UniqueSoft/openpanel
2
0
Fork 0
mirror of https://github.com/stefanpejcic/openpanel synced 2025-06-26 18:28:26 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

no packages and conf copied

Browse Source
This commit is contained in:
Stefan Pejcic
2024-09-18 16:27:40 +02:00
parent fa69cae01f
commit ae4c612987
2611 changed files with 4571 additions and 591498 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
configuration/.github/scripts/get_cf_ips.sh vendored Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
cf_ips="$(curl -fsLm5 --retry 3 https://api.cloudflare.com/client/v4/ips)"
if [ -n "$cf_ips" ] && [ "$(echo "$cf_ips" | jq -r '.success')" = "true" ]; then
cf_inc="nginx/cloudflare.inc"
echo "[ * ] Updating Cloudflare IP Ranges for Nginx..."
echo "# Cloudflare IP Ranges" > $cf_inc
echo "" >> $cf_inc
echo "# IPv4" >> $cf_inc
for ipv4 in $(echo "$cf_ips" | jq -r '.result.ipv4_cidrs[]' | sort); do
echo "set_real_ip_from $ipv4;" >> $cf_inc
done
echo "" >> $cf_inc
echo "# IPv6" >> $cf_inc
for ipv6 in $(echo "$cf_ips" | jq -r '.result.ipv6_cidrs[]' | sort); do
echo "set_real_ip_from $ipv6;" >> $cf_inc
done
echo "" >> $cf_inc
echo "real_ip_header CF-Connecting-IP;" >> $cf_inc
fi

21
configuration/.github/workflows/trigger-sync.yml vendored Normal file
View File

@@ -0,0 +1,21 @@
name: Trigger sync of conf
on:
push:
branches:
- main #always
jobs:
trigger:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
repository-projects: write
steps:
- name: Trigger Sync
run: |
curl -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/stefanpejcic/OpenPanel/dispatches \
-d '{"event_type":"sync-configuration"}'

36
configuration/.github/workflows/update_cf_ips.yml vendored Normal file
View File

@@ -0,0 +1,36 @@
name: Update Cloudflare IPs
on:
schedule:
- cron: '0 10 * * *'
workflow_dispatch: # manual trigger
permissions:
contents: write # to push
jobs:
update_cf_ips:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Ensure get_cf_ips.sh is executable
run: chmod +x .github/scripts/get_cf_ips.sh
- name: Install jq
run: sudo apt-get install -y jq
- name: Run get_cf_ips.sh
run: .github/scripts/get_cf_ips.sh
- name: Commit and push changes
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git add nginx/cloudflare.inc
git commit -m "Update Cloudflare IPs" || echo "No changes to commit"
git push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

35
configuration/.github/workflows/update_dns_date.yml vendored Normal file
View File

@@ -0,0 +1,35 @@
name: Update Serial Number Daily
on:
schedule:
- cron: '0 0 * * *' # Runs every day at midnight UTC
workflow_dispatch: # Allows manual triggering
jobs:
update-serial:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
token: ${{ secrets.PAT_TOKEN }}
- name: Update serial number
run: |
# Get today's date in YYYYMMDD format
DATE=$(date -u +"%Y%m%d")
FILE="bind9/zone_template.txt"
sed -i "s/[0-9]\{10\}/$(date +%Y%m%d)01/" $FILE
- name: Commit changes
uses: EndBug/add-and-commit@v9
with:
add: 'bind9/zone_template.txt'
message: 'Update serial number with current date'
author_name: 'GitHub Actions'
author_email: 'actions@github.com'
token: ${{ secrets.PAT_TOKEN }}

3
configuration/.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
#.github/
#.github/workflows/
README.md

13
configuration/bind9/named.conf Normal file
View File

@@ -0,0 +1,13 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

29
configuration/bind9/named.conf.default-zones Normal file
View File

@@ -0,0 +1,29 @@
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

11
configuration/bind9/named.conf.local Normal file
View File

@@ -0,0 +1,11 @@
// It is recommended to create a key and configure Bind to listen to commands
// sent via rndc. However, it will function just fine without the following
// four lines.
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

20
configuration/bind9/named.conf.options Normal file
View File

@@ -0,0 +1,20 @@
acl trusted {
localhost;
192.168.1.0/24;
172.0.0.0/8;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { trusted; };
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation auto;
listen-on-v6 { any; };
};

22
configuration/bind9/zone_template.txt Normal file
View File

@@ -0,0 +1,22 @@
$TTL 1h
@ IN SOA {ns1}. {ns2}. (
2024091801 ; Serial number
1h ; Refresh interval
15m ; Retry interval
1w ; Expire interval
1h ) ; Minimum TTL
@ IN NS {ns1}.
@ IN NS {ns2}.
ns1 14400 IN A {server_ip}
ns2 14400 IN A {server_ip}
{domain}. 14400 IN A {server_ip}
{domain}. 3600 IN MX 0 {domain}.
www 14400 IN CNAME {domain}.
mail 14400 IN CNAME {domain}.
webmail 14400 IN CNAME {domain}.
{domain}. 14400 IN TXT "v=spf1 ip4:{server_ip} +a +mx ~all"

45
configuration/cron Normal file
View File

@@ -0,0 +1,45 @@
# /etc/cron.d/openpanel: crontab entries for the OpenPanel
#
#
# This file is used by OpenPanel to schedule cronjobs
#
# It should NOT be edited manually as it is overwritten on update.
# To add crons please use the crontab as root user.
#
# Important Note! This cronjob will NOT be executed if you are
# running systemd as your init system. If you are running systemd,
# the cronjob.timer function takes precedence over this cronjob. For
# more details, see the systemd.timer manpage, or use systemctl show
# certbot.timer.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# SSL
0 */3 * * * root /usr/local/bin/opencli ssl-hostname && echo "$(date) SSL hostname check executed" >> /var/log/openpanel/admin/cron.log
45 */3 * * * root /usr/local/bin/opencli ssl-user --all --generate && echo "$(date) SSL generation for all domains executed" >> /var/log/openpanel/admin/cron.log
# STATISTICS
0 * * * * root /usr/local/bin/opencli docker-collect_stats && echo "$(date) Docker statistics collected" >> /var/log/openpanel/admin/cron.log
30 3 * * * root /usr/local/bin/opencli server-stats --save && echo "$(date) Server statistics collected" >> /var/log/openpanel/admin/cron.log
30 2 * * * root /usr/local/bin/opencli domains-stats && echo "$(date) Domain statistics collected" >> /var/log/openpanel/admin/cron.log
0 4 * * * root /usr/local/bin/opencli websites-pagespeed --all && echo "$(date) Google PageSpeed data collected for all domains" >> /var/log/openpanel/admin/cron.log
# MAINTENANCE
*/5 * * * * root /bin/bash /usr/local/admin/scripts/server/recreate_hosts && echo "$(date) /etc/hosts file recreated via cron" >> /var/log/openpanel/admin/cron.log
* 2 * * * root /usr/local/bin/opencli docker-usage_stats_cleanup && echo "$(date) Docker usage stats cleanup executed" >> /var/log/openpanel/admin/cron.log
15 0 * * * root /usr/local/bin/opencli update && echo "$(date) System update executed" >> /var/log/openpanel/admin/cron.log
0 0 12 * * root /usr/local/bin/opencli server-ips && echo "$(date) Server IP listing executed" >> /var/log/openpanel/admin/cron.log
0 */6 * * * root /usr/local/bin/opencli server-motd && echo "$(date) Server MOTD updated" >> /var/log/openpanel/admin/cron.log
0 */8 * * * root /usr/local/bin/opencli ftp-users && echo "$(date) FTP users file recreated" >> /var/log/openpanel/admin/cron.log
# BACKUPS
0 7 * * * root /usr/local/bin/opencli backup-check && echo "$(date) Backup check executed" >> /var/log/openpanel/admin/cron.log
0 8 * * * root /usr/local/bin/opencli backup-scheduler && echo "$(date) Backup scheduler executed" >> /var/log/openpanel/admin/cron.log
# MONITORING
*/5 * * * * root /bin/bash /usr/local/admin/service/notifications.sh && echo "$(date) Notifications script executed" >> /var/log/openpanel/admin/cron.log
45 11 * * * root /bin/bash /usr/local/admin/service/notifications.sh --report && echo "$(date) Daily Usage Report generated" >> /var/log/openpanel/admin/cron.log
@reboot root /bin/bash /usr/local/admin/service/notifications.sh --startup && echo "$(date) Notifications script executed at startup" >> /var/log/openpanel/admin/cron.log
@reboot root /usr/local/bin/opencli server-on_startup && echo "$(date) Server startup tasks executed" >> /var/log/openpanel/admin/cron.log

123
configuration/docker/compose/broken.yaml Normal file
View File

@@ -0,0 +1,123 @@
services:
# Database for OpenPanel users, plans, websites and domains
openpanel_mysql:
image: mysql/mysql-server
container_name: openpanel_mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: panel
MYSQL_USER: panel
MYSQL_PASSWORD: ${MYSQL_ROOT_PASSWORD}
ports:
- "3306:3306"
volumes:
- openadmin_mysql:/var/lib/mysql
- /etc/openpanel/:/etc/openpanel/
- /etc/openpanel/docker/compose/initialize.sql:/docker-entrypoint-initdb.d/initialize.sql
mem_limit: 0.5g
cpus: 1.0
oom_kill_disable: true
# OpenPanel service running on port 2083
openpanel:
image: openpanel/openpanel
container_name: openpanel
depends_on:
- openpanel_mysql
cap_add:
- NET_ADMIN
- SYS_MODULE
volumes:
- /etc/nginx/sites-available/:/etc/nginx/sites-available/
- /etc/nginx/sites-enabled/:/etc/nginx/sites-enabled/
- /etc/bind:/etc/bind
- /lib/modules:/lib/modules:ro
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/hostfs:ro
- /home:/home
- /usr/local/admin:/usr/local/admin
- /usr/local/admin/scripts:/usr/local/admin/scripts
- /var/log:/var/log
- /etc/ufw:/etc/ufw
- /etc/letsencrypt:/etc/letsencrypt
- /etc/my.cnf:/etc/my.cnf
- /etc/openpanel/:/etc/openpanel/
- /var/run/docker.sock:/var/run/docker.sock
- openadmin_mysql:/var/lib/mysql
- /usr/bin/docker:/usr/bin/docker
- /root/:/root/
# https://dev.openpanel.com/customize.html#Custom-Code
- /etc/openpanel/openpanel/custom_code/:/usr/local/panel/templates/custom_code/
- /etc/openpanel/openpanel/custom_code/custom.css:/usr/local/panel/static/css/custom.css
- /etc/openpanel/openpanel/custom_code/custom.js:/usr/local/panel/static/js/custom.js
network_mode: host
mem_limit: 1g
cpus: 1.0
restart: always
privileged: true
# Webserver from 0.2.5+
nginx:
image: nginx:latest
container_name: owasp/modsecurity-crs:nginx
network_mode: "host"
volumes:
- /etc/openpanel/nginx/modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
- /etc/openpanel/nginx/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
- /etc/openpanel/nginx/nginx.conf:/etc/nginx/nginx.conf
- /etc/openpanel/nginx/vhosts/default.conf:/etc/nginx/conf.d/default.conf
- /etc/openpanel/nginx/vhosts/openpanel_proxy.conf:/etc/openpanel/nginx/vhosts/openpanel_proxy.conf
- /etc/nginx/sites-available/:/etc/nginx/sites-available/
- /etc/nginx/sites-enabled/:/etc/nginx/sites-enabled/
- /etc/openpanel/nginx/error_pages/snippets/:/etc/nginx/snippets/
- /etc/openpanel/nginx/error_pages/:/srv/http/default/
- /var/log/nginx/:/var/log/nginx/
- /etc/letsencrypt/options-ssl-nginx.conf:/etc/letsencrypt/options-ssl-nginx.conf
- /etc/letsencrypt/ssl-dhparams.pem:/etc/letsencrypt/ssl-dhparams.pem
- /etc/letsencrypt/:/etc/letsencrypt/
- /etc/openpanel/openpanel/core/users/:/etc/openpanel/openpanel/core/users/
- /etc/hosts:/etc/hosts
- /usr/share/nginx/html/:/usr/share/nginx/html/
restart: unless-stopped
mem_limit: 1g
cpus: 1.0
oom_kill_disable: true
# SSL status and renewals
certbot:
image: certbot/certbot:latest
container_name: certbot
network_mode: "host"
volumes:
- /etc/letsencrypt:/etc/letsencrypt # Let's Encrypt certificates
- /var/lib/letsencrypt:/var/lib/letsencrypt # Working directory for Certbot
- /etc/nginx/sites-available:/etc/nginx/sites-available # Access to Nginx config for authentication challenges
- /etc/nginx/sites-enabled:/etc/nginx/sites-enabled # Enabled sites for reloading after cert issuance
entrypoint: /bin/sh -c 'trap exit TERM; while :; do sleep 6h & wait $${!}; certbot renew; nginx -s reload; done'
restart: unless-stopped
mem_limit: 0.1g
cpus: 0.1
oom_kill_disable: true
# DNS
bind9:
container_name: openpanel_dns
image: ubuntu/bind9:latest
environment:
- BIND9_USER=root
- TZ=America/New_York
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- /etc/bind/:/etc/bind/
restart: unless-stopped
mem_limit: 0.1g
cpus: 0.1
oom_kill_disable: true
# make the mysql data persistent
volumes:
openadmin_mysql:

116
configuration/docker/compose/docker-compose.yml Normal file
View File

@@ -0,0 +1,116 @@
services:
# Database for OpenPanel users, plans, websites and domains
openpanel_mysql:
image: mysql/mysql-server
container_name: openpanel_mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: panel
MYSQL_USER: panel
MYSQL_PASSWORD: ${MYSQL_ROOT_PASSWORD}
ports:
- "3306:3306"
volumes:
- openadmin_mysql:/var/lib/mysql
- /etc/openpanel/:/etc/openpanel/
- /etc/openpanel/docker/compose/initialize.sql:/docker-entrypoint-initdb.d/initialize.sql
mem_limit: 1g
cpus: 1
oom_kill_disable: true
# OpenPanel service running on port 2083
openpanel:
image: openpanel/openpanel
container_name: openpanel
depends_on:
- openpanel_mysql
cap_add:
- NET_ADMIN
- SYS_MODULE
volumes:
- /etc/nginx/sites-available/:/etc/nginx/sites-available/
- /etc/nginx/sites-enabled/:/etc/nginx/sites-enabled/
- /etc/bind:/etc/bind
- /lib/modules:/lib/modules:ro
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/hostfs:ro
- /home:/home
- /etc/ufw:/etc/ufw
- /usr/local/admin:/usr/local/admin
- /usr/local/admin/scripts:/usr/local/admin/scripts
- /var/log:/var/log
- /etc/letsencrypt:/etc/letsencrypt
- /etc/my.cnf:/etc/my.cnf
- /etc/openpanel/:/etc/openpanel/
- /var/run/docker.sock:/var/run/docker.sock
- openadmin_mysql:/var/lib/mysql
- /usr/bin/docker:/usr/bin/docker
network_mode: host
deploy:
resources:
limits:
memory: 1g
cpus: '1.0'
restart: always
privileged: true
#mailserver:
# image: ghcr.io/docker-mailserver/docker-mailserver:latest
# container_name: openadmin_mailserver
# hostname: mail.openpanel.site
# env_file: mailserver.env
# ports:
# - "25:25"
# - "143:143"
# - "465:465"
# - "587:587"
# - "993:993"
# volumes:
# - ./docker-data/dms/mail-data/:/var/mail/
# - ./docker-data/dms/mail-state/:/var/mail-state/
# - ./docker-data/dms/mail-logs/:/var/log/mail/
# - ./docker-data/dms/config/:/tmp/docker-mailserver/
# - /etc/localtime:/etc/localtime:ro
# restart: always
# stop_grace_period: 1m
# healthcheck:
# test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
# timeout: 3s
# retries: 0
# deploy:
# resources:
# limits:
# memory: 1g
# cpus: '1.0'
# networks:
# - openadmin_mail_network
#roundcube:
# image: roundcube/roundcubemail
# container_name: openadmin_roundcube
# restart: always
# environment:
# - ROUNDCUBEMAIL_DEFAULT_HOST=openadmin_mailserver
# - ROUNDCUBEMAIL_SMTP_SERVER=openadmin_mailserver
# ports:
# - "8080:80"
# networks:
# - openadmin_mail_network
# deploy:
# resources:
# limits:
# memory: 1g
# cpus: '1.0'
#networks:
# openadmin_mail_network:
# driver: bridge
# make the data persistent
volumes:
openadmin_mysql:

660
configuration/docker/compose/mailserver.env Normal file
View File

@@ -0,0 +1,660 @@
# -----------------------------------------------
# --- Mailserver Environment Variables ----------
# -----------------------------------------------
# DOCUMENTATION FOR THESE VARIABLES IS FOUND UNDER
# https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/
# -----------------------------------------------
# --- General Section ---------------------------
# -----------------------------------------------
# empty => uses the `hostname` command to get the mail server's canonical hostname
# => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
OVERRIDE_HOSTNAME=
# REMOVED in version v11.0.0! Use LOG_LEVEL instead.
DMS_DEBUG=0
# Set the log level for DMS.
# This is mostly relevant for container startup scripts and change detection event feedback.
#
# Valid values (in order of increasing verbosity) are: `error`, `warn`, `info`, `debug` and `trace`.
# The default log level is `info`.
LOG_LEVEL=info
# critical => Only show critical messages
# error => Only show erroneous output
# **warn** => Show warnings
# info => Normal informational output
# debug => Also show debug messages
SUPERVISOR_LOGLEVEL=
# Support for deployment where these defaults are not compatible (eg: some NAS appliances):
# /var/mail vmail User ID (default: 5000)
DMS_VMAIL_UID=
# /var/mail vmail Group ID (default: 5000)
DMS_VMAIL_GID=
# **empty** => use FILE
# LDAP => use LDAP authentication
# OIDC => use OIDC authentication (not yet implemented)
# FILE => use local files (this is used as the default)
ACCOUNT_PROVISIONER=
# empty => postmaster@domain.com
# => Specify the postmaster address
POSTMASTER_ADDRESS=
# Check for updates on container start and then once a day
# If an update is available, a mail is sent to POSTMASTER_ADDRESS
# 0 => Update check disabled
# 1 => Update check enabled
ENABLE_UPDATE_CHECK=1
# Customize the update check interval.
# Number + Suffix. Suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
UPDATE_CHECK_INTERVAL=1d
# Set different options for mynetworks option (can be overwrite in postfix-main.cf)
# **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or
# `connected-networks` option, can create an open relay
# https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498
# The same can happen for rootless podman. To prevent this, set the value to "none" or configure slirp4netns
# https://github.com/docker-mailserver/docker-mailserver/issues/2377
#
# none => Explicitly force authentication
# container => Container IP address only
# host => Add docker container network (ipv4 only)
# network => Add all docker container networks (ipv4 only)
# connected-networks => Add all connected docker networks (ipv4 only)
PERMIT_DOCKER=connected-networks
# Set the timezone. If this variable is unset, the container runtime will try to detect the time using
# `/etc/localtime`, which you can alternatively mount into the container. The value of this variable
# must follow the pattern `AREA/ZONE`, i.e. of you want to use Germany's time zone, use `Europe/Berlin`.
# You can lookup all available timezones here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
TZ=
# In case you network interface differs from 'eth0', e.g. when you are using HostNetworking in Kubernetes,
# you can set NETWORK_INTERFACE to whatever interface you want. This interface will then be used.
# - **empty** => eth0
NETWORK_INTERFACE=
# empty => modern
# modern => Enables TLSv1.2 and modern ciphers only. (default)
# intermediate => Enables TLSv1, TLSv1.1 and TLSv1.2 and broad compatibility ciphers.
TLS_LEVEL=
# Configures the handling of creating mails with forged sender addresses.
#
# **0** => (not recommended) Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address (see also https://en.wikipedia.org/wiki/Email_spoofing).
# 1 => Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
SPOOF_PROTECTION=
# Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
# - **0** => Disabled
# - 1 => Enabled
ENABLE_SRS=0
# Enables the OpenDKIM service.
# **1** => Enabled
# 0 => Disabled
ENABLE_OPENDKIM=1
# Enables the OpenDMARC service.
# **1** => Enabled
# 0 => Disabled
ENABLE_OPENDMARC=1
# Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this
# to `0` in case you're using Rspamd (`ENABLE_RSPAMD=1`).
#
# - 0 => Disabled
# - **1** => Enabled
ENABLE_POLICYD_SPF=1
# Enables POP3 service
# - **0** => Disabled
# - 1 => Enabled
ENABLE_POP3=
# Enables IMAP service
# - 0 => Disabled
# - **1** => Enabled
ENABLE_IMAP=1
# Enables ClamAV, and anti-virus scanner.
# 1 => Enabled
# **0** => Disabled
ENABLE_CLAMAV=0
# Add the value as a prefix to the mail subject when spam is detected.
# NOTE: By default spam is delivered to a junk folder, reducing the value of a subject prefix for spam.
# NOTE: When not using Docker Compose, other CRI may not support quote-wrapping the value here to preserve any trailing white-space.
SPAM_SUBJECT=SPAM_MESSAGE_
# Enables Rspamd
# **0** => Disabled
# 1 => Enabled
ENABLE_RSPAMD=0
# When `ENABLE_RSPAMD=1`, an internal Redis instance is enabled implicitly.
# This setting provides an opt-out to allow using an external instance instead.
# 0 => Disabled
# 1 => Enabled
ENABLE_RSPAMD_REDIS=
# When enabled,
#
# 1. the "[autolearning][rspamd-autolearn]" feature is turned on;
# 2. the Bayes classifier will be trained when moving mails from or to the Junk folder (with the help of Sieve scripts).
#
# **0** => disabled
# 1 => enabled
RSPAMD_LEARN=0
# This settings controls whether checks should be performed on emails coming
# from authenticated users (i.e. most likely outgoing emails). The default value
# is `0` in order to align better with SpamAssassin. We recommend reading
# through https://rspamd.com/doc/tutorials/scanning_outbound.html though to
# decide for yourself whether you need and want this feature.
#
# Note that DKIM signing of e-mails will still happen.
RSPAMD_CHECK_AUTHENTICATED=0
# Controls whether the Rspamd Greylisting module is enabled.
# This module can further assist in avoiding spam emails by greylisting
# e-mails with a certain spam score.
#
# **0** => disabled
# 1 => enabled
RSPAMD_GREYLISTING=0
# Can be used to enable or disable the Hfilter group module.
#
# - 0 => Disabled
# - **1** => Enabled
RSPAMD_HFILTER=1
# Can be used to control the score when the HFILTER_HOSTNAME_UNKNOWN symbol applies. A higher score is more punishing. Setting it to 15 is equivalent to rejecting the email when the check fails.
#
# Default: 6
RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE=6
# Can be used to enable or disable the (still experimental) neural module.
#
# - **0** => Disabled
# - 1 => Enabled
RSPAMD_NEURAL=0
# Amavis content filter (used for ClamAV & SpamAssassin)
# 0 => Disabled
# 1 => Enabled
ENABLE_AMAVIS=1
# -1/-2/-3 => Only show errors
# **0** => Show warnings
# 1/2 => Show default informational output
# 3/4/5 => log debug information (very verbose)
AMAVIS_LOGLEVEL=0
# This enables DNS block lists in Postscreen.
# Note: Emails will be rejected, if they don't pass the block list checks!
# **0** => DNS block lists are disabled
# 1 => DNS block lists are enabled
ENABLE_DNSBL=0
# If you enable Fail2Ban, don't forget to add the following lines to your `compose.yaml`:
# cap_add:
# - NET_ADMIN
# Otherwise, `nftables` won't be able to ban IPs.
ENABLE_FAIL2BAN=0
# Fail2Ban blocktype
# drop => drop packet (send NO reply)
# reject => reject packet (send ICMP unreachable)
FAIL2BAN_BLOCKTYPE=drop
# 1 => Enables Managesieve on port 4190
# empty => disables Managesieve
ENABLE_MANAGESIEVE=
# **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects.
# drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects.
# ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.
POSTSCREEN_ACTION=enforce
# empty => all daemons start
# 1 => only launch postfix smtp
SMTP_ONLY=
# Please read [the SSL page in the documentation](https://docker-mailserver.github.io/docker-mailserver/latest/config/security/ssl) for more information.
#
# empty => SSL disabled
# letsencrypt => Enables Let's Encrypt certificates
# custom => Enables custom certificates
# manual => Let's you manually specify locations of your SSL certificates for non-standard cases
# self-signed => Enables self-signed certificates
SSL_TYPE=
# These are only supported with `SSL_TYPE=manual`.
# Provide the path to your cert and key files that you've mounted access to within the container.
SSL_CERT_PATH=
SSL_KEY_PATH=
# Optional: A 2nd certificate can be supported as fallback (dual cert support), eg ECDSA with an RSA fallback.
# Useful for additional compatibility with older MTA and MUA (eg pre-2015).
SSL_ALT_CERT_PATH=
SSL_ALT_KEY_PATH=
# Set how many days a virusmail will stay on the server before being deleted
# empty => 7 days
VIRUSMAILS_DELETE_DELAY=
# Configure Postfix `virtual_transport` to deliver mail to a different LMTP client (default is a dovecot socket).
# Provide any valid URI. Examples:
#
# empty => `lmtp:unix:/var/run/dovecot/lmtp` (default, configured in Postfix main.cf)
# `lmtp:unix:private/dovecot-lmtp` (use socket)
# `lmtps:inet:<host>:<port>` (secure lmtp with starttls)
# `lmtp:<kopano-host>:2003` (use kopano as mailstore)
POSTFIX_DAGENT=
# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). Size is in bytes.
#
# empty => 0
POSTFIX_MAILBOX_SIZE_LIMIT=
# See https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes
# 0 => Dovecot quota is disabled
# 1 => Dovecot quota is enabled
ENABLE_QUOTAS=1
# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!). Size is in bytes.
#
# empty => 10240000 (~10 MB)
POSTFIX_MESSAGE_SIZE_LIMIT=
# Mails larger than this limit won't be scanned.
# ClamAV must be enabled (ENABLE_CLAMAV=1) for this.
#
# empty => 25M (25 MB)
CLAMAV_MESSAGE_SIZE_LIMIT=
# Enables regular pflogsumm mail reports.
# This is a new option. The old REPORT options are still supported for backwards compatibility. If this is not set and reports are enabled with the old options, logrotate will be used.
#
# not set => No report
# daily_cron => Daily report for the previous day
# logrotate => Full report based on the mail log when it is rotated
PFLOGSUMM_TRIGGER=
# Recipient address for pflogsumm reports.
#
# not set => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
# => Specify the recipient address(es)
PFLOGSUMM_RECIPIENT=
# Sender address (`FROM`) for pflogsumm reports if pflogsumm reports are enabled.
#
# not set => Use REPORT_SENDER
# => Specify the sender address
PFLOGSUMM_SENDER=
# Interval for logwatch report.
#
# none => No report is generated
# daily => Send a daily report
# weekly => Send a report every week
LOGWATCH_INTERVAL=
# Recipient address for logwatch reports if they are enabled.
#
# not set => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
# => Specify the recipient address(es)
LOGWATCH_RECIPIENT=
# Sender address (`FROM`) for logwatch reports if logwatch reports are enabled.
#
# not set => Use REPORT_SENDER
# => Specify the sender address
LOGWATCH_SENDER=
# Defines who receives reports if they are enabled.
# **empty** => ${POSTMASTER_ADDRESS}
# => Specify the recipient address
REPORT_RECIPIENT=
# Defines who sends reports if they are enabled.
# **empty** => mailserver-report@${DOMAINNAME}
# => Specify the sender address
REPORT_SENDER=
# Changes the interval in which log files are rotated
# **weekly** => Rotate log files weekly
# daily => Rotate log files daily
# monthly => Rotate log files monthly
#
# Note: This Variable actually controls logrotate inside the container
# and rotates the log files depending on this setting. The main log output is
# still available in its entirety via `docker logs mail` (Or your
# respective container name). If you want to control logrotation for
# the Docker-generated logfile see:
# https://docs.docker.com/config/containers/logging/configure/
#
# Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger).
LOGROTATE_INTERVAL=weekly
# Defines how many log files are kept by logrorate
LOGROTATE_COUNT=4
# If enabled, employs `reject_unknown_client_hostname` to sender restrictions in Postfix's configuration.
#
# - **0** => Disabled
# - 1 => Enabled
POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0
# Choose TCP/IP protocols for postfix to use
# **all** => All possible protocols.
# ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.
# ipv6 => Use only IPv6 traffic.
#
# Note: More details at http://www.postfix.org/postconf.5.html#inet_protocols
POSTFIX_INET_PROTOCOLS=ipv4
# Enables MTA-STS support for outbound mail.
# More details: https://docker-mailserver.github.io/docker-mailserver/v13.3/config/best-practices/mta-sts/
# - **0** ==> MTA-STS disabled
# - 1 => MTA-STS enabled
ENABLE_MTA_STS=0
# Choose TCP/IP protocols for dovecot to use
# **all** => Listen on all interfaces
# ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker.
# ipv6 => Listen only on IPv6 interfaces.
#
# Note: More information at https://dovecot.org/doc/dovecot-example.conf
DOVECOT_INET_PROTOCOLS=ipv4
# -----------------------------------------------
# --- SpamAssassin Section ----------------------
# -----------------------------------------------
ENABLE_SPAMASSASSIN=0
# KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation.
# If SpamAssassin is enabled, KAM can be used in addition to the default ruleset.
# - **0** => KAM disabled
# - 1 => KAM enabled
#
# Note: only has an effect if `ENABLE_SPAMASSASSIN=1`
ENABLE_SPAMASSASSIN_KAM=0
# deliver spam messages to the inbox (tagged using SPAM_SUBJECT)
SPAMASSASSIN_SPAM_TO_INBOX=1
# spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required)
MOVE_SPAM_TO_JUNK=1
# spam messages will be marked as read
MARK_SPAM_AS_READ=0
# add 'spam info' headers at, or above this level
SA_TAG=2.0
# add 'spam detected' headers at, or above this level
SA_TAG2=6.31
# triggers spam evasive actions
SA_KILL=10.0
# -----------------------------------------------
# --- Fetchmail Section -------------------------
# -----------------------------------------------
ENABLE_FETCHMAIL=0
# The interval to fetch mail in seconds
FETCHMAIL_POLL=300
# Use multiple fetchmail instances (1 per poll entry in fetchmail.cf)
# Supports multiple IMAP IDLE connections when a server is used across multiple poll entries
# https://otremba.net/wiki/Fetchmail_(Debian)#Immediate_Download_via_IMAP_IDLE
FETCHMAIL_PARALLEL=0
# Enable or disable `getmail`.
#
# - **0** => Disabled
# - 1 => Enabled
ENABLE_GETMAIL=0
# The number of minutes for the interval. Min: 1; Max: 30.
GETMAIL_POLL=5
# -----------------------------------------------
# --- OAUTH2 Section ----------------------------
# -----------------------------------------------
# empty => OAUTH2 authentication is disabled
# 1 => OAUTH2 authentication is enabled
ENABLE_OAUTH2=
# Specify the user info endpoint URL of the oauth2 provider
# Example: https://oauth2.example.com/userinfo/
OAUTH2_INTROSPECTION_URL=
# -----------------------------------------------
# --- LDAP Section ------------------------------
# -----------------------------------------------
# A second container for the ldap service is necessary (i.e. https://hub.docker.com/r/bitnami/openldap/)
# empty => no
# yes => LDAP over TLS enabled for Postfix
LDAP_START_TLS=
# empty => mail.example.com
# Specify the `<dns-name>` / `<ip-address>` where the LDAP server is reachable via a URI like: `ldaps://mail.example.com`.
# Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`).
LDAP_SERVER_HOST=
# empty => ou=people,dc=domain,dc=com
# => e.g. LDAP_SEARCH_BASE=dc=mydomain,dc=local
LDAP_SEARCH_BASE=
# empty => cn=admin,dc=domain,dc=com
# => take a look at examples of SASL_LDAP_BIND_DN
LDAP_BIND_DN=
# empty** => admin
# => Specify the password to bind against ldap
LDAP_BIND_PW=
# e.g. `"(&(mail=%s)(mailEnabled=TRUE))"`
# => Specify how ldap should be asked for users
LDAP_QUERY_FILTER_USER=
# e.g. `"(&(mailGroupMember=%s)(mailEnabled=TRUE))"`
# => Specify how ldap should be asked for groups
LDAP_QUERY_FILTER_GROUP=
# e.g. `"(&(mailAlias=%s)(mailEnabled=TRUE))"`
# => Specify how ldap should be asked for aliases
LDAP_QUERY_FILTER_ALIAS=
# e.g. `"(&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(mailEnabled=TRUE))"`
# => Specify how ldap should be asked for domains
LDAP_QUERY_FILTER_DOMAIN=
# -----------------------------------------------
# --- Dovecot Section ---------------------------
# -----------------------------------------------
# empty => no
# yes => LDAP over TLS enabled for Dovecot
DOVECOT_TLS=
# e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
DOVECOT_USER_FILTER=
# e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
DOVECOT_PASS_FILTER=
# Define the mailbox format to be used
# default is maildir, supported values are: sdbox, mdbox, maildir
DOVECOT_MAILBOX_FORMAT=maildir
# empty => no
# yes => Allow bind authentication for LDAP
# https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds
DOVECOT_AUTH_BIND=
# -----------------------------------------------
# --- Postgrey Section --------------------------
# -----------------------------------------------
ENABLE_POSTGREY=0
# greylist for N seconds
POSTGREY_DELAY=300
# delete entries older than N days since the last time that they have been seen
POSTGREY_MAX_AGE=35
# response when a mail is greylisted
POSTGREY_TEXT="Delayed by Postgrey"
# whitelist host after N successful deliveries (N=0 to disable whitelisting)
POSTGREY_AUTO_WHITELIST_CLIENTS=5
# -----------------------------------------------
# --- SASL Section ------------------------------
# -----------------------------------------------
ENABLE_SASLAUTHD=0
# empty => pam
# `ldap` => authenticate against ldap server
# `shadow` => authenticate against local user db
# `mysql` => authenticate against mysql db
# `rimap` => authenticate against imap server
# Note: can be a list of mechanisms like pam ldap shadow
SASLAUTHD_MECHANISMS=
# empty => None
# e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
SASLAUTHD_MECH_OPTIONS=
# empty => Use value of LDAP_SERVER_HOST
# Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`).
SASLAUTHD_LDAP_SERVER=
# empty => Use value of LDAP_BIND_DN
# specify an object with privileges to search the directory tree
# e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
# e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
SASLAUTHD_LDAP_BIND_DN=
# empty => Use value of LDAP_BIND_PW
SASLAUTHD_LDAP_PASSWORD=
# empty => Use value of LDAP_SEARCH_BASE
# specify the search base
SASLAUTHD_LDAP_SEARCH_BASE=
# empty => default filter `(&(uniqueIdentifier=%u)(mailEnabled=TRUE))`
# e.g. for active directory: `(&(sAMAccountName=%U)(objectClass=person))`
# e.g. for openldap: `(&(uid=%U)(objectClass=person))`
SASLAUTHD_LDAP_FILTER=
# empty => no
# yes => LDAP over TLS enabled for SASL
# If set to yes, the protocol in SASLAUTHD_LDAP_SERVER must be ldap:// or missing.
SASLAUTHD_LDAP_START_TLS=
# empty => no
# yes => Require and verify server certificate
# If yes you must/could specify SASLAUTHD_LDAP_TLS_CACERT_FILE or SASLAUTHD_LDAP_TLS_CACERT_DIR.
SASLAUTHD_LDAP_TLS_CHECK_PEER=
# File containing CA (Certificate Authority) certificate(s).
# empty => Nothing is added to the configuration
# Any value => Fills the `ldap_tls_cacert_file` option
SASLAUTHD_LDAP_TLS_CACERT_FILE=
# Path to directory with CA (Certificate Authority) certificates.
# empty => Nothing is added to the configuration
# Any value => Fills the `ldap_tls_cacert_dir` option
SASLAUTHD_LDAP_TLS_CACERT_DIR=
# Specify what password attribute to use for password verification.
# empty => Nothing is added to the configuration but the documentation says it is `userPassword` by default.
# Any value => Fills the `ldap_password_attr` option
SASLAUTHD_LDAP_PASSWORD_ATTR=
# empty => `bind` will be used as a default value
# `fastbind` => The fastbind method is used
# `custom` => The custom method uses userPassword attribute to verify the password
SASLAUTHD_LDAP_AUTH_METHOD=
# Specify the authentication mechanism for SASL bind
# empty => Nothing is added to the configuration
# Any value => Fills the `ldap_mech` option
SASLAUTHD_LDAP_MECH=
# -----------------------------------------------
# --- SRS Section -------------------------------
# -----------------------------------------------
# envelope_sender => Rewrite only envelope sender address (default)
# header_sender => Rewrite only header sender (not recommended)
# envelope_sender,header_sender => Rewrite both senders
# An email has an "envelope" sender (indicating the sending server) and a
# "header" sender (indicating who sent it). More strict SPF policies may require
# you to replace both instead of just the envelope sender.
SRS_SENDER_CLASSES=envelope_sender
# empty => Envelope sender will be rewritten for all domains
# provide comma separated list of domains to exclude from rewriting
SRS_EXCLUDE_DOMAINS=
# empty => generated when the image is built
# provide a secret to use in base64
# you may specify multiple keys, comma separated. the first one is used for
# signing and the remaining will be used for verification. this is how you
# rotate and expire keys
SRS_SECRET=
# -----------------------------------------------
# --- Default Relay Host Section ----------------
# -----------------------------------------------
# Setup relaying all mail through a default relay host
#
# Set a default host to relay all mail through (optionally include a port)
# Example: [mail.example.com]:587
DEFAULT_RELAY_HOST=
# -----------------------------------------------
# --- Multi-Domain Relay Section ----------------
# -----------------------------------------------
# Setup relaying for multiple domains based on the domain name of the sender
# optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf
#
# Set a default host to relay mail through
# Example: mail.example.com
RELAY_HOST=
# empty => 25
# default port to relay mail
RELAY_PORT=25
# -----------------------------------------------
# --- Relay Host Credentials Section ------------
# -----------------------------------------------
# Configure a relay user and password to use with RELAY_HOST / DEFAULT_RELAY_HOST
# empty => no default
RELAY_USER=
# empty => no default
RELAY_PASSWORD=

164
configuration/docker/compose/new-docker-compose.yml Normal file
View File

@@ -0,0 +1,164 @@
services:
# Database for OpenPanel users, plans, websites and domains
openpanel_mysql:
image: mysql/mysql-server
container_name: openpanel_mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: panel
MYSQL_USER: panel
MYSQL_PASSWORD: ${MYSQL_ROOT_PASSWORD}
ports:
- "3306:3306"
volumes:
- openadmin_mysql:/var/lib/mysql
- /etc/openpanel/:/etc/openpanel/
- /root/initialize.sql:/docker-entrypoint-initdb.d/initialize.sql
mem_limit: 0.5g
cpus: 1.0
oom_kill_disable: true
# OpenPanel service running on port 2083
openpanel:
image: openpanel/openpanel
container_name: openpanel
depends_on:
- openpanel_mysql
cap_add:
- NET_ADMIN
- SYS_MODULE
volumes:
- /etc/nginx/sites-available/:/etc/nginx/sites-available/
- /etc/nginx/sites-enabled/:/etc/nginx/sites-enabled/
- /etc/bind:/etc/bind
- /lib/modules:/lib/modules:ro
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/hostfs:ro
- /home:/home
- /usr/local/admin:/usr/local/admin
- /usr/local/admin/scripts:/usr/local/admin/scripts
- /var/log:/var/log
- /etc/ufw:/etc/ufw
- /etc/letsencrypt:/etc/letsencrypt
- /etc/my.cnf:/etc/my.cnf
- /etc/openpanel/:/etc/openpanel/
- /var/run/docker.sock:/var/run/docker.sock
- openadmin_mysql:/var/lib/mysql
- /usr/bin/docker:/usr/bin/docker
- /root/:/root/
# https://dev.openpanel.com/customize.html#Custom-Code
- /etc/openpanel/openpanel/custom_code/:/usr/local/panel/templates/custom_code/
- /etc/openpanel/openpanel/custom_code/custom.css:/usr/local/panel/static/css/custom.css
- /etc/openpanel/openpanel/custom_code/custom.js:/usr/local/panel/static/js/custom.js
- /etc/openpanel/openpanel/conf/knowledge_base_articles.json:/etc/openpanel/openpanel/conf/knowledge_base_articles.json
network_mode: host
mem_limit: 1g
cpus: 1.0
restart: always
privileged: true
# Webserver from 0.2.5+
nginx:
image: nginx:alpine
container_name: nginx
network_mode: "host"
volumes:
- /etc/openpanel/nginx/nginx.conf:/etc/nginx/nginx.conf
- /etc/openpanel/nginx/vhosts/default.conf:/etc/nginx/conf.d/default.conf
- /etc/openpanel/nginx/vhosts/openpanel_proxy.conf:/etc/openpanel/nginx/vhosts/openpanel_proxy.conf
- /etc/nginx/sites-available/:/etc/nginx/sites-available/
- /etc/nginx/sites-enabled/:/etc/nginx/sites-enabled/
- /etc/nginx/ssl/:/etc/nginx/ssl/ # for custom ssl from 0.2.6
- /etc/openpanel/nginx/error_pages/snippets/:/etc/nginx/snippets/
- /etc/openpanel/nginx/error_pages/:/srv/http/default/
- /var/log/nginx/:/var/log/nginx/
- /etc/letsencrypt/options-ssl-nginx.conf:/etc/letsencrypt/options-ssl-nginx.conf
- /etc/letsencrypt/ssl-dhparams.pem:/etc/letsencrypt/ssl-dhparams.pem
- /etc/letsencrypt/:/etc/letsencrypt/
- /etc/openpanel/openpanel/core/users/:/etc/openpanel/openpanel/core/users/
- /etc/hosts:/etc/hosts
- /usr/share/nginx/html/:/usr/share/nginx/html/
- /home/:/home/:ro
restart: unless-stopped
mem_limit: 1g
cpus: 1.0
oom_kill_disable: true
# SSL status and renewals
certbot:
image: certbot/certbot:latest
container_name: certbot
network_mode: "host"
volumes:
- /etc/letsencrypt:/etc/letsencrypt # Let's Encrypt certificates
- /var/lib/letsencrypt:/var/lib/letsencrypt # Working directory for Certbot
- /etc/nginx/sites-available:/etc/nginx/sites-available # Access to Nginx config for authentication challenges
- /etc/nginx/sites-enabled:/etc/nginx/sites-enabled # Enabled sites for reloading after cert issuance
entrypoint: /bin/sh -c 'trap exit TERM; while :; do sleep 6h & wait $${!}; certbot renew; nginx -s reload; done'
restart: unless-stopped
mem_limit: 0.1g
cpus: 0.1
oom_kill_disable: true
# DNS
bind9:
container_name: openpanel_dns
image: ubuntu/bind9:latest
environment:
- BIND9_USER=root
- TZ=America/New_York
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- /etc/bind/:/etc/bind/
restart: unless-stopped
mem_limit: 0.1g
cpus: 0.1
oom_kill_disable: true
# FTP
ftp_env_generator:
image: alpine:latest
container_name: ftp_env_generator
volumes:
- /etc/openpanel/ftp/:/etc/openpanel/ftp/
- /usr/local/admin/scripts/ftp/users:/usr/local/admin/scripts/ftp/users
entrypoint: /bin/sh -c "/usr/local/admin/scripts/ftp/users"
restart: "no" # Do not restart, we just want it to run once
openadmin_ftp:
#OLD# image: delfer/alpine-ftp-server
build:
context: /etc/openpanel/ftp/
container_name: openadmin_ftp
restart: always
ports:
- "21:21"
- "21000-21010:21000-21010"
volumes:
- /home/:/home/
- /etc/openpanel/ftp/vsftpd.conf:/etc/vsftpd/vsftpd.conf
- /etc/openpanel/ftp/start_vsftpd.sh:/bin/start_vsftpd.sh
- /etc/openpanel/ftp/vsftpd.chroot_list:/etc/vsftpd.chroot_list
- /etc/openpanel/users/:/etc/openpanel/ftp/users/
# uncomment for ssl # - /etc/letsencrypt:/etc/letsencrypt:ro
depends_on:
- ftp_env_generator
env_file:
- /etc/openpanel/ftp/all.users
# uncomment the following lines for SSL and replace ftp.YOUR_DOMAIN_HERE.com with your domain
# environment:
# - ADDRESS=ftp.YOUR_DOMAIN_HERE.com
# - TLS_CERT="/etc/letsencrypt/live/ftp.YOUR_DOMAIN_HERE.com/fullchain.pem"
# - TLS_KEY="/etc/letsencrypt/live/ftp.YOUR_DOMAIN_HERE.com/privkey.pem"
mem_limit: 0.5g
cpus: 0.5
# make the mysql data persistent
volumes:
openadmin_mysql:

7
configuration/docker/devicemapper/daemon.json Normal file
View File

@@ -0,0 +1,7 @@
{
"storage-driver": "devicemapper",
"log-driver": "local",
"log-opts": {
"max-size": "5m"
}
}

7
configuration/docker/overlay2/daemon.json Normal file
View File

@@ -0,0 +1,7 @@
{
"storage-driver": "overlay2",
"log-driver": "local",
"log-opts": {
"max-size": "5m"
}
}

4
configuration/docker/overlay2/fedora.json Normal file
View File

@@ -0,0 +1,4 @@
{
"data-root": "/var/lib/docker",
"storage-driver": "overlay2"
}

8
configuration/docker/overlay2/xfs_file.json Normal file
View File

@@ -0,0 +1,8 @@
{
"data-root": "/var/lib/docker",
"storage-driver": "overlay2",
"log-driver": "local",
"log-opts": {
"max-size": "5m"
}
}

28
configuration/ftp/Dockerfile Normal file
View File

@@ -0,0 +1,28 @@
ARG BASE_IMG=alpine:3.19
FROM $BASE_IMG AS pidproxy
RUN apk --no-cache add alpine-sdk \
&& git clone https://github.com/ZentriaMC/pidproxy.git \
&& cd pidproxy \
&& git checkout 193e5080e3e9b733a59e25d8f7ec84aee374b9bb \
&& sed -i 's/-mtune=generic/-mtune=native/g' Makefile \
&& make \
&& mv pidproxy /usr/bin/pidproxy \
&& cd .. \
&& rm -rf pidproxy \
&& apk del alpine-sdk
FROM $BASE_IMG
COPY --from=pidproxy /usr/bin/pidproxy /usr/bin/pidproxy
RUN apk --no-cache add vsftpd tini shadow
COPY start_vsftpd.sh /bin/start_vsftpd.sh
COPY vsftpd.conf /etc/vsftpd/vsftpd.conf
EXPOSE 21 21000-21010
VOLUME /ftp/ftp
ENTRYPOINT ["/sbin/tini", "--", "/bin/start_vsftpd.sh"]

0
configuration/.gitkeep → configuration/ftp/all.users
View File

86
configuration/ftp/start_vsftpd.sh Normal file
View File

@@ -0,0 +1,86 @@
#!/bin/sh
#Remove all ftp users
grep '/ftp/' /etc/passwd | cut -d':' -f1 | xargs -r -n1 deluser
#Create users
#USERS='name1|password1|[folder1][|uid1][|gid1] name2|password2|[folder2][|uid2][|gid2]'
#may be:
# user|password foo|bar|/home/foo
#OR
# user|password|/home/user/dir|10000
#OR
# user|password|/home/user/dir|10000|10000
#OR
# user|password||10000|82
#Default user 'ftp' with password 'alpineftp'
if [ -z "$USERS" ]; then
USERS="alpineftp|alpineftp"
fi
for i in $USERS ; do
NAME=$(echo $i | cut -d'|' -f1)
GROUP=$NAME
PASS=$(echo $i | cut -d'|' -f2)
FOLDER=$(echo $i | cut -d'|' -f3)
UID=$(echo $i | cut -d'|' -f4)
# Add group handling
GID=$(echo $i | cut -d'|' -f5)
if [ -z "$FOLDER" ]; then
FOLDER="/ftp/$NAME"
fi
if [ ! -z "$UID" ]; then
UID_OPT="-u $UID"
fi
if [ -z "$GID" ]; then
GID="33" # www-data group
fi
#Check if the group with the same ID already exists
GROUP=$(getent group $GID | cut -d: -f1)
if [ ! -z "$GROUP" ]; then
GROUP_OPT="-G $GROUP"
elif [ ! -z "$GID" ]; then
# Group don't exist but GID supplied
addgroup -g $GID $NAME
GROUP_OPT="-G $NAME"
fi
echo -e "$PASS\n$PASS" | adduser -h $FOLDER -s /sbin/nologin $UID_OPT $GROUP_OPT $NAME
mkdir -p $FOLDER
chown $NAME:$GROUP $FOLDER
unset NAME PASS FOLDER UID GID
done
if [ -z "$MIN_PORT" ]; then
MIN_PORT=21000
fi
if [ -z "$MAX_PORT" ]; then
MAX_PORT=21010
fi
if [ ! -z "$ADDRESS" ]; then
ADDR_OPT="-opasv_address=$ADDRESS"
fi
if [ ! -z "$TLS_CERT" ] || [ ! -z "$TLS_KEY" ]; then
TLS_OPT="-orsa_cert_file=$TLS_CERT -orsa_private_key_file=$TLS_KEY -ossl_enable=YES -oallow_anon_ssl=NO -oforce_local_data_ssl=YES -oforce_local_logins_ssl=YES -ossl_tlsv1=NO -ossl_sslv2=NO -ossl_sslv3=NO -ossl_ciphers=HIGH"
fi
# Used to run custom commands inside container
if [ ! -z "$1" ]; then
exec "$@"
else
vsftpd -opasv_min_port=$MIN_PORT -opasv_max_port=$MAX_PORT $ADDR_OPT $TLS_OPT /etc/vsftpd/vsftpd.conf
[ -d /var/run/vsftpd ] || mkdir /var/run/vsftpd
pgrep vsftpd | tail -n 1 > /var/run/vsftpd/vsftpd.pid
exec pidproxy /var/run/vsftpd/vsftpd.pid true
fi

24
configuration/ftp/vsftpd.conf Normal file
View File

@@ -0,0 +1,24 @@
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
#chown_username=root
vsftpd_log_file=/proc/1/fd/1
#idle_session_timeout=600
#data_connection_timeout=120
ftpd_banner=Welcome to OpenPanel FTP server
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES
pasv_enable=YES
pasv_addr_resolve=YES
seccomp_sandbox=NO
background=YES
setproctitle_enable=YES

BIN
configuration/goaccess/GeoLite2-City_20231219.tar.gz Normal file
View File

Binary file not shown.

BIN
configuration/goaccess/GeoLite2-Country_20231219.tar.gz Normal file
View File

Binary file not shown.

52
configuration/goaccess/goaccess.conf Normal file
View File

@@ -0,0 +1,52 @@
time-format %H:%M:%S
date-format %d/%b/%Y
log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
html-prefs {"theme":"bright"}
json-pretty-print false
no-color false
no-column-names false
no-csv-summary false
no-progress false
no-tab-scroll false
with-mouse false
static-file .css
static-file .js
static-file .jpg
static-file .png
static-file .gif
static-file .ico
static-file .jpeg
static-file .pdf
static-file .csv
static-file .mpeg
static-file .mpg
static-file .swf
static-file .woff
static-file .woff2
static-file .xls
static-file .xlsx
static-file .doc
static-file .docx
static-file .ppt
static-file .pptx
static-file .txt
static-file .zip
static-file .ogg
static-file .mp3
static-file .mp4
static-file .exe
static-file .iso
static-file .gz
static-file .rar
static-file .svg
static-file .bmp
static-file .tar
static-file .tgz
static-file .tiff
static-file .tif
static-file .ttf
static-file .flv
static-file .dmg
static-file .xz
static-file .zst
geoip-database /etc/goaccess/GeoIP/GeoLite2-City_20231219/GeoLite2-City.mmdb

6
configuration/mysql/db.cnf Normal file
View File

@@ -0,0 +1,6 @@
[client]
user = panel
database = panel
password = NewPassword
host = localhost
protocol = tcp

192
configuration/mysql/initialize/mariadb_plans.sql Normal file
View File

@@ -0,0 +1,192 @@
-- MySQL dump 10.13 Distrib 8.0.36, for Linux (x86_64)
--
-- Host: localhost Database: panel
-- ------------------------------------------------------
-- Server version 8.0.36-0ubuntu0.22.04.1
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
START TRANSACTION;
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: `panel`
--
-- --------------------------------------------------------
--
-- Table structure for table `domains`
--
CREATE TABLE `domains` (
`domain_id` int NOT NULL,
`domain_name` varchar(255) NOT NULL,
`domain_url` varchar(255) NOT NULL,
`user_id` int DEFAULT NULL,
`php_version` varchar(255) DEFAULT '8.2'
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `plans`
--
CREATE TABLE `plans` (
`id` int NOT NULL,
`name` varchar(255) NOT NULL,
`description` text,
`domains_limit` int NOT NULL,
`websites_limit` int NOT NULL,
`disk_limit` text NOT NULL,
`inodes_limit` bigint NOT NULL,
`db_limit` int NOT NULL,
`cpu` varchar(50) DEFAULT NULL,
`ram` varchar(50) DEFAULT NULL,
`docker_image` varchar(50) DEFAULT NULL,
`bandwidth` int DEFAULT NULL,
`storage_file` text DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Dumping data for table `plans`
--
LOCK TABLES `plans` WRITE;
/*!40000 ALTER TABLE `plans` DISABLE KEYS */;
INSERT INTO `plans` VALUES (1,'ubuntu_nginx_mysql','Unlimited disk space and Nginx',0,10,'10 GB',1000000,0,'1','1g','openpanel/nginx',100,'0 GB'),(2,'ubuntu_apache_mysql','Unlimited disk space and Apache',0,10,'10 GB',1000000,0,'1','1g','openpanel/apache',100,'0 GB'),(3,'ubuntu_apache_mariadb','Unlimited disk space and Apache+MariaDB',0,10,'10 GB',1000000,0,'1','1g','openpanel/apache-mariadb',100,'0 GB'),(4,'ubuntu_nginx_mariadb','Unlimited disk space and Nginx+MariaDB',0,10,'10 GB',1000000,0,'1','1g','openpanel/nginx-mariadb',100,'0 GB');
/*!40000 ALTER TABLE `plans` ENABLE KEYS */;
UNLOCK TABLES;
-- --------------------------------------------------------
--
-- Table structure for table `sites`
--
CREATE TABLE `sites` (
`id` int NOT NULL,
`site_name` varchar(255) DEFAULT NULL,
`domain_id` int DEFAULT NULL,
`admin_email` varchar(255) DEFAULT NULL,
`version` varchar(20) DEFAULT NULL,
`created_date` datetime DEFAULT CURRENT_TIMESTAMP,
`type` varchar(50) DEFAULT NULL,
`ports` int DEFAULT NULL,
`path` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE `users` (
`id` int NOT NULL,
`username` varchar(255) NOT NULL,
`password` varchar(255) NOT NULL,
`email` varchar(255) NOT NULL,
`services` varchar(255) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT '1,2,3,4,5,6,7,8,9,10,11,12',
`user_domains` varchar(255) NOT NULL DEFAULT '',
`twofa_enabled` tinyint(1) DEFAULT '0',
`otp_secret` varchar(255) DEFAULT NULL,
`plan` varchar(255) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL,
`registered_date` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
`plan_id` int DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Indexes for dumped tables
--
--
-- Indexes for table `domains`
--
ALTER TABLE `domains`
ADD PRIMARY KEY (`domain_id`),
ADD KEY `user_id` (`user_id`);
--
-- Indexes for table `plans`
--
ALTER TABLE `plans`
ADD PRIMARY KEY (`id`);
--
-- Indexes for table `sites`
--
ALTER TABLE `sites`
ADD PRIMARY KEY (`id`),
ADD KEY `fk_sites_domain` (`domain_id`);
--
-- Indexes for table `users`
--
ALTER TABLE `users`
ADD PRIMARY KEY (`id`),
ADD KEY `fk_plan_id` (`plan_id`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `domains`
--
ALTER TABLE `domains`
MODIFY `domain_id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
--
-- AUTO_INCREMENT for table `plans`
--
ALTER TABLE `plans`
MODIFY `id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=5;
--
-- AUTO_INCREMENT for table `sites`
--
ALTER TABLE `sites`
MODIFY `id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
--
-- AUTO_INCREMENT for table `users`
--
ALTER TABLE `users`
MODIFY `id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
--
-- Constraints for dumped tables
--
--
-- Constraints for table `domains`
--
ALTER TABLE `domains`
ADD CONSTRAINT `domains_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`);
--
-- Constraints for table `sites`
--
ALTER TABLE `sites`
ADD CONSTRAINT `fk_sites_domain` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`domain_id`);
--
-- Constraints for table `users`
--
ALTER TABLE `users`
ADD CONSTRAINT `fk_plan_id` FOREIGN KEY (`plan_id`) REFERENCES `plans` (`id`) ON DELETE SET NULL;
COMMIT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

192
configuration/mysql/initialize/mysql_plans.sql Normal file
View File

@@ -0,0 +1,192 @@
-- MySQL dump 10.13 Distrib 8.0.36, for Linux (x86_64)
--
-- Host: localhost Database: panel
-- ------------------------------------------------------
-- Server version 8.0.36-0ubuntu0.22.04.1
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
START TRANSACTION;
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: `panel`
--
-- --------------------------------------------------------
--
-- Table structure for table `domains`
--
CREATE TABLE `domains` (
`domain_id` int NOT NULL,
`domain_name` varchar(255) NOT NULL,
`domain_url` varchar(255) NOT NULL,
`user_id` int DEFAULT NULL,
`php_version` varchar(255) DEFAULT '8.2'
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `plans`
--
CREATE TABLE `plans` (
`id` int NOT NULL,
`name` varchar(255) NOT NULL,
`description` text,
`domains_limit` int NOT NULL,
`websites_limit` int NOT NULL,
`disk_limit` text NOT NULL,
`inodes_limit` bigint NOT NULL,
`db_limit` int NOT NULL,
`cpu` varchar(50) DEFAULT NULL,
`ram` varchar(50) DEFAULT NULL,
`docker_image` varchar(50) DEFAULT NULL,
`bandwidth` int DEFAULT NULL,
`storage_file` text DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Dumping data for table `plans`
--
LOCK TABLES `plans` WRITE;
/*!40000 ALTER TABLE `plans` DISABLE KEYS */;
INSERT INTO `plans` VALUES (1,'ubuntu_nginx_mysql','Unlimited disk space and Nginx',0,10,'10 GB',1000000,0,'1','1g','openpanel/nginx',100,'0 GB'),(2,'ubuntu_apache_mysql','Unlimited disk space and Apache',0,10,'10 GB',1000000,0,'1','1g','openpanel/apache',100,'0 GB');
/*!40000 ALTER TABLE `plans` ENABLE KEYS */;
UNLOCK TABLES;
-- --------------------------------------------------------
--
-- Table structure for table `sites`
--
CREATE TABLE `sites` (
`id` int NOT NULL,
`site_name` varchar(255) DEFAULT NULL,
`domain_id` int DEFAULT NULL,
`admin_email` varchar(255) DEFAULT NULL,
`version` varchar(20) DEFAULT NULL,
`created_date` datetime DEFAULT CURRENT_TIMESTAMP,
`type` varchar(50) DEFAULT NULL,
`ports` int DEFAULT NULL,
`path` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE `users` (
`id` int NOT NULL,
`username` varchar(255) NOT NULL,
`password` varchar(255) NOT NULL,
`email` varchar(255) NOT NULL,
`services` varchar(255) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT '1,2,3,4,5,6,7,8,9,10,11,12',
`user_domains` varchar(255) NOT NULL DEFAULT '',
`twofa_enabled` tinyint(1) DEFAULT '0',
`otp_secret` varchar(255) DEFAULT NULL,
`plan` varchar(255) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL,
`registered_date` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
`plan_id` int DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Indexes for dumped tables
--
--
-- Indexes for table `domains`
--
ALTER TABLE `domains`
ADD PRIMARY KEY (`domain_id`),
ADD KEY `user_id` (`user_id`);
--
-- Indexes for table `plans`
--
ALTER TABLE `plans`
ADD PRIMARY KEY (`id`);
--
-- Indexes for table `sites`
--
ALTER TABLE `sites`
ADD PRIMARY KEY (`id`),
ADD KEY `fk_sites_domain` (`domain_id`);
--
-- Indexes for table `users`
--
ALTER TABLE `users`
ADD PRIMARY KEY (`id`),
ADD KEY `fk_plan_id` (`plan_id`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `domains`
--
ALTER TABLE `domains`
MODIFY `domain_id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
--
-- AUTO_INCREMENT for table `plans`
--
ALTER TABLE `plans`
MODIFY `id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=3;
--
-- AUTO_INCREMENT for table `sites`
--
ALTER TABLE `sites`
MODIFY `id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
--
-- AUTO_INCREMENT for table `users`
--
ALTER TABLE `users`
MODIFY `id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
--
-- Constraints for dumped tables
--
--
-- Constraints for table `domains`
--
ALTER TABLE `domains`
ADD CONSTRAINT `domains_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`);
--
-- Constraints for table `sites`
--
ALTER TABLE `sites`
ADD CONSTRAINT `fk_sites_domain` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`domain_id`);
--
-- Constraints for table `users`
--
ALTER TABLE `users`
ADD CONSTRAINT `fk_plan_id` FOREIGN KEY (`plan_id`) REFERENCES `plans` (`id`) ON DELETE SET NULL;
COMMIT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

20
configuration/mysql/mysqld.cnf Normal file
View File

@@ -0,0 +1,20 @@
[mysqld]
user = mysql
bind-address = 127.0.0.1
mysqlx-bind-address = 127.0.0.1
key_buffer_size = 160M
max_allowed_packet = 32M
thread_stack = 256K
myisam-recover-options = BACKUP
table_open_cache = 4000
interactive_timeout=15
wait_timeout=10
#max_user_connections=20
#max_connections = 151
log_error = /var/log/mysql/error.log
max_binlog_size = 100M
expire_logs_days=3

0
packages/cli/test/jest.setup.ts → configuration/nginx/.gitkeep
View File

29
configuration/nginx/cloudflare.inc Normal file
View File

@@ -0,0 +1,29 @@
# Cloudflare IP Ranges
# IPv4
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
# IPv6
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;

23
configuration/nginx/error_pages/400.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 400 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 400 - Bad Request</h1>
<p>The 400 (Bad Request) status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/401.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 401 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 401 - Unauthorized</h1>
<p>The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server generating a 401 response MUST send a WWW-Authenticate header field (Section 4.1) containing at least one challenge applicable to the target resource.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/402.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 402 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 402 - Payment Required</h1>
<p>The 402 (Payment Required) status code is reserved for future use.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/403.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 403 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 403 - Forbidden</h1>
<p>The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/404.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 404 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 404 - Not Found</h1>
<p>The 404 (Not Found) status code indicates that the origin server did not find a current representation for the target resource or is not willing to disclose that one exists. A 404 status code does not indicate whether this lack of representation is temporary or permanent; the 410 (Gone) status code is preferred over 404 if the origin server knows, presumably through some configurable means, that the condition is likely to be permanent.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/405.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 405 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 405 - Method Not Allowed</h1>
<p>The 405 (Method Not Allowed) status code indicates that the method received in the request-line is known by the origin server but not supported by the target resource. The origin server MUST generate an Allow header field in a 405 response containing a list of the target resource's currently supported methods.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/406.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 406 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 406 - Not Acceptable</h1>
<p>The 406 (Not Acceptable) status code indicates that the target resource does not have a current representation that would be acceptable to the user agent, according to the proactive negotiation header fields received in the request, and the server is unwilling to supply a default representation.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/407.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 407 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 407 - Proxy Authentication Required</h1>
<p>The 407 (Proxy Authentication Required) status code is similar to 401 (Unauthorized), but it indicates that the client needs to authenticate itself in order to use a proxy. The proxy MUST send a Proxy-Authenticate header field containing a challenge applicable to that proxy for the target resource. The client MAY repeat the request with a new or replaced Proxy-Authorization header field.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/408.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 408 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 408 - Request Timeout</h1>
<p>The 408 (Request Timeout) status code indicates that the server did not receive a complete request message within the time that it was prepared to wait. A server SHOULD send the "close" connection option in the response, since 408 implies that the server has decided to close the connection rather than continue waiting. If the client has an outstanding request in transit, the client MAY repeat that request on a new connection.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/409.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 409 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 409 - Conflict</h1>
<p>The 409 (Conflict) status code indicates that the request could not be completed due to a conflict with the current state of the target resource. This code is used in situations where the user might be able to resolve the conflict and resubmit the request. The server SHOULD generate a payload that includes enough information for a user to recognize the source of the conflict.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/410.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 410 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 410 - Gone</h1>
<p>The 410 (Gone) status code indicates that access to the target resource is no longer available at the origin server and that this condition is likely to be permanent. If the origin server does not know, or has no facility to determine, whether or not the condition is permanent, the status code 404 (Not Found) ought to be used instead.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/411.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 411 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 411 - Length Required</h1>
<p>The 411 (Length Required) status code indicates that the server refuses to accept the request without a defined Content-Length. The client MAY repeat the request if it adds a valid Content-Length header field containing the length of the message body in the request message.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/412.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 412 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 412 - Precondition Failed</h1>
<p>The 412 (Precondition Failed) status code indicates that one or more conditions given in the request header fields evaluated to false when tested on the server. This response code allows the client to place preconditions on the current resource state (its current representations and metadata) and, thus, prevent the request method from being applied if the target resource is in an unexpected state.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/413.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 413 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 413 - Payload Too Large</h1>
<p>The 413 (Payload Too Large) status code indicates that the server is refusing to process a request because the request payload is larger than the server is willing or able to process. The server MAY close the connection to prevent the client from continuing the request.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/414.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 414 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 414 - URI Too Long</h1>
<p>The 414 (URI Too Long) status code indicates that the server is refusing to service the request because the request-target is longer than the server is willing to interpret.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/415.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 415 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 415 - Unsupported Media Type</h1>
<p>The 415 (Unsupported Media Type) status code indicates that the origin server is refusing to service the request because the payload is in a format not supported by this method on the target resource. The format problem might be due to the request's indicated Content-Type or Content-Encoding, or as a result of inspecting the data directly.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/416.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 416 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 416 - Range Not Satisfiable</h1>
<p>The 416 (Range Not Satisfiable) status code indicates that none of the ranges in the request's Range header field (Section 3.1) overlap the current extent of the selected resource or that the set of ranges requested has been rejected due to invalid ranges or an excessive request of small or overlapping ranges.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/417.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 417 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 417 - Expectation Failed</h1>
<p>The 417 (Expectation Failed) status code indicates that the expectation given in the request's Expect header field could not be met by at least one of the inbound servers.</p>
</div>
</body>
</html>

45
configuration/nginx/error_pages/418.html Normal file
View File

@@ -0,0 +1,45 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 418 - %{HOSTNAME}</title>
<style>
html{
background-image:url('/_errors/images/teapot.jpg');
background-size: cover;
background-position: 50% 50%;
}
body>div.overlay{
position: absolute;
display: flex;
align-items: center;
justify-content: center;
top: 0;
left: 0;
bottom: 0;
right: 0;
height: 100vh;
width: 100vw;
background-color: rgba(20,20,20, 0.5);
}
body>div.overlay>.error-middle{
position: relative;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="overlay">
<div class="error-middle">
<h1>Error 418 - I'm a teapot</h1>
<p>I cannot brew your coffee because I'm a teapot.</p>
</div>
</div>
</body>
</html>

23
configuration/nginx/error_pages/421.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 421 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 421 - Misdirected Request</h1>
<p>The 421 (Misdirected Request) status code indicates that the request was directed at a server that is not able to produce a response. This can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/422.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 422 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 422 - Unprocessable Entity</h1>
<p>The 422 (Unprocessable Entity) status code means the server understands the content type of the request entity (hence a 415 (Unsupported Media Type) status code is inappropriate), and the syntax of the request entity is correct (thus a 400 (Bad Request) status code is inappropriate) but was unable to process the contained instructions. For example, this error condition may occur if an XML request body contains well-formed (i.e., syntactically correct), but semantically erroneous, XML instructions.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/423.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 423 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 423 - Locked</h1>
<p>The 423 (Locked) status code means the source or destination resource of a method is locked. This response SHOULD contain an appropriate precondition or postcondition code, such as 'lock-token-submitted' or 'no-conflicting-lock'.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/424.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 424 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 424 - Failed Dependency</h1>
<p>The 424 (Failed Dependency) status code means that the method could not be performed on the resource because the requested action depended on another action and that action failed. For example, if a command in a PROPPATCH method fails, then, at minimum, the rest of the commands will also fail with 424 (Failed Dependency).</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/425.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 425 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 425 - Too Early</h1>
<p>A 425 (Too Early) status code indicates that the server is unwilling to risk processing a request that might be replayed. User agents that send a request in early data are expected to retry the request when receiving a 425 (Too Early) response status code. A user agent SHOULD retry automatically, but any retries MUST NOT be sent in early data.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/426.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 426 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 426 - Upgrade Required</h1>
<p>The 426 (Upgrade Required) status code indicates that the server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol. The server MUST send an Upgrade header field in a 426 response to indicate the required protocol(s).</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/428.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 428 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 428 - Precondition Required</h1>
<p>The 428 status code indicates that the origin server requires the request to be conditional.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/429.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 429 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 429 - Too Many Requests</h1>
<p>The 429 status code indicates that the user has sent too many requests in a given amount of time ("rate limiting").</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/431.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 431 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 431 - Request Header Fields Too Large</h1>
<p>The 431 status code indicates that the server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/451.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 451 - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 451 - Unavailable For Legal Reasons</h1>
<p>This status code indicates that the server is denying access to the resource as a consequence of a legal demand. The server in question might not be an origin server. This type of legal demand typically most directly affects the operations of ISPs and search engines.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/500.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 500 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 500 - Internal Server Error</h1>
<p>The 500 (Internal Server Error) status code indicates that the server encountered an unexpected condition that prevented it from fulfilling the request.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/501.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 501 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 501 - Not Implemented</h1>
<p>The 501 (Not Implemented) status code indicates that the server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/502.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 502 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 502 - Bad Gateway</h1>
<p>The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/503.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 503 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 503 - Service Unavailable</h1>
<p>The 503 (Service Unavailable) status code indicates that the server is currently unable to handle the request due to a temporary overload or scheduled maintenance, which will likely be alleviated after some delay. The server MAY send a Retry-After header field to suggest an appropriate amount of time for the client to wait before retrying the request.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/504.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 504 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 504 - Gateway Timeout</h1>
<p>The 504 (Gateway Timeout) status code indicates that the server, while acting as a gateway or proxy, did not receive a timely response from an upstream server it needed to access in order to complete the request.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/505.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 505 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 505 - HTTP Version Not Supported</h1>
<p>The 505 (HTTP Version Not Supported) status code indicates that the server does not support, or refuses to support, the major version of HTTP that was used in the request message. The server is indicating that it is unable or unwilling to complete the request using the same major version as the client, other than with this error message. The server SHOULD generate a representation for the 505 response that describes why that version is not supported and what other protocols are supported by that server.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/506.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 506 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 506 - Variant Also Negotiates</h1>
<p>The 506 status code indicates that the server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/507.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 507 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 507 - Insufficient Storage</h1>
<p>The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request that received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/508.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 508 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 508 - Loop Detected</h1>
<p>The 508 (Loop Detected) status code indicates that the server terminated an operation because it encountered an infinite loop while processing a request with "Depth: infinity". This status indicates that the entire operation failed.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/510.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 510 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 510 - Not Extended</h1>
<p>The policy for accessing the resource has not been met in the request. The server should send back all the information necessary for the client to issue an extended request. It is outside the scope of this specification to specify how the extensions inform the client.</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/511.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error 511 - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error 511 - Network Authentication Required</h1>
<p>The 511 status code indicates that the client needs to authenticate to gain network access.</p>
</div>
</body>
</html>

5
packages/codemod/LICENSE → configuration/nginx/error_pages/LICENSE
View File

@@ -1,10 +1,7 @@
The MIT License (MIT)
Copyright (c) 2021 Vercel, Inc.
Copyright 2018 Denys Vitali
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

BIN
configuration/nginx/error_pages/_errors/images/teapot.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 248 KiB

19
configuration/nginx/error_pages/_errors/main.css Normal file
View File

@@ -0,0 +1,19 @@
@import url(https://fonts.googleapis.com/css?family=Open+Sans);html{background-color:#fefefe}body{font-family:Open Sans,Arial;color:#454545;font-size:16px;margin:2em auto;max-width:800px;padding:1em;line-height:1.4;text-align:justify}html.contrast body{color:#050505}html.contrast blockquote{color:#11151a}html.contrast blockquote:before{color:#262626}html.contrast a{color:#0051c9}html.contrast a:visited{color:#7d013e}html.contrast span.wr{color:#800}html.contrast span.mfw{color:#117e69}html.inverted{background-color:#010101}html.inverted body{color:#bababa}html.inverted div#invmode{color:#fff;background-color:#000}html.inverted blockquote{color:#dad0c7}html.inverted blockquote:before{color:#bfbfbf}html.inverted a{color:#07a}html.inverted a:visited{color:#ac5a82}html.inverted span.wr{color:#c0392b}html.inverted span.mfw{color:#19b496}a{color:#07a}a:visited{color:#941352}.noselect{-webkit-touch-callout:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}span.citneed{vertical-align:top;font-size:.7em;padding-left:.3em}small{font-size:.4em}p.st{margin-top:-1em}div.fancyPositioning div.picture-left{float:left;width:40%;overflow:hidden;margin-right:1em}div.fancyPositioning div.picture-left img{width:100%}div.fancyPositioning div.picture-left p.caption{font-size:.7em}div.fancyPositioning div.tleft{float:left;width:55%}div.fancyPositioning div.tleft p:first-child{margin-top:0}div.fancyPositioning:after{display:block;content:"";clear:both}ul li img{height:1em}blockquote{color:#456;margin-left:0;margin-top:2em;margin-bottom:2em}blockquote span{float:left;margin-left:1rem;padding-top:1rem}blockquote author{display:block;clear:both;font-size:.6em;margin-left:2.4rem;font-style:oblique}blockquote author:before{content:"- ";margin-right:1em}blockquote:before{font-family:Times New Roman,Times,Arial;color:#666;content:open-quote;font-size:2.2em;font-weight:600;float:left;margin-top:0;margin-right:.2rem;width:1.2rem}blockquote:after{content:"";display:block;clear:both}@media screen and (max-width:500px){body{text-align:left}div.fancyPositioning div.picture-left,div.fancyPositioning div.tleft{float:none;width:inherit}blockquote span{width:80%}blockquote author{padding-top:1em;width:80%;margin-left:15%}blockquote author:before{content:"";margin-right:inherit}}span.visited{color:#941352}span.visited-maroon{color:#85144b}span.wr{color:#c0392b;font-weight:600;text-decoration:underline}div#contrast{color:#000;top:10px}div#contrast,div#invmode{cursor:pointer;position:absolute;right:10px;font-size:.8em;text-decoration:underline;-webkit-touch-callout:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}div#invmode{color:#fff;background-color:#000;top:34px;padding:2px 5px}span.sb{color:#00e}span.sb,span.sv{cursor:not-allowed}span.sv{color:#551a8b}span.foufoufou{color:#444;font-weight:700}span.foufoufou:before{content:"";display:inline-block;width:1em;height:1em;margin-left:.2em;margin-right:.2em;background-color:#444}span.foufivfoufivfoufiv{color:#454545;font-weight:700}span.foufivfoufivfoufiv:before{content:"";display:inline-block;width:1em;height:1em;margin-left:.2em;margin-right:.2em;background-color:#454545}span.mfw{color:#16a085}a.kopimi,a.kopimi img.kopimi{display:block;margin-left:auto;margin-right:auto}a.kopimi img.kopimi{height:2em}p.fakepre{font-family:monospace;font-size:.9em}
body{
display: flex;
align-items: center;
justify-content: center;
}
html{
display: flex;
align-items: center;
justify-content: center;
height: 100vh;
}
.error-middle{
display: block;
vertical-align: middle;
}

11
configuration/nginx/error_pages/index.html Normal file
View File

@@ -0,0 +1,11 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="main.css"/>
<title>%{HOSTNAME}</title>
</head>
<body>
<h1>%{HOSTNAME}</h1>
</body>
</html>

13
configuration/nginx/error_pages/snippets/error_pages.conf Normal file
View File

@@ -0,0 +1,13 @@
include snippets/error_pages_content.conf;
location ^~ /_errors/ {
root /srv/http/default;
allow all;
}
location ~ /(10[0-3]|2[02][1-9]|30[1-8]|4[0125][0-9]|50[0-9])\.html {
root /srv/http/default;
sub_filter '%{HOSTNAME}' $host;
sub_filter_once off;
allow all;
internal;
}

40
configuration/nginx/error_pages/snippets/error_pages_content.conf Normal file
View File

@@ -0,0 +1,40 @@
error_page 400 /400.html;
error_page 401 /401.html;
error_page 402 /402.html;
error_page 403 /403.html;
error_page 404 /404.html;
error_page 405 /405.html;
error_page 406 /406.html;
error_page 407 /407.html;
error_page 408 /408.html;
error_page 409 /409.html;
error_page 410 /410.html;
error_page 411 /411.html;
error_page 412 /412.html;
error_page 413 /413.html;
error_page 414 /414.html;
error_page 415 /415.html;
error_page 416 /416.html;
error_page 417 /417.html;
error_page 418 /418.html;
error_page 421 /421.html;
error_page 422 /422.html;
error_page 423 /423.html;
error_page 424 /424.html;
error_page 425 /425.html;
error_page 426 /426.html;
error_page 428 /428.html;
error_page 429 /429.html;
error_page 431 /431.html;
error_page 451 /451.html;
error_page 500 /500.html;
error_page 501 /501.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /504.html;
error_page 505 /505.html;
error_page 506 /506.html;
error_page 507 /507.html;
error_page 508 /508.html;
error_page 510 /510.html;
error_page 511 /511.html;

23
configuration/nginx/error_pages/templates/1xx.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Status $ERROR_CODE - %{HOSTNAME}</title>
<style>
html{
background-color: #78909C;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Status $ERROR_CODE - $ERROR_NAME</h1>
<p>$ERROR_DESC</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/templates/2xx.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Status $ERROR_CODE - %{HOSTNAME}</title>
<style>
html{
background-color: #1E88E5;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Status $ERROR_CODE - $ERROR_NAME</h1>
<p>$ERROR_DESC</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/templates/3xx.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error $ERROR_CODE - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error $ERROR_CODE - $ERROR_NAME</h1>
<p>$ERROR_DESC</p>
</div>
</body>
</html>

23
configuration/nginx/error_pages/templates/4xx.html Normal file
View File

@@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error $ERROR_CODE - %{HOSTNAME}</title>
<style>
html{
background-color: #e74c3c;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error $ERROR_CODE - $ERROR_NAME</h1>
<p>$ERROR_DESC</p>
</div>
</body>
</html>

24
configuration/nginx/error_pages/templates/5xx.html Normal file
View File

@@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="/_errors/main.css"/>
<title>Error $ERROR_CODE - %{HOSTNAME}</title>
<style>
html{
background-color: #f1c40f;
}
body{
color: #fefefe;
}
</style>
</head>
<body>
<div class="error-middle">
<h1>Error $ERROR_CODE - $ERROR_NAME</h1>
<p>$ERROR_DESC</p>
</div>
</body>
</html>

6
configuration/nginx/modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf Normal file
View File

@@ -0,0 +1,6 @@
# https://github.com/coreruleset/coreruleset/blob/v4.0.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
#
# "...,ctl:ruleRemoveById=942100"
# "...,ctl:ruleRemoveByTag=attack-sqli"
# "...,ctl:ruleRemoveTargetById=942100;ARGS:password"
# "...,ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:password"

7
configuration/nginx/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf Normal file
View File

@@ -0,0 +1,7 @@
# https://github.com/coreruleset/coreruleset/blob/v4.0.0/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example
#
# Examples:
# SecRuleRemoveById 942100
# SecRuleRemoveByTag "attack-sqli"
# SecRuleUpdateTargetById 942100 "!ARGS:password"
# SecRuleUpdateTargetByTag "attack-sqli" "!ARGS:password"

154
configuration/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,154 @@
#user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
worker_rlimit_nofile 65535;
events {
worker_connections 10000;
# multi_accept on;
}
http {
##
# Main
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 180s;
client_body_timeout 180s;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 1024m;
large_client_header_buffers 4 8k;
send_timeout 60s;
keepalive_timeout 30s;
keepalive_requests 1000;
reset_timedout_connection on;
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
charset utf-8;
##
# Proxy
##
proxy_buffers 256 4k;
proxy_buffer_size 32k;
proxy_busy_buffers_size 56k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_read_timeout 300s;
proxy_send_timeout 180s;
set_real_ip_from 172.16.0.0/12;
real_ip_header X-Forwarded-For;
proxy_hide_header X-Powered-By;
##
# Limits
#
limit_conn_zone $server_name zone=perserver:100m;
limit_conn_status 503;
limit_req_zone $binary_remote_addr zone=one:100m rate=500r/s;
limit_req zone=one burst=100;
types_hash_max_size 2048;
##
# Mime
##
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
##
# Logging
##
log_not_found off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Compression
##
gzip on;
gzip_vary on;
gzip_static on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 128 4k;
gzip_http_version 1.1;
gzip_min_length 1024;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
##
# Cloudflare
##
#include /etc/openpanel/nginx/cloudflare.inc;
##
# SSL PCI compliance
##
#ssl_buffer_size 1369;
#ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256";
#ssl_dhparam /etc/ssl/dhparam.pem;
#ssl_early_data on;
#ssl_ecdh_curve auto;
#ssl_prefer_server_ciphers on;
#ssl_protocols TLSv1.2 TLSv1.3;
#ssl_session_cache shared:SSL:20m;
#ssl_session_tickets on;
#ssl_session_timeout 7d;
#resolver 1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8 valid=300s ipv6=off;
#resolver_timeout 5s;
##
# Bypass
##
map $http_cookie $no_cache {
default 0;
~SESS 1;
~wordpress_logged_in 1;
}
##
# Wildcard include
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

14
configuration/nginx/options-ssl-nginx.conf Normal file
View File

@@ -0,0 +1,14 @@
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

39
configuration/nginx/vhosts/default.conf Normal file
View File

@@ -0,0 +1,39 @@
server {
listen 80;
# disabled for server with multiple ips..
#listen 80 default_server;
#listen [::]:80 default_server;
server_name _;
# Added in 0.1.6 for hostname SSL verification
root /usr/share/nginx/html;
location ^~ /.well-known {
allow all;
default_type "text/plain";
}
location / {
return 444;
# https://http.cat/status/444
}
}
# Added in v0.2.1 for OpenAdmin > Services > Nginx
server {
listen localhost;
server_name status.localhost;
keepalive_timeout 0;
access_log off;
error_log /dev/null;
allow 127.0.0.1;
deny all;
location /nginx_status {
stub_status on;
}
}

91
configuration/nginx/vhosts/docker_apache_domain.conf Normal file
View File

@@ -0,0 +1,91 @@
<VirtualHost *:80>
ServerName <DOMAIN_NAME>
ServerAlias www.<DOMAIN_NAME>
DocumentRoot /home/<USER>/<DOMAIN_NAME>
CustomLog /var/log/apache2/domlogs/<DOMAIN_NAME>.log combined
# <!-- BEGIN EXPOSED RESOURCES PROTECTION -->
<Directory /home/<USER>/<DOMAIN_NAME>>
<FilesMatch "\.(git|composer\.(json|lock)|auth\.json|config\.php|wp-config\.php|vendor)">
Require all denied
</FilesMatch>
</Directory>
# <!-- END EXPOSED RESOURCES PROTECTION -->
##### /phmyadmin on #####
ProxyRequests Off
ProxyPreserveHost On
<Proxy>
Require all granted
</Proxy>
ProxyPass /phpmyadmin http://localhost:8080/
ProxyPassReverse /phpmyadmin http://localhost:8080/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Ssl on
##### /phpmyadmin end #####
<Directory /home/<USER>/<DOMAIN_NAME>>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
DirectoryIndex index.php index.html
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/<PHP>-fpm.sock|fcgi://localhost"
</FilesMatch>
# Allow access to .well-known for Certbot
<Directory "/home/<USER>/<DOMAIN_NAME>/.well-known">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Alias /.well-known /home/<USER>/<DOMAIN_NAME>/.well-known
</VirtualHost>
<VirtualHost *:443>
ServerName <DOMAIN_NAME>
ServerAlias www.<DOMAIN_NAME>
DocumentRoot /home/<USER>/<DOMAIN_NAME>
CustomLog /var/log/apache2/domlogs/<DOMAIN_NAME>.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/cert.crt
SSLCertificateKeyFile /etc/apache2/ssl/cert.key
##### /phmyadmin on #####
ProxyRequests Off
ProxyPreserveHost On
<Proxy>
Require all granted
</Proxy>
ProxyPass /phpmyadmin http://localhost:8080/
ProxyPassReverse /phpmyadmin http://localhost:8080/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Ssl on
##### /phpmyadmin end #####
<Directory /home/<USER>/<DOMAIN_NAME>>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
DirectoryIndex index.php index.html
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/<PHP>-fpm.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>

123
configuration/nginx/vhosts/docker_nginx_domain.conf Normal file
View File

@@ -0,0 +1,123 @@
# content
server {
listen 80;
server_name <DOMAIN_NAME> www.<DOMAIN_NAME>;
access_log /var/log/nginx/domlogs/<DOMAIN_NAME>.log;
# <!-- BEGIN EXPOSED RESOURCES PROTECTION -->
location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|wp-config\.php|vendor) {
deny all;
return 403;
}
# <!-- END EXPOSED RESOURCES PROTECTION -->
##### /phmyadmin on #####
location /phpmyadmin {
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
##### /phmyadmin off #####
root /home/<USER>/<DOMAIN_NAME>;
location / {
real_ip_header X-Forwarded-For;
set_real_ip_from 172.17.0.1;
try_files $uri $uri/ /index.php$is_args$args;
index index.php index.html;
autoindex on;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/<PHP>-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
}
server {
listen 443 ssl http2;
server_name <DOMAIN_NAME> www.<DOMAIN_NAME>;
access_log /var/log/nginx/domlogs/<DOMAIN_NAME>.log;
##### /phmyadmin on #####
location /phpmyadmin {
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
##### /phmyadmin off #####
root /home/<USER>/<DOMAIN_NAME>;
# SSL Configuration
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
real_ip_header X-Forwarded-For;
set_real_ip_from 172.17.0.1;
try_files $uri $uri/ /index.php$is_args$args;
index index.php index.html;
autoindex on;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/<PHP>-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Allow access to .well-known for Certbot
location ^~ /.well-known {
default_type "text/plain";
root /home/<USER>/<DOMAIN_NAME>/;
}
}

24
configuration/nginx/vhosts/domain.conf Normal file
View File

@@ -0,0 +1,24 @@
server {
listen <LISTEN_IP>;
server_name <DOMAIN_NAME> www.<DOMAIN_NAME>;
include snippets/error_pages.conf;
access_log /var/log/nginx/domlogs/<DOMAIN_NAME>.log;
include /etc/openpanel/openpanel/core/users/<USERNAME>/domains/<DOMAIN_NAME>-block_ips.conf;
# container
location / {
if ($scheme = "https") {
proxy_pass https://<IP>;
}
if ($scheme = "http") {
proxy_pass http://<IP>;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# openpanel
include /etc/openpanel/nginx/vhosts/openpanel_proxy.conf;
}

26
configuration/nginx/vhosts/domain.conf_with_modsec Normal file
View File

@@ -0,0 +1,26 @@
server {
listen <LISTEN_IP>;
server_name <DOMAIN_NAME> www.<DOMAIN_NAME>;
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
include snippets/error_pages.conf;
access_log /var/log/nginx/domlogs/<DOMAIN_NAME>.log;
include /etc/openpanel/openpanel/core/users/<USERNAME>/domains/<DOMAIN_NAME>-block_ips.conf;
# container
location / {
if ($scheme = "https") {
proxy_pass https://<IP>;
}
if ($scheme = "http") {
proxy_pass http://<IP>;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# openpanel
include /etc/openpanel/nginx/vhosts/openpanel_proxy.conf;
}

35
configuration/nginx/vhosts/openpanel_proxy.conf Normal file
View File

@@ -0,0 +1,35 @@
# openpanel
location /openpanel {
proxy_pass https://127.0.0.1:2083;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# openadmin
location /openadmin {
proxy_pass https://127.0.0.1:2087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# webmail
location /webmail {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Autodiscover for Outlook & Thunderbird
# https://github.com/stefanpejcic/Autodiscover/tree/main
location /AutoDiscover {
proxy_pass http://127.0.0.1:8000/autodiscover/autodiscover.xml;
}
location /mail {
proxy_pass http://127.0.0.1:8000/mail/config-v1.1.xml;
}

2
configuration/openadmin/config/admin.ini Normal file
View File

@@ -0,0 +1,2 @@
[USERS]
impersonate=no

41
configuration/openadmin/config/backups/config.ini Normal file
View File

@@ -0,0 +1,41 @@
################################### NOTICE ####################################
# #
# Manually modifying this file is not recommended! #
# #
# You should use the interface in OpenAdmin > Backups #
# or 'opencli backup-config' command #
# for applying changes to these settings. #
# #
# https://dev.openpanel.com/cli/backup.html#Config #
# #
###############################################################################
[GENERAL]
debug=no
error_report=yes
workplace_dir=/tmp
downloads_dir=/tmp
delete_orphan_backups=90
days_to_keep_logs=90
time_format=12
[PERFORMANCE]
avg_load_limit=20
concurent_jobs=5
backup_restore_ttl=
cpu_limit=200
io_read_limit=
io_write_limit=
[NOTIFICATIONS]
enable_notification=yes
email_notification=no
send_emails_to=
notify_on_every_job=yes
notify_on_failed_backups=yes
notify_on_no_backups=yes
notify_if_no_backups_after=90

9
configuration/openadmin/config/backups/destinations/1.json Normal file
View File

@@ -0,0 +1,9 @@
{
"hostname": "localhost",
"password": "your_password",
"ssh_port": 22,
"ssh_user": "your_username",
"ssh_key_path": "/path/to/ssh/key",
"storage_limit": "90"
}

8
configuration/openadmin/config/backups/destinations/2.json Normal file
View File

@@ -0,0 +1,8 @@
{
"hostname": "example.com",
"password": "your_password",
"ssh_port": 22,
"ssh_user": "your_username",
"ssh_key_path": "/path/to/ssh/key",
"storage_limit": "90"
}

31
configuration/openadmin/config/backups/exclude/exclude.list Normal file
View File

@@ -0,0 +1,31 @@
/.jbm
/.MirrorSearch
*/.wysiwygPro_
*/core.[0-9]*
/tmp/*
/.cagefs
/.cagefs*
/.cpan
/.cpanel/caches
/.cpanel/datastore
/.cpcpan
/.sqmailattach
/.cpanel/*.sock
/access-logs/*
*/error_log*
/public_ftp/*
*/*.log*
backup-*.tar.gz
cpmove-*.tar.gz
site-*.tar.gz
public_html/cache/*
softaculous_backups/*
*/wp-content/cache/*
*.bkup
logs/*
.trash
*.wpress
lscache/*
/lscache
lscache
*.tar.gz

11
configuration/openadmin/config/backups/jobs/1.json Normal file
View File

@@ -0,0 +1,11 @@
{
"name": "Full snapshot for each account",
"destination": "1",
"directory": "/backup",
"type": ["accounts"],
"schedule": "daily",
"retention": "30",
"status": "off",
"filters": ["files", "docker", "user-data"],
"id": "1"
}

11
configuration/openadmin/config/backups/jobs/2.json Normal file
View File

@@ -0,0 +1,11 @@
{
"name": "System configuration only",
"destination": "2",
"directory": "/backup",
"type": ["configuration"],
"schedule": "monthly",
"retention": "4",
"status": "off",
"filters": [],
"id": "2"
}

Some files were not shown because too many files have changed in this diff Show More