Merge branch 'develop' into 6202-support-for-borg-archive-in-backups

Author: Jorge Muñoz

.gitlab-ci.yml

@@ -17,6 +17,7 @@ syntax:lint:
     - schedules
     - web
     - merge_requests
+    - /^\d+\.\d+\.\d+$/
 
   script:
     - echo "Syntax checking PHP files"
@@ -32,6 +33,12 @@ syntax_diff:lint:
     - pushes
     - branches
 
+  except:
+    - schedules
+    - web
+    - merge_requests
+    - /^\d+\.\d+\.\d+$/
+
   script:
     - echo "Syntax checking PHP files"
     - bash ./.git-scripts/syntax.sh commit
@@ -52,33 +59,46 @@ syntax_diff:lint:
 #    - vendor/bin/phplint
 
 
-test:install:
-  stage: test
-  image: jerob/docker-ispconfig
-  only:
-    - schedules
-    - web
-  script:
-    - $CI_PROJECT_DIR/helper_scripts/test_install_docker.sh
-    - apt-get update
-    - apt-get --yes install curl
-    - curl --insecure https://127.0.0.1:8080/login/
-    - ps xaf
-
+#test:install:
+#  stage: test
+#  image: jerob/docker-ispconfig
+#  only:
+#    - schedules
+#    - web
+#    - /^\d+\.\d+\.\d+$/
+#  
+#  script:
+#    - $CI_PROJECT_DIR/helper_scripts/test_install_docker.sh
+#    - apt-get update
+#    - apt-get --yes install curl
+#    - curl --insecure https://127.0.0.1:8080/login/
+#    - ps xaf
+#    
+#  needs: ["syntax:lint"]
 
 build:package:
     stage: build
     image: edbizarro/gitlab-ci-pipeline-php:7.2
     only:
         refs:
             - /^\d+\.\d+\.\d+$/
-    except:
-        - branches
-        - merge_requests
-        - schedules
-        - pushes
+            - web
+
     script:
         - echo "Building release."
+        - if [[ "$VER" == "" ]] ; then VER="$CI_COMMIT_TAG" ; fi
+        - if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
+        - if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
+        - RET=0
+        - tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' . || RET=$?
+        - if [[ $RET > 1 ]] ; then exit $RET ; fi
+        - echo "Listing tar contents for verification"
+        - tar -tvf ISPConfig-${VER}.tar.gz
+        - echo "Uploading file to download server"
+        - curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/
+        - if [[ "$VER" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] ; then echo "Stable release ${VER}" ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/ISPConfig-3-stable.tar.gz ; echo -n "${VER}" > ispconfig3_version.txt ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ispconfig3_version.txt ftp://${DEPLOY_FTP_SERVER}/web/ ; else echo "Dev release ${VER}" ; fi
+        - rm ISPConfig-${VER}.tar.gz
+        - echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
 
-    when: manual
+    needs: ["syntax:lint"]
     allow_failure: false

helper_scripts/cert_check.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+chkdata() {
+	F=$1
+	CRT=$2
+	KEY=$3
+	if [[ "$CRT" != "" && "$KEY" != "" ]] ; then
+		if [[ ! -f "$CRT" ]] ; then
+			echo "[WARN] CERTIFICATE FILE ${CRT} MISSING FOR ${F}" ;
+		else 
+			echo -n "Checking ${CRT}" ;
+			CHK=$(openssl x509 -in "${CRT}" -text -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		if [[ ! -f "$KEY" ]] ; then
+			echo "[WARN] KEY FILE ${KEY} MISSING FOR ${F}" ;
+		else
+			echo -n "Checking ${KEY}" ;
+			CHK=$(openssl rsa -in "${KEY}" -check -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+	
+		if [[ -f "$CRT" && -f "$KEY" ]] ; then
+			echo -n "Checking that key and certificate match";
+			MDCRT=$(openssl x509 -noout -modulus -in "${CRT}" | openssl md5) ;
+			MDKEY=$(openssl rsa -noout -modulus -in "${KEY}" | openssl md5) ;
+			if [[ "$MDCRT" != "$MDKEY" ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		echo "---" ;
+	elif [[ "$CRT" != ""  || "$KEY" != "" ]] ; then
+		echo "[WARN] Check SSL config of ${F}";
+		echo "---" ;
+	fi
+}
+
+if [[ -d /etc/apache2/sites-enabled ]] ; then
+	echo "Checking enabled apache vhosts" ;
+	for FIL in /etc/apache2/sites-enabled/* ; do
+		CRT=$(grep 'SSLCertificateFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=$(grep 'SSLCertificateKeyFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
+
+if [[ -d /etc/nginx/sites-enabled ]] ; then
+	echo "Checking enabled nginx vhosts" ;
+	for FIL in /etc/nginx/sites-enabled/* ; do
+		CRT=$(grep 'ssl_certificate' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		CRT=${CRT%;}
+		KEY=$(grep 'ssl_certificate_key' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=${KEY%;}
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi

install/dist/conf/debian110.conf.php

@@ -0,0 +1,239 @@
+<?php
+
+/*
+Copyright (c) 2021, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+//***  Debian 11 default settings
+
+//* Main
+$conf['language'] = 'en';
+$conf['distname'] = 'debian110';
+$conf['hostname'] = 'server1.domain.tld'; // Full hostname
+$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_log_priority'] = 2;  // 0 = Debug, 1 = Warning, 2 = Error
+$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
+$conf['server_id'] = 1;
+$conf['init_scripts'] = '/etc/init.d';
+$conf['runlevel'] = '/etc';
+$conf['shells'] = '/etc/shells';
+$conf['pam'] = '/etc/pam.d';
+
+//* Services provided by this server, this selection will be overridden by the expert mode
+$conf['services']['mail'] = true;
+$conf['services']['web'] = true;
+$conf['services']['dns'] = true;
+$conf['services']['file'] = true;
+$conf['services']['db'] = true;
+$conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
+
+//* MySQL
+$conf['mysql']['installed'] = false; // will be detected automatically during installation
+$conf['mysql']['init_script'] = 'mysql';
+$conf['mysql']['host'] = 'localhost';
+$conf['mysql']['ip'] = '127.0.0.1';
+$conf['mysql']['port'] = '3306';
+$conf['mysql']['database'] = 'dbispconfig';
+$conf['mysql']['admin_user'] = 'root';
+$conf['mysql']['admin_password'] = '';
+$conf['mysql']['charset'] = 'utf8';
+$conf['mysql']['ispconfig_user'] = 'ispconfig';
+$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
+$conf['mysql']['master_slave_setup'] = 'n';
+$conf['mysql']['master_host'] = '';
+$conf['mysql']['master_database'] = 'dbispconfig';
+$conf['mysql']['master_admin_user'] = 'root';
+$conf['mysql']['master_admin_password'] = '';
+$conf['mysql']['master_ispconfig_user'] = '';
+$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
+
+//* Apache
+$conf['apache']['installed'] = false; // will be detected automatically during installation
+$conf['apache']['user'] = 'www-data';
+$conf['apache']['group'] = 'www-data';
+$conf['apache']['init_script'] = 'apache2';
+$conf['apache']['version'] = '2.4';
+$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
+$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
+$conf['apache']['vhost_port'] = '8080';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/7.4/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.4/cgi/php.ini';
+
+//* Website base settings
+$conf['web']['website_basedir'] = '/var/www';
+$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
+$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
+
+//* Apps base settings
+$conf['web']['apps_vhost_ip'] = '_default_';
+$conf['web']['apps_vhost_port'] = '8081';
+$conf['web']['apps_vhost_servername'] = '';
+$conf['web']['apps_vhost_user'] = 'ispapps';
+$conf['web']['apps_vhost_group'] = 'ispapps';
+
+//* Fastcgi
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.4/cgi/';
+$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
+$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
+
+//* Postfix
+$conf['postfix']['installed'] = false; // will be detected automatically during installation
+$conf['postfix']['config_dir'] = '/etc/postfix';
+$conf['postfix']['init_script'] = 'postfix';
+$conf['postfix']['user'] = 'postfix';
+$conf['postfix']['group'] = 'postfix';
+$conf['postfix']['vmail_userid'] = '5000';
+$conf['postfix']['vmail_username'] = 'vmail';
+$conf['postfix']['vmail_groupid'] = '5000';
+$conf['postfix']['vmail_groupname'] = 'vmail';
+$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
+
+//* Mailman
+$conf['mailman']['installed'] = false; // will be detected automatically during installation
+$conf['mailman']['config_dir'] = '/etc/mailman';
+$conf['mailman']['init_script'] = 'mailman';
+
+//* mlmmj
+$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
+$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
+
+//* Getmail
+$conf['getmail']['installed'] = false; // will be detected automatically during installation
+$conf['getmail']['config_dir'] = '/etc/getmail';
+$conf['getmail']['program'] = '/usr/bin/getmail';
+
+//* Courier
+$conf['courier']['installed'] = false; // will be detected automatically during installation
+$conf['courier']['config_dir'] = '/etc/courier';
+$conf['courier']['courier-authdaemon'] = 'courier-authdaemon';
+$conf['courier']['courier-imap'] = 'courier-imap';
+$conf['courier']['courier-imap-ssl'] = 'courier-imap-ssl';
+$conf['courier']['courier-pop'] = 'courier-pop';
+$conf['courier']['courier-pop-ssl'] = 'courier-pop-ssl';
+
+//* Dovecot
+$conf['dovecot']['installed'] = false; // will be detected automatically during installation
+$conf['dovecot']['config_dir'] = '/etc/dovecot';
+$conf['dovecot']['init_script'] = 'dovecot';
+
+//* SASL
+$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
+$conf['saslauthd']['config'] = '/etc/default/saslauthd';
+$conf['saslauthd']['init_script'] = 'saslauthd';
+
+//* Amavisd
+$conf['amavis']['installed'] = false; // will be detected automatically during installation
+$conf['amavis']['config_dir'] = '/etc/amavis';
+$conf['amavis']['init_script'] = 'amavis';
+
+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
+//* ClamAV
+$conf['clamav']['installed'] = false; // will be detected automatically during installation
+$conf['clamav']['init_script'] = 'clamav-daemon';
+
+//* Pureftpd
+$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
+$conf['pureftpd']['config_dir'] = '/etc/pure-ftpd';
+$conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
+
+//* MyDNS
+$conf['mydns']['installed'] = false; // will be detected automatically during installation
+$conf['mydns']['config_dir'] = '/etc';
+$conf['mydns']['init_script'] = 'mydns';
+
+//* PowerDNS
+$conf['powerdns']['installed'] = false; // will be detected automatically during installation
+$conf['powerdns']['database'] = 'powerdns';
+$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
+$conf['powerdns']['init_script'] = 'pdns';
+
+//* BIND DNS Server
+$conf['bind']['installed'] = false; // will be detected automatically during installation
+$conf['bind']['bind_user'] = 'root';
+$conf['bind']['bind_group'] = 'bind';
+$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
+$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
+$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
+$conf['bind']['init_script'] = 'bind9';
+
+//* Jailkit
+$conf['jailkit']['installed'] = false; // will be detected automatically during installation
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch';
+$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
+
+//* Squid
+$conf['squid']['installed'] = false; // will be detected automatically during installation
+$conf['squid']['config_dir'] = '/etc/squid';
+$conf['squid']['init_script'] = 'squid';
+
+//* Nginx
+$conf['nginx']['installed'] = false; // will be detected automatically during installation
+$conf['nginx']['user'] = 'www-data';
+$conf['nginx']['group'] = 'www-data';
+$conf['nginx']['config_dir'] = '/etc/nginx';
+$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
+$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
+$conf['nginx']['init_script'] = 'nginx';
+$conf['nginx']['vhost_port'] = '8080';
+$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
+$conf['nginx']['php_fpm_init_script'] = 'php7.4-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.4/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.4/fpm/pool.d';
+$conf['nginx']['php_fpm_start_port'] = 9010;
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.4-fpm';
+
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
+//* vlogger
+$conf['vlogger']['config_dir'] = '/etc';
+
+//* cron
+$conf['cron']['init_script'] = 'cron';
+$conf['cron']['crontab_dir'] = '/etc/cron.d';
+$conf['cron']['wget'] = '/usr/bin/wget';
+
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
+
+
+?>