpm_dir="/etc/php/8.1/fpm/pool.d/"
|
||||||
initscript_path="/etc/init.d/php8.1-fpm"
|
initscript_path="/etc/init.d/php8.1-fpm"
|
||||||
|
elif [ "$php_version" = "82" ]; then
|
||||||
|
phpfpm_dir="/etc/php/8.2/fpm/pool.d/"
|
||||||
|
initscript_path="/etc/init.d/php8.2-fpm"
|
||||||
else
|
else
|
||||||
phpfpm_dir="/etc/php5/fpm/pool.d/"
|
phpfpm_dir="/etc/php5/fpm/pool.d/"
|
||||||
initscript_path="/etc/init.d/php5-fpm"
|
initscript_path="/etc/init.d/php5-fpm"
|
||||||
fi
|
fi
|
||||||
rm /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
|
rm -f /var/lib/lxc/php"${php_version}"/rootfs/${phpfpm_dir}/"${login}".conf
|
||||||
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
|
lxc-attach -n php"${php_version}" -- $initscript_path restart >/dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
elif [ "$WEB_SERVER" == "nginx" ]; then
|
elif [ "$WEB_SERVER" == "nginx" ]; then
|
||||||
rm /etc/nginx/sites-{available,enabled}/"$login"
|
rm -f /etc/nginx/sites-{available,enabled}/"$login"
|
||||||
rm /etc/munin/plugins/phpfpm_"${in_login}"*
|
rm -f /etc/munin/plugins/phpfpm_"${in_login}"*
|
||||||
nginx -t
|
nginx -t
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm /etc/awstats/awstats."$login.conf"
|
rm -f /etc/awstats/awstats."$login.conf"
|
||||||
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
|
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
|
||||||
|
|
||||||
if [ "$WEB_SERVER" == "apache" ]; then
|
if [ "$WEB_SERVER" == "apache" ]; then
|
||||||
|
@ -802,14 +813,18 @@ op_del() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for php_version in "${PHP_VERSIONS[@]}"; do
|
for php_version in "${PHP_VERSIONS[@]}"; do
|
||||||
if lxc-attach -n php"${php_version}" -- id www-"$login" &> /dev/null; then
|
if lxc-attach -n php"${php_version}" -- getent passwd www-"$login" &> /dev/null; then
|
||||||
lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
|
lxc-attach -n php"${php_version}" -- userdel -f www-"$login"
|
||||||
fi
|
fi
|
||||||
lxc-attach -n php"${php_version}" -- userdel -f "$login"
|
if lxc-attach -n php"${php_version}" -- getent passwd "$login" &> /dev/null; then
|
||||||
|
lxc-attach -n php"${php_version}" -- userdel -f "$login"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
userdel -f "$login"
|
if getent passwd "$login" &> /dev/null; then
|
||||||
|
userdel -f "$login"
|
||||||
|
fi
|
||||||
|
|
||||||
sed -i.bak "/^$login:/d" /etc/aliases
|
sed -i.bak "/^$login:/d" /etc/aliases
|
||||||
if [ "$WEB_SERVER" == "apache" ]; then
|
if [ "$WEB_SERVER" == "apache" ]; then
|
||||||
|
|
Loading…
Reference in a new issue