danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improved privilege separation

Browse Source
This commit is contained in:
Daniel Winzen
2019-01-01 02:24:22 +01:00
parent a5b0de4b07
commit 0f38bd2449
14 changed files with 238 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -128,8 +128,8 @@ D. > select dovecot
Create a mysql user with all permissions for our hosting management:
```
mysql
CREATE USER 'hosting'@'localhost' IDENTIFIED BY 'MY_PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'hosting'@'localhost' WITH GRANT OPTION;
CREATE USER 'hosting'@'%' IDENTIFIED BY 'MY_PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'hosting'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit
```
@ -156,4 +156,4 @@ Final step is to reboot wait about 5 minutes for all services to start and check
Live demo:
----------
If you want to see the setup in action or create your own site on my server, you can visit my [TOR hidden service](http://dhosting4okcs22v.onion) or via [my clearnet proxy](https://hosting.danwin1210.me) if you don't have TOR installed.
If you want to see the setup in action or create your own site on my server, you can visit my [TOR hidden service](http://dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion) or via [my clearnet proxy](https://hosting.danwin1210.me) if you don't have TOR installed.

4
etc/postfix-clearnet/canonical
View File

@ -1,4 +1,2 @@
/@tt3j2x4k5ycaa5zt.onion/ @danwin1210.me
/@torbox3uiot6wchz.onion/ @torbox.danwin1210.me
/@dhosting4okcs22v.onion/ @hosting.danwin1210.me
/@dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion/ @hosting.danwin1210.me

5
etc/postfix/canonical
View File

@ -1,7 +1,8 @@
/@localhost/ @dhosting4okcs22v.onion
/@localhost/ @dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion
/@dhosting4okcs22v.onion/ @dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion
/@danwin1210.me/ @tt3j2x4k5ycaa5zt.onion
/@torbox.danwin1210.me/ @torbox3uiot6wchz.onion
/@hosting.danwin1210.me/ @dhosting4okcs22v.onion
/@hosting.danwin1210.me/ @dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion
/@lelantos.org/ @lelantoss7bcnwbv.onion
/@mail2tor.com/ @mail2torx3jqgcpm.onion
/@mail2tor.onion/ @mail2torx3jqgcpm.onion

16
etc/postfix/main.cf
View File

@ -1,11 +1,5 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
@ -27,17 +21,17 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = dhosting4okcs22v.onion
myhostname = dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = dhosting4okcs22v.onion
mydestination = dhosting4okcs22v.onion localhost dhosting
myorigin = dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion
mydestination = dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion localhost dhosting
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
relay_domains = !dhosting4okcs22v.onion onion lelantos.org mail2tor.com anoninbox.net anonplus.org o3mail.org volatile.ch danwin1210.me bitmai.la volatile.bz bitmessage.ch elude.in secmail.pro vfemail.net anonymail.tech
relay_domains = !dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion onion lelantos.org mail2tor.com anoninbox.net anonplus.org o3mail.org volatile.ch danwin1210.me bitmai.la volatile.bz bitmessage.ch elude.in secmail.pro vfemail.net anonymail.tech
home_mailbox = Maildir/
canonical_maps = proxy:mysql:/etc/postfix/sql/alias.cf regexp:/etc/postfix/canonical
ignore_mx_lookup_error = yes
@ -46,7 +40,7 @@ message_drop_headers = bcc content-length resent-bcc return-path x-mailer receiv
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = dhosting4okcs22v.onion
smtpd_sasl_local_domain = dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion
smtpd_recipient_limit = 10
smtpd_sender_login_maps = regexp:/etc/postfix/sender_login_maps
smtpd_sender_restrictions = reject_sender_login_mismatch, permit_sasl_authenticated

2
etc/postfix/sender_login_maps
View File

@ -1 +1 @@
/(.*)@dhosting4okcs22v.onion/ $1@dhosting4okcs22v.onion
/(.*)@dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion/ $1@dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion

2
etc/postfix/sql/alias.cf
View File

@ -2,4 +2,4 @@ user = hosting
password = MY_PASSWORD
hosts = localhost
dbname = hosting
query = SELECT '%d@dhosting4okcs22v.onion' FROM users WHERE '%d' = system_account
query = SELECT '%d@dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion' FROM users WHERE '%d' = system_account

1
etc/systemd/system/php7.3-fpm@default.service
View File

@ -22,6 +22,7 @@ ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true
SystemCallArchitectures=native
BindPaths=/var/www/
BindPaths=/var/log/
BindPaths=/var/run/php/
BindPaths=/run/php/

100
var/www/common.php
View File

@ -1,15 +1,15 @@
<?php
require_once(__DIR__ . '/vendor/autoload.php');
const DBHOST='localhost'; // Database host
const DBHOST='127.0.0.1'; // Database host
const DBUSER='hosting'; // Database user
const DBPASS='MY_PASSWORD'; // Database password
const DBNAME='hosting'; // Database
const PERSISTENT=true; // Use persistent database conection true/false
const DBVERSION=11; //database layout version
const DBVERSION=12; //database layout version
const CAPTCHA=0; // Captcha difficulty (0=off, 1=simple, 2=moderate, 3=extreme)
const ADDRESS='dhosting4okcs22v.onion'; // our own address
const ADDRESS='dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion'; // our own address
const SERVERS=[ //servers and ports we are running on
'dhosting4okcs22v.onion'=>['sftp'=>22, 'ftp'=>21, 'pop3'=>'110', 'imap'=>'143', 'smtp'=>'25'],
'dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion'=>['sftp'=>22, 'ftp'=>21, 'pop3'=>'110', 'imap'=>'143', 'smtp'=>'25'],
'hosting.danwin1210.me'=>['sftp'=>222, 'ftp'=>21, 'pop3'=>'1995', 'imap'=>'1993', 'smtp'=>'1465']
];
const EMAIL_TO=''; //Send email notifications about new registrations to this address
@ -44,6 +44,7 @@ opcache.revalidate_path=1
opcache.save_comments=1
opcache.optimization_level=0xffffffff
opcache.validate_permission=1
opcache.validate_root=1
';
const NGINX_DEFAULT = 'server {
listen unix:/var/run/nginx/suspended backlog=2048;
@ -62,21 +63,31 @@ server {
try_files $uri $uri/ =404;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME html/$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/7.3-hosting;
}
}
location /squirrelmail {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/7.3-squirrelmail;
}
}
location /phpmyadmin {
root /usr/share;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_pass unix:/run/php/7.3-phpmyadmin;
}
}
location /adminer {
root /usr/share/adminer;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_pass unix:/run/php/7.3-adminer;
}
}
location /externals/jush/ {
@ -293,7 +304,7 @@ NumEntryGuards 6
NumDirectoryGuards 6
NumPrimaryGuards 6
";
$stmt=$db->prepare('SELECT onions.onion, users.system_account, onions.num_intros, onions.enable_smtp, onions.version, onions.max_streams, onions.enabled FROM onions LEFT JOIN users ON (users.id=onions.user_id) WHERE onions.onion LIKE ? AND onions.enabled IN (1, -2) AND users.id NOT IN (SELECT user_id FROM new_account);');
$stmt=$db->prepare('SELECT onions.onion, users.system_account, onions.num_intros, onions.enable_smtp, onions.version, onions.max_streams, onions.enabled FROM onions LEFT JOIN users ON (users.id=onions.user_id) WHERE onions.onion LIKE ? AND onions.enabled IN (1, -2) AND users.id NOT IN (SELECT user_id FROM new_account) AND users.todelete!=1;');
$stmt->execute(["$key%"]);
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
if($tmp[6]==1){
@ -372,3 +383,76 @@ function ed25519_seckey_expand(string $seed) : string {
$sk[31] = chr(ord($sk[31]) | 64);
return $sk;
}
function rewrite_nginx_config(PDO $db){
$nginx='';
$stmt=$db->query("SELECT users.system_account, users.php, users.autoindex, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE onions.enabled IN (1, -2) AND users.id NOT IN (SELECT user_id FROM new_account) AND users.todelete!=1;");
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
if($tmp['php']>0){
$php_location="
location ~ [^/]\.php(/|\$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/$tmp[system_account];
}";
}else{
$php_location='';
}
$autoindex = $tmp['autoindex'] ? 'on' : 'off';
$nginx.="server {
listen [::]:80;
listen unix:/var/run/nginx/$tmp[system_account];
root /home/$tmp[system_account]/www;
server_name $tmp[onion].onion *.$tmp[onion].onion;
access_log /var/log/nginx/access_$tmp[system_account].log custom buffer=4k flush=1m;
access_log /home/$tmp[system_account]/logs/access.log custom buffer=4k flush=1m;
error_log /var/log/nginx/error_$tmp[system_account].log notice;
error_log /home/$tmp[system_account]/logs/error.log notice;
disable_symlinks on from=/home/$tmp[system_account];
autoindex $autoindex;
location / {
try_files \$uri \$uri/ =404;$php_location
}
}
";
file_put_contents("/etc/nginx/sites-enabled/hosted_sites", $nginx);
exec("service nginx reload");
}
}
function rewrite_php_config(PDO $db, string $key){
$stmt=$db->prepare("SELECT system_account FROM users WHERE system_account LIKE ? AND php=? AND todelete!=1 AND id NOT IN (SELECT user_id FROM new_account);");
foreach(array_replace(PHP_VERSIONS, DISABLED_PHP_VERSIONS) as $php_key => $version){
$stmt->execute(["$key%", $php_key]);
$php = "[www]
user = www-data
group = www-data
listen = /run/php/$version-$key
listen.owner = www-data
listen.group = www-data
pm = ondemand
pm.max_children = 8
";
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
$php.='['.$tmp['system_account']."]
user = $tmp[system_account]
group = www-data
listen = /run/php/$tmp[system_account]
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = ondemand
pm.max_children = 20
pm.process_idle_timeout = 10s;
chroot = /home/$tmp[system_account]
php_admin_value[memory_limit] = 256M
php_admin_value[disable_functions] = exec,link,passthru,pcntl_alarm,pcntl_async_signals,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_signal_get_handler,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_waitpid,pcntl_wait,pcntl_wexitstatus,pcntl_wifcontinued,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,popen,posix_ctermid,posix_getgrgid,posix_getgrnam,posix_getpgid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_kill,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setrlimit,posix_setuid,posix_ttyname,posix_uname,proc_open,putenv,shell_exec,socket_listen,socket_create_listen,socket_bind,stream_socket_server,symlink,system
php_admin_value[upload_tmp_dir] = /tmp
php_admin_value[soap.wsdl_cache_dir] = /tmp
php_admin_value[session.save_path] = /tmp
";
}
file_put_contents("/etc/php/$version/fpm/pool.d/$key/www.conf", $php);
exec("service php$version-fpm@$key restart");
}
}

103
var/www/cron.php
View File

@ -27,9 +27,8 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){
$enable_onion->execute([$id[6]]);
//add and manage rights of system user
exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s /usr/sbin/nologin ' . escapeshellarg($system_account));
chown("/home/$system_account", 'root');
chgrp("/home/$system_account", 'www-data');
chmod("/home/$system_account", 0550);
exec('/var/www/setup_chroot.sh ' . escapeshellarg("/home/$system_account"));
exec('grep ' . escapeshellarg($system_account) . ' /etc/passwd >> ' . escapeshellarg("/home/$system_account/etc/passwd"));
foreach(['.ssh', 'data', 'Maildir', 'tmp'] as $dir){
mkdir("/home/$system_account/$dir", 0700);
chown("/home/$system_account/$dir", $system_account);
@ -40,69 +39,6 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){
chown("/home/$system_account/$dir", $system_account);
chgrp("/home/$system_account/$dir", 'www-data');
}
//configuration for services
if($id[3]>0){
$php_location="
location ~ [^/]\.php(/|\$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/$system_account;
}
";
}else{
$php_location='';
}
if($id[4]){
$autoindex='on';
}else{
$autoindex='off';
}
$nginx="server {
listen [::]:80;
listen unix:/var/run/nginx/$system_account;
root /home/$system_account/www;
server_name $onion.onion *.$onion.onion;
access_log /var/log/nginx/access_$system_account.log custom buffer=8k flush=1m;
access_log /home/$system_account/logs/access.log custom buffer=8k flush=1m;
error_log /var/log/nginx/error_$system_account.log notice;
error_log /home/$system_account/logs/error.log notice;
disable_symlinks on from=/home/$system_account;
autoindex $autoindex;
location / {
try_files \$uri \$uri/ =404;$php_location
}
}
";
$php="[$system_account]
user = $system_account
group = www-data
listen = /run/php/$system_account
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = ondemand
pm.max_children = 20
pm.process_idle_timeout = 10s;
php_admin_value[sendmail_path] = '/usr/bin/php /var/www/sendmail_wrapper.php \"$system_account <$system_account@" . ADDRESS . ">\" | /usr/sbin/sendmail -t -i'
php_admin_value[memory_limit] = 256M
php_admin_value[disable_functions] = exec,link,passthru,pcntl_alarm,pcntl_async_signals,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_signal_get_handler,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_waitpid,pcntl_wait,pcntl_wexitstatus,pcntl_wifcontinued,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,popen,posix_ctermid,posix_getgrgid,posix_getgrnam,posix_getpgid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_kill,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setrlimit,posix_setuid,posix_ttyname,posix_uname,proc_open,putenv,shell_exec,socket_listen,socket_create_listen,socket_bind,stream_socket_server,symlink,system
php_admin_value[open_basedir] = /home/$system_account
php_admin_value[upload_tmp_dir] = /home/$system_account/tmp
php_admin_value[soap.wsdl_cache_dir] = /home/$system_account/tmp
php_admin_value[session.save_path] = /home/$system_account/tmp
";
//save configuration files
file_put_contents("/etc/nginx/sites-enabled/$system_account", $nginx);
foreach(PHP_VERSIONS as $key=>$version){
if($id[3]==$key){
file_put_contents("/etc/php/$version/fpm/pool.d/$firstchar/$system_account.conf", $php);
break;
}
}
//remove from to-add queue
$del->execute([$id[5]]);
}
@ -151,30 +87,6 @@ $mark_onions=$db->prepare('UPDATE onions SET enabled=-1 WHERE user_id=? AND enab
foreach($accounts as $account){
$firstchar=substr($account[0], 0, 1);
$reload[$firstchar]=true;
//delete config files
foreach(DISABLED_PHP_VERSIONS as $v){
// new naming schema
if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/$account[0].conf")){
unlink("/etc/php/$v/fpm/pool.d/$firstchar/$account[0].conf");
}
// old naming schema
if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/".substr($account[0], 0, 16).".conf")){
unlink("/etc/php/$v/fpm/pool.d/$firstchar/".substr($account[0], 0, 16).".conf");
}
}
foreach(PHP_VERSIONS as $v){
// new naming schema
if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/$account[0].conf")){
unlink("/etc/php/$v/fpm/pool.d/$firstchar/$account[0].conf");
}
// old naming schema
if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/".substr($account[0], 0, 16).".conf")){
unlink("/etc/php/$v/fpm/pool.d/$firstchar/".substr($account[0], 0, 16).".conf");
}
}
if(file_exists("/etc/nginx/sites-enabled/$account[0]")){
unlink("/etc/nginx/sites-enabled/$account[0]");
}
$mark_onions->execute([$account[1]]);
}
@ -194,19 +106,12 @@ foreach($onions as $onion){
$del_onions->execute([$onion[0]]);
}
//reload services
if(!empty($reload)){
exec('service nginx reload');
foreach(DISABLED_PHP_VERSIONS as $version){
exec("service php$version-fpm reload");
}
rewrite_nginx_config($db);
}
foreach($reload as $key => $val){
foreach(PHP_VERSIONS as $version){
exec("service php$version-fpm@$key restart");
}
rewrite_php_config($db, $key);
rewrite_torrc($db, $key);
}

2
var/www/html/home.php
View File

@ -77,7 +77,7 @@ echo '<tr><th>Database</th><th>Host</th><th>User</th></tr>';
$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id=?;');
$stmt->execute([$user['id']]);
while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
echo "<tr><td>$mysql[mysql_database]</td><td>localhost</td><td>$user[mysql_user]</td></tr>";
echo "<tr><td>$mysql[mysql_database]</td><td>127.0.0.1</td><td>$user[mysql_user]</td></tr>";
}
echo '</table>';
echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>';

7
var/www/html/index.php
View File

@ -19,6 +19,7 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
</head><body>
<h1>Hosting - Info</h1>
<p>Info | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>
<p>After the hack that took place on November 15th, the hosting is finally back. There are just a few more things that need to be done before I can enable account registration. Due to a temporary loss of motivation in mid-december I'm behind schedule by about 2 weeks as initially planned, but new year, new opportunity. Registrations will open soon, once the last necessary changes are done, stay tuned.</p>
<p>Here you can get yourself a hosting account on my server.</p>
<p>What you will get:</p>
<ul>
@ -26,13 +27,13 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
<li>Chose between PHP <?php echo implode(', ', PHP_VERSIONS); ?> or no PHP support</li>
<li>Nginx Webserver</li>
<li>SQLite support</li>
<li>1 MariaDB (MySQL) database</li>
<li>MariaDB (MySQL) database support</li>
<li><a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration</li>
<li>Web-based file management</li>
<li>FTP access</li>
<li>SFTP access</li>
<li>No disk quota, but please be fair about your disk usage</li>
<li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet)</li>
<li>No disk quota, but please be fair about your disk usage - quota will come</li>
<li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet) - not yet working but will return in future</li>
<li>Webmail and IMAP, POP3 and SMTP access to your mail account</li>
<li>Mail sent to anything@your.onion gets automatically redirected to your inbox</li>
<li>Your own .onion address</li>

2
var/www/html/register.php
View File

@ -34,7 +34,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
if(isset($_POST['public']) && $_POST['public']==1){
$public_list=1;
}
if(isset($_POST['php']) && in_array($_POST['php'], PHP_VERSIONS)){
if(isset($_POST['php']) && array_key_exists($_POST['php'], PHP_VERSIONS)){
$php = $_POST['php'];
}
if(isset($_POST['autoindex']) && $_POST['autoindex']==1){

236
var/www/setup.php
View File

@ -35,63 +35,7 @@ if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';"))
$db->exec('CREATE TABLE settings (setting varchar(50) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL PRIMARY KEY, value text CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;');
$stmt=$db->prepare("INSERT INTO settings (setting, value) VALUES ('version', ?);");
$stmt->execute([DBVERSION]);
foreach(PHP_VERSIONS as $version){
if(!file_exists("/etc/php/$version/fpm/conf.d/")){
mkdir("/etc/php/$version/fpm/conf.d/", 0755, true);
}
file_put_contents("/etc/php/$version/fpm/conf.d/99-hosting.ini", PHP_CONFIG);
if(!file_exists("/etc/php/$version/cli/conf.d/")){
mkdir("/etc/php/$version/cli/conf.d/", 0755, true);
}
file_put_contents("/etc/php/$version/cli/conf.d/99-hosting.ini", PHP_CONFIG);
$fpm_config = "[global]
pid = /run/php/php$version-fpm.pid
error_log = /var/log/php$version-fpm.log
process_control_timeout = 10
include=/etc/php/$version/fpm/pool.d/*.conf
";
file_put_contents("/etc/php/$version/fpm/php-fpm.conf", $fpm_config);
$pool_config = "[www]
user = www-data
group = www-data
listen = /run/php/php$version-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 25
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[mysqli.allow_persistent] = On
";
if(!file_exists("/etc/php/$version/fpm/pool.d/")){
mkdir("/etc/php/$version/fpm/pool.d/", 0755, true);
}
file_put_contents("/etc/php/$version/fpm/pool.d/www.conf", $pool_config);
foreach(SERVICE_INSTANCES as $instance){
$fpm_config = "[global]
pid = /run/php/php$version-fpm-$instance.pid
error_log = /var/log/php$version-fpm-$instance.log
process_control_timeout = 10
include=/etc/php/$version/fpm/pool.d/$instance/*.conf
";
file_put_contents("/etc/php/$version/fpm/php-fpm-$instance.conf", $fpm_config);
$pool_config = "[www]
user = www-data
group = www-data
listen = /run/php/$version-$instance
listen.owner = www-data
listen.group = www-data
pm = ondemand
pm.max_children = 8
";
if(!file_exists("/etc/php/$version/fpm/pool.d/$instance/")){
mkdir("/etc/php/$version/fpm/pool.d/$instance/", 0755, true);
}
file_put_contents("/etc/php/$version/fpm/pool.d/$instance/www.conf", $pool_config);
}
}
file_put_contents('/etc/nginx/sites-enabled/default', NGINX_DEFAULT);
exec('/var/www/setup_chroot.sh /var/www');
echo "Database and files have successfully been set up\n";
}else{
$version=$version->fetch(PDO::FETCH_NUM)[0];
@ -144,56 +88,6 @@ pm.max_children = 8
$stmt->execute([$key]);
}
}
if($version<8){
foreach(PHP_VERSIONS as $version){
$fpm_config = "[global]
pid = /run/php/php$version-fpm.pid
error_log = /var/log/php$version-fpm.log
process_control_timeout = 10
include=/etc/php/$version/fpm/pool.d/*.conf
";
file_put_contents("/etc/php/$version/fpm/php-fpm.conf", $fpm_config);
$pool_config = "[www]
user = www-data
group = www-data
listen = /run/php/php$version-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 25
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[mysqli.allow_persistent] = On
";
if(!file_exists("/etc/php/$version/fpm/pool.d/")){
mkdir("/etc/php/$version/fpm/pool.d/", 0755, true);
}
file_put_contents("/etc/php/$version/fpm/pool.d/www.conf", $pool_config);
foreach(SERVICE_INSTANCES as $instance){
$fpm_config = "[global]
pid = /run/php/php$version-fpm-$instance.pid
error_log = /var/log/php$version-fpm-$instance.log
process_control_timeout = 10
include=/etc/php/$version/fpm/pool.d/$instance/*.conf
";
file_put_contents("/etc/php/$version/fpm/php-fpm-$instance.conf", $fpm_config);
$pool_config = "[www]
user = www-data
group = www-data
listen = /run/php/$version-$instance
listen.owner = www-data
listen.group = www-data
pm = ondemand
pm.max_children = 8
";
if(!file_exists("/etc/php/$version/fpm/pool.d/$instance/")){
mkdir("/etc/php/$version/fpm/pool.d/$instance/", 0755, true);
}
file_put_contents("/etc/php/$version/fpm/pool.d/$instance/www.conf", $pool_config);
}
}
}
if($version<9){
foreach(PHP_VERSIONS as $version){
if(file_exists("/etc/php/$version/cli/conf.d/99-hosting.conf")){
@ -202,16 +96,7 @@ pm.max_children = 8
if(file_exists("/etc/php/$version/fpm/conf.d/99-hosting.conf")){
unlink("/etc/php/$version/fpm/conf.d/99-hosting.conf");
}
if(!file_exists("/etc/php/$version/fpm/conf.d/")){
mkdir("/etc/php/$version/fpm/conf.d/", 0755, true);
}
file_put_contents("/etc/php/$version/fpm/conf.d/99-hosting.ini", PHP_CONFIG);
if(!file_exists("/etc/php/$version/cli/conf.d/")){
mkdir("/etc/php/$version/cli/conf.d/", 0755, true);
}
file_put_contents("/etc/php/$version/cli/conf.d/99-hosting.ini", PHP_CONFIG);
}
$db->exec('UPDATE service_instances SET reload=1;');
}
if($version<10){
$db->exec('ALTER TABLE onions CHANGE user_id user_id int(11) NULL;');
@ -231,8 +116,127 @@ pm.max_children = 8
$db->exec("ALTER TABLE users CHANGE todelete todelete tinyint(1) UNSIGNED NOT NULL DEFAULT '0';");
$db->exec("ALTER TABLE new_account CHANGE approved approved tinyint(1) UNSIGNED NOT NULL DEFAULT '0';");
}
if($version<12){
$stmt=$db->query('SELECT system_account FROM users;');
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
// some software may break when absolute installation path changes, add symlinks to prevent that
symlink('.', '/home/'.$tmp['system_account'].'/home');
symlink('.', '/home/'.$tmp['system_account'].'/'.$tmp['system_account']);
exec('/var/www/setup_chroot.sh ' . escapeshellarg('/home/'.$tmp['system_account']));
exec('grep ' . escapeshellarg($tmp['system_account']) . ' /etc/passwd >> ' . escapeshellarg("/home/$tmp[system_account]/etc/passwd"));
$firstchar=substr($tmp['system_account'], 0, 1);
//delete config files
foreach(array_replace(PHP_VERSIONS, DISABLED_PHP_VERSIONS) as $v){
// new naming schema
if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/$tmp[system_account].conf")){
unlink("/etc/php/$v/fpm/pool.d/$firstchar/$tmp[system_account].conf");
}
// old naming schema
if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/".substr($tmp['system_account'], 0, 16).".conf")){
unlink("/etc/php/$v/fpm/pool.d/$firstchar/".substr($tmp['system_account'], 0, 16).".conf");
}
}
if(file_exists("/etc/nginx/sites-enabled/$tmp[system_account]")){
unlink("/etc/nginx/sites-enabled/$tmp[system_account]");
}
exec('/var/www/setup_chroot.sh /var/www');
}
$db->exec('UPDATE service_instances SET reload=1;');
}
$stmt=$db->prepare("UPDATE settings SET value=? WHERE setting='version';");
$stmt->execute([DBVERSION]);
foreach(PHP_VERSIONS as $version){
if(!file_exists("/etc/php/$version/fpm/conf.d/")){
mkdir("/etc/php/$version/fpm/conf.d/", 0755, true);
}
file_put_contents("/etc/php/$version/fpm/conf.d/99-hosting.ini", PHP_CONFIG);
if(!file_exists("/etc/php/$version/cli/conf.d/")){
mkdir("/etc/php/$version/cli/conf.d/", 0755, true);
}
file_put_contents("/etc/php/$version/cli/conf.d/99-hosting.ini", PHP_CONFIG);
foreach(SERVICE_INSTANCES as $instance){
$fpm_config = "[global]
pid = /run/php/php$version-fpm-$instance.pid
error_log = /var/log/php$version-fpm-$instance.log
process_control_timeout = 10
include=/etc/php/$version/fpm/pool.d/$instance/*.conf
";
file_put_contents("/etc/php/$version/fpm/php-fpm-$instance.conf", $fpm_config);
if(!file_exists("/etc/php/$version/fpm/pool.d/$instance/")){
mkdir("/etc/php/$version/fpm/pool.d/$instance/", 0755, true);
}
}
$fpm_config = "[global]
pid = /run/php/php$version-fpm.pid
error_log = /var/log/php$version-fpm.log
process_control_timeout = 10
include=/etc/php/$version/fpm/pool.d/*.conf
";
file_put_contents("/etc/php/$version/fpm/php-fpm.conf", $fpm_config);
$pool_config = "[hosting]
user = www-data
group = www-data
listen = /run/php/$version-hosting
listen.owner = www-data
listen.group = www-data
chroot = /var/www
pm = dynamic
pm.max_children = 25
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[mysqli.allow_persistent] = On
php_admin_value[upload_tmp_dir] = /tmp
php_admin_value[soap.wsdl_cache_dir] = /tmp
php_admin_value[session.save_path] = /tmp
[phpmyadmin]
user = www-data
group = www-data
listen = /run/php/$version-phpmyadmin
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 25
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[mysqli.allow_persistent] = On
php_admin_value[open_basedir] = /etc/phpmyadmin:/usr/share/php:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/tmp
[squirrelmail]
user = www-data
group = www-data
listen = /run/php/$version-squirrelmail
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 25
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[mysqli.allow_persistent] = On
php_admin_value[open_basedir] = /var/local/squirrelmail:/var/www/html/squirrelmail:/tmp
[adminer]
user = www-data
group = www-data
listen = /run/php/$version-adminer
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 25
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[mysqli.allow_persistent] = On
php_admin_value[open_basedir] = /usr/share/adminer:/tmp
";
if(!file_exists("/etc/php/$version/fpm/pool.d/")){
mkdir("/etc/php/$version/fpm/pool.d/", 0755, true);
}
file_put_contents("/etc/php/$version/fpm/pool.d/www.conf", $pool_config);
exec("service php$version-fpm@default reload");
}
file_put_contents('/etc/nginx/sites-enabled/default', NGINX_DEFAULT);
exec("service nginx reload");
if(DBVERSION!=$version){
echo "Database and files have successfully been updated to the latest version\n";
}else{

2
var/www/skel/www/index.hosting.html
View File

@ -5,6 +5,6 @@
<title>Site hosted by Daniel's hosting service</title>
</head>
<body>
<p>This site is hosted by <a href="http://dhosting4okcs22v.onion" target="_blank">Daniel's hosting service</a>.</p>
<p>This site is hosted by <a href="http://dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion" target="_blank">Daniel's hosting service</a>.</p>
</body>
</html>