Fix VHosts and Permissions

fruithost · Sep 7, 2024 · 4125e32 · 4125e32
1 parent 7b9a315
commit 4125e32
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 25 deletions.
diff --git a/domains/daemon.php b/domains/daemon.php
@@ -5,6 +5,7 @@
 	class DomainsDaemon {
 		public function __construct() {
 			$this->deleteDomains();
+			$this->fixDomains();
 			$this->createDomains();
 			$this->reloadApache();
 		}
@@ -59,21 +60,36 @@ protected function createDomains() {
 			}
 		}
 
+		protected function fixDomains() {
+			$domains = $this->getDomains('AND
+										`' . DATABASE_PREFIX . 'domains`.`time_deleted` IS NULL');
+
+			foreach($domains AS $domain) {
+				print "\033[0;32m\tFixing VHost:\033[39m " . $domain->name . PHP_EOL;
+				$path	= $this->createPath($domain->username, $domain->directory);
+			}
+		}
+
 		protected function createPath($username, $directory) {
 			$logs = sprintf('%s%s/%s/', HOST_PATH, $username, 'logs');
 			$path = sprintf('%s%s/%s/', HOST_PATH, $username, $directory);
+			$user = (object) posix_getpwnam($username);
 
-			chmod(HOST_PATH . $username, 0777);
+			chmod(HOST_PATH . $username, 0700);
 
 			if(!file_exists($logs)) {
 				mkdir($logs);
-				chmod($logs, 0777);
 			}
+			chmod($logs, 0700);
+			chown($logs, $user->uid);
+			chgrp($logs, $user->gid);
 
 			if(!file_exists($path)) {
 				mkdir($path);
-				chmod($path, 0777);
 			}
+			chmod($path, 0700);
+			chown($path, $user->uid);
+			chgrp($path, $user->gid);
 
 			return str_replace('//', '/', $path);
 		}
@@ -96,66 +112,117 @@ protected function getDomains($sql = '') {
 		protected function createVirtualHost($domain, $path, $grant_all = true) {
 			$config = '# Generated by fruithost' . PHP_EOL;
 			$config .= '<VirtualHost *:80>' . PHP_EOL;
-			$config .= TAB . sprintf('ServerAdmin abuse@%s', $domain->name) . PHP_EOL;
-			$config .= TAB . sprintf('DocumentRoot %s', $path) . PHP_EOL;
-			$config .= TAB . sprintf('ServerName %s', $domain->name) . PHP_EOL;
+			$config .= TAB . '# DO NOT EDIT' . PHP_EOL;
+			$config .= TAB . sprintf('ServerAdmin		abuse@%s', $domain->name) . PHP_EOL;
+			$config .= TAB . sprintf('DocumentRoot	%s', $path) . PHP_EOL;
+			$config .= TAB . sprintf('ServerName		%s', $domain->name) . PHP_EOL;
 
 			$logs = sprintf('%s%s/%s/', HOST_PATH, $domain->username, 'logs');
-			$config .= TAB . sprintf('ErrorLog %s%s_error.log', $logs, $domain->name) . PHP_EOL;
-			$config .= TAB . sprintf('CustomLog %s%s_access.log combined', $logs, $domain->name) . PHP_EOL;
+			$config .= TAB . sprintf('ErrorLog		%s%s_error.log', $logs, $domain->name) . PHP_EOL;
+			$config .= TAB . sprintf('CustomLog		%s%s_access.log combined', $logs, $domain->name) . PHP_EOL;
+			$config .= TAB . sprintf('CustomLog		%s%s_bandwidth.log common', $logs, $domain->name) . PHP_EOL;
 
 			$config .= PHP_EOL;
 
-			// Security @ToDo
+			// Security
 			$config .= PHP_EOL;
-			$config .= '#' . TAB . '<IfModule mpm_itk_module>' . PHP_EOL;
-			$config .= '#' . TAB . TAB . sprintf('AssignUserId %s www-data', $domain->username) . PHP_EOL;
-			$config .= '#' . TAB . '</IfModule>' . PHP_EOL;
+			$config .= TAB . '# Security' . PHP_EOL;
+			$config .= TAB . '<IfModule mpm_itk_module>' . PHP_EOL;
+			$config .= TAB . TAB . sprintf('AssignUserId %s www-data', $domain->username) . PHP_EOL;
+			$config .= TAB . '</IfModule>' . PHP_EOL;
+
+			// @ToDo Make settings for that
+			#$config .= PHP_EOL;
+			#$config .= TAB . '<IfModule headers>' . PHP_EOL;
+			#$config .= TAB . TAB . 'Header set X-Frame-Options: "SAMEORIGIN"' . PHP_EOL;
+			#$config .= TAB . '</IfModule>' . PHP_EOL;
 
 			// Error Pages
+			$config .= PHP_EOL;
+			$config .= TAB . '<IfModule mod_alias.c>' . PHP_EOL;
+			$config .= TAB . TAB . '# Define Error Pages' . PHP_EOL;
 			foreach([
 				100, 101,
 				400, 401, 403, 404, 405, 408, 410, 411, 412, 413, 414, 415,
 				500, 501, 502, 503, 504, 505, 506
 			] AS $code) {
-				$config .= TAB . sprintf('Alias /errors/%1$s.html /etc/fruithost/placeholder/errors/%1$s.html', $code) . PHP_EOL;
+				$config .= TAB . TAB . sprintf('Alias /errors/%1$s.html /etc/fruithost/placeholder/errors/%1$s.html', $code) . PHP_EOL;
 			}
+			$config .= TAB . '</IfModule>' . PHP_EOL;
 
 			// PHP-FPM
-			$config .= PHP_EOL;
-			$config .= TAB . '<IfModule setenvif_module>' . PHP_EOL;
-			$config .= TAB . TAB . 'SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1' . PHP_EOL;
-			$config .= TAB . '</IfModule>' . PHP_EOL;
 
 			// @ToDo
 			$fpm = '[' . $domain->username. ']
-;prefix = /var/fruithost/users/$pool
+prefix = /var/fruithost/users/$pool
 
 user = $pool
 group = www-data
 
-listen = /run/php/$pool.sock
+listen = /var/fruithost/users/.sockets/$pool.sock
 
 listen.owner = $pool
 listen.group = www-data
-listen.mode = 0770
+listen.mode = 0660
+
+process.dumpable = yes
+decorate_workers_output = yes
+catch_workers_output = yes
 
 pm = dynamic
 pm.max_children = 5
 pm.start_servers = 2
 pm.min_spare_servers = 1
 pm.max_spare_servers = 3
 
-;access.log = log/$pool.access.log';
+;access.log = log/$pool.access.log
+decorate_workers_output = yes
+catch_workers_output = yes
+php_flag[display_errors] = on
+php_admin_value[error_log] = logs/php_error.log
+php_admin_flag[log_errors] = on';
+
 			file_put_contents(sprintf('/etc/fruithost/config/php/users/%s.conf', $domain->username), $fpm);
 
+			# PHP-FPM
 			$config .= PHP_EOL;
-			$config .= TAB . '<FilesMatch ".+\.ph(?:ar|p|tml)$">' . PHP_EOL;
-			$config .= TAB . TAB . sprintf('SetHandler "proxy:unix:/run/php/%s.sock|fcgi://localhost"', $domain->username) . PHP_EOL;
-			$config .= TAB . '</FilesMatch>' . PHP_EOL;
+			$config .= TAB . '# PHP-FPM' . PHP_EOL;
+			$config .= TAB . '<IfModule !mod_php8.c>' . PHP_EOL;
+			$config .= TAB . TAB . '<IfModule proxy_fcgi_module>' . PHP_EOL;
+			$config .= TAB . TAB . TAB . '# Forward Auth-Header' . PHP_EOL;
+			$config .= TAB . TAB . TAB . '<IfModule setenvif_module>' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1' . PHP_EOL;
+			$config .= TAB . TAB . TAB . '</IfModule>' . PHP_EOL;
+			$config .= PHP_EOL;
+			$config .= TAB . TAB . TAB . '# Define Proxy' . PHP_EOL;
+			$config .= TAB . TAB . TAB . sprintf('<Proxy "unix:/var/fruithost/users/.sockets/%1$s.sock|fcgi://user-%1$s">', $domain->username) . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'ProxySet disablereuse=on' . PHP_EOL;
+			$config .= TAB . TAB . TAB . '</Proxy>' . PHP_EOL;
+			$config .= PHP_EOL;
+			$config .= TAB . TAB . TAB . '# When .php-Files will be visited' . PHP_EOL;
+			$config .= TAB . TAB . TAB . '<FilesMatch "\.php$">' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . '# Remove old handlers (if exists)' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'RemoveHandler		.php' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'ProxyFCGIBackendType FPM' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}"' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'ProxyFCGISetEnvIf "true" CONTEXT_DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}"' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'ProxyFCGISetEnvIf "true" PATH_INFO "%{PATH_INFO}"' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'ProxyFCGISetEnvIf "true" PATH_TRANSLATED "%{reqenv:DOCUMENT_ROOT}%{reqenv:PATH_INFO}%{reqenv:SCRIPT_NAME}"' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . '#ProxyFCGISetEnvIf "true" REQUEST_URI "${REQUEST_URI}"' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'ProxyFCGISetEnvIf "true" SCRIPT_NAME "%{reqenv:SCRIPT_NAME}"' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . 'ProxyFCGISetEnvIf "true" SCRIPT_FILENAME "%{reqenv:SCRIPT_FILENAME}"' . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . PHP_EOL;
+			$config .= TAB . TAB . TAB . TAB . sprintf('SetHandler proxy:fcgi://user-%1$s', $domain->username) . PHP_EOL;
+			$config .= TAB . TAB . TAB . '</FilesMatch>' . PHP_EOL;
+
+			$config .= TAB . TAB . '</IfModule>' . PHP_EOL;			
+			$config .= TAB . '</IfModule>' . PHP_EOL;
+			$config .= TAB . PHP_EOL;
 
 			// Directory
 			$config .= PHP_EOL;
+			$config .= TAB . '# Accessibility' . PHP_EOL;
 			$config .= TAB . sprintf('<Directory %s>', $path) . PHP_EOL;
 			$config .= TAB . TAB . 'Options +FollowSymLinks -Indexes' . PHP_EOL;
 			$config .= TAB . TAB . 'AllowOverride All' . PHP_EOL;

diff --git a/domains/module.package b/domains/module.package
@@ -1,6 +1,6 @@
 {
 	"name":			"Domains",
-	"version":		"1.1.4",
+	"version":		"1.1.5",
 	"category":		"DOMAIN_MANAGEMENT",
 	"icon":			"globe-europe-africa",
 	"order":		1,