5 tahun lalu · 78ee6f88be
--- a/app/Http/Controllers/AliasesController.php
+++ b/app/Http/Controllers/AliasesController.php
@@ -2,6 +2,7 @@
 
				 
			
 
				 namespace App\Http\Controllers;
			
 
				 
			
 
				+use Illuminate\Routing\UrlGenerator;
			
 
				 use Illuminate\Http\Request;
			
 
				 use App\Application;
			
 
				 use App\Alias;
			
@@ -9,6 +10,12 @@ use phpseclib\Net\SSH2 as SSH;
 
				 
			
 
				 class AliasesController extends Controller {
			
 
				 
			
 
				+    protected $url;
			
 
				+
			
 
				+    public function __construct(UrlGenerator $url) {
			
 
				+        $this->url = $url;
			
 
				+    }
			
 
				+
			
 
				     public function index() {
			
 
				         $aliases = Alias::orderBy('domain')->orderBy('application_id')->with('application')->get();
			
 
				         return view('aliases', compact('aliases'));
			
@@ -43,7 +50,7 @@ class AliasesController extends Controller {
 
				             return redirect('/aliases');
			
 
				         }
			
 
				         $ssh->setTimeout(360);
			
 
				-        $response = $ssh->exec('echo '.$application->server->password.' | sudo -S sudo sh /cipi/alias-add.sh -d '.$request->domain.' -a '.$application->appcode);
			
 
				+        $response = $ssh->exec('echo '.$application->server->password.' | sudo -S sudo sh /cipi/alias-add.sh -d '.$request->domain.' -a '.$application->appcode.' -r '.$this->url);
			
 
				         if(strpos($response, '###CIPI###') === false) {
			
 
				             $request->session()->flash('alert-error', 'There was a problem with server scripts.');
			
 
				             return redirect('/aliases');
			
--- a/app/Http/Controllers/ApplicationsController.php
+++ b/app/Http/Controllers/ApplicationsController.php
@@ -2,6 +2,7 @@
 
				 
			
 
				 namespace App\Http\Controllers;
			
 
				 
			
 
				+use Illuminate\Routing\UrlGenerator;
			
 
				 use Illuminate\Support\Str;
			
 
				 use Illuminate\Http\Request;
			
 
				 use App\Application;
			
@@ -12,6 +13,12 @@ use PDF;
 
				 
			
 
				 class ApplicationsController extends Controller {
			
 
				 
			
 
				+    protected $url;
			
 
				+
			
 
				+    public function __construct(UrlGenerator $url) {
			
 
				+        $this->url = $url;
			
 
				+    }
			
 
				+
			
 
				     public function index() {
			
 
				         $applications = Application::with('server')->with('aliases')->get();
			
 
				         return view('applications', compact('applications'));
			
@@ -65,9 +72,9 @@ class ApplicationsController extends Controller {
 
				         }
			
 
				         $ssh->setTimeout(360);
			
 
				         if($base) {
			
 
				-            $response = $ssh->exec('echo '.$server->password.' | sudo -S sudo sh /cipi/host-add.sh -u '.$user.' -p '.$pass.' -dbp '.$dbpass.' -b '.$base.' -php '.$request->php.' -a '.$appcode);
			
 
				+            $response = $ssh->exec('echo '.$server->password.' | sudo -S sudo sh /cipi/host-add.sh -u '.$user.' -p '.$pass.' -dbp '.$dbpass.' -b '.$base.' -php '.$request->php.' -a '.$appcode.' -r '.$this->url);
			
 
				         } else {
			
 
				-            $response = $ssh->exec('echo '.$server->password.' | sudo -S sudo sh /cipi/host-add.sh -u '.$user.' -p '.$pass.' -dbp '.$dbpass.' -php '.$request->php.' -a '.$appcode);
			
 
				+            $response = $ssh->exec('echo '.$server->password.' | sudo -S sudo sh /cipi/host-add.sh -u '.$user.' -p '.$pass.' -dbp '.$dbpass.' -php '.$request->php.' -a '.$appcode.' -r '.$this->url);
			
 
				         }
			
 
				         if(strpos($response, '###CIPI###') === false) {
			
 
				             $request->session()->flash('alert-error', 'There was a problem with server scripts.');
			
--- a/setup/18.sh
+++ b/setup/18.sh
@@ -231,6 +231,14 @@ server {
 
				 
			
 
				     root /var/www/html/public;
			
 
				 
			
 
				+    limit_req_zone $binary_remote_addr zone=perip:10m rate=1r/s;
			
 
				+    limit_req_zone $server_name zone=perserver:10m rate=10r/s;
			
 
				+    limit_req zone=perip burst=5 nodelay;
			
 
				+    limit_req zone=perserver burst=10;
			
 
				+    client_body_timeout 10s;
			
 
				+    client_header_timeout 10s;
			
 
				+    client_max_body_size 256M;
			
 
				+
			
 
				     add_header X-Frame-Options "SAMEORIGIN";
			
 
				     add_header X-XSS-Protection "1; mode=block";
			
 
				     add_header X-Content-Type-Options "nosniff";
			
--- a/setup/20.sh
+++ b/setup/20.sh
@@ -230,6 +230,14 @@ server {
 
				 
			
 
				     root /var/www/html/public;
			
 
				 
			
 
				+    limit_req_zone $binary_remote_addr zone=perip:10m rate=1r/s;
			
 
				+    limit_req_zone $server_name zone=perserver:10m rate=10r/s;
			
 
				+    limit_req zone=perip burst=5 nodelay;
			
 
				+    limit_req zone=perserver burst=10;
			
 
				+    client_body_timeout 10s;
			
 
				+    client_header_timeout 10s;
			
 
				+    client_max_body_size 256M;
			
 
				+
			
 
				     add_header X-Frame-Options "SAMEORIGIN";
			
 
				     add_header X-XSS-Protection "1; mode=block";
			
 
				     add_header X-Content-Type-Options "nosniff";
			
--- a/storage/app/scripts/aliasadd.sh
+++ b/storage/app/scripts/aliasadd.sh
@@ -1,7 +1,5 @@
 
				 #!/usr/bin/env bash
			
 
				 
			
 
				-REMOTE=???
			
 
				-
			
 
				 while [ -n "$1" ] ; do
			
 
				     case $1 in
			
 
				     -d | --domain )
			
@@ -12,6 +10,10 @@ while [ -n "$1" ] ; do
 
				             shift
			
 
				             APPCODE=$1
			
 
				             ;;
			
 
				+    -r |  --remote )
			
 
				+            shift
			
 
				+            REMOTE=$1
			
 
				+            ;;
			
 
				     * )
			
 
				             echo "ERROR: Unknown option: $1"
			
 
				             exit -1
			
--- a/storage/app/scripts/haget.conf
+++ b/storage/app/scripts/haget.conf
@@ -9,6 +9,10 @@ server {
 
				 
			
 
				     root ???BASE???;
			
 
				 
			
 
				+    client_body_timeout 10s;
			
 
				+    client_header_timeout 10s;
			
 
				+    client_max_body_size 256M;
			
 
				+
			
 
				     access_log /home/???USER???/log/access.log;
			
 
				     error_log /home/???USER???/log/error.log;
			
 
				 
			
--- a/storage/app/scripts/hostadd.sh
+++ b/storage/app/scripts/hostadd.sh
@@ -1,6 +1,5 @@
 
				 #!/usr/bin/env bash
			
 
				 
			
 
				-REMOTE=???
			
 
				 DBROOT=???
			
 
				 
			
 
				 BASE_PATH=
			
@@ -34,6 +33,10 @@ while [ -n "$1" ] ; do
 
				         shift
			
 
				         PHP=$1
			
 
				         ;;
			
 
				+    -r |  --remote )
			
 
				+        shift
			
 
				+        REMOTE=$1
			
 
				+        ;;
			
 
				     * )
			
 
				         echo "ERROR: Unknown option: $1"
			
 
				         exit -1
			
@@ -59,8 +62,8 @@ sudo cat > "$DBBKS" <<EOF
 
				 #!/bin/bash
			
 
				 
			
 
				 ######### BACKUP CONFIGURATION #########
			
 
				-DBUSER=ubb04699a5
			
 
				-DBPASS=630db817327b70c677254fcdccb616186e9d19c5
			
 
				+DBUSER=
			
 
				+DBPASS=
			
 
				 DAYS=7
			
 
				 
			
 
				 ######### DO NOT CHANGE ANYTHING IN THIS AREA #########
			
--- a/storage/app/scripts/install.sh
+++ b/storage/app/scripts/install.sh
@@ -217,17 +217,21 @@ sudo unlink JAIL
 
				 sudo touch $JAIL
			
 
				 sudo cat > "$JAIL" <<EOF
			
 
				 [DEFAULT]
			
 
				-# Ban hosts for one hour:
			
 
				 bantime = 3600
			
 
				-
			
 
				-# Override /etc/fail2ban/jail.d/00-firewalld.conf:
			
 
				 banaction = iptables-multiport
			
 
				 
			
 
				 [sshd]
			
 
				 enabled = true
			
 
				-
			
 
				-# Auth log file
			
 
				 logpath  = /var/log/auth.log
			
 
				+
			
 
				+[nginx-req-limit]
			
 
				+enabled = true
			
 
				+filter = nginx-req-limit
			
 
				+action = iptables-multiport[name=ReqLimit, port=”http,https”, protocol=tcp]
			
 
				+logpath = /var/log/nginx/*error.log
			
 
				+findtime = 200
			
 
				+bantime = 2600
			
 
				+maxretry = 20
			
 
				 EOF
			
 
				 
			
 
				 sudo systemctl restart fail2ban
			
@@ -249,6 +253,7 @@ sleep 3s
 
				 
			
 
				 sudo apt-get -y install nginx
			
 
				 sudo systemctl start nginx.service
			
 
				+sudo rpl -i -w "http {" "http { limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;" /etc/nginx/nginx.conf
			
 
				 sudo systemctl enable nginx.service
			
 
				 
			
 
				 echo "nginx: OK!"
			
@@ -338,6 +343,14 @@ server {
 
				     add_header X-XSS-Protection "1; mode=block";
			
 
				     add_header X-Content-Type-Options "nosniff";
			
 
				 
			
 
				+    limit_req_zone $binary_remote_addr zone=perip:10m rate=1r/s;
			
 
				+    limit_req_zone $server_name zone=perserver:10m rate=10r/s;
			
 
				+    limit_req zone=perip burst=5 nodelay;
			
 
				+    limit_req zone=perserver burst=10;
			
 
				+    client_body_timeout 10s;
			
 
				+    client_header_timeout 10s;
			
 
				+    client_max_body_size 256M;
			
 
				+
			
 
				     index index.html index.php;
			
 
				 
			
 
				     charset utf-8;
			
--- a/storage/app/scripts/phpfpm.conf
+++ b/storage/app/scripts/phpfpm.conf
@@ -4,12 +4,7 @@ group = ???USER???
 
				 listen = /run/php/php???PHP???-fpm-???USER???.sock
			
 
				 listen.owner = www-data
			
 
				 listen.group = www-data
			
 
				-php_admin_value[disable_functions] = exec,passthru,shell_exec,system
			
 
				-php_admin_flag[allow_url_fopen] = off
			
 
				-pm = dynamic
			
 
				-pm.max_children = 40
			
 
				-pm.start_servers = 15
			
 
				-pm.min_spare_servers = 15
			
 
				-pm.max_spare_servers = 25
			
 
				+pm = ondemand
			
 
				+pm.max_children = 50
			
 
				 pm.max_requests = 500
			
 
				 pm.process_idle_timeout = 10s