diff --git a/bin/container/domainctl.sh b/bin/container/domainctl.sh
index 8a38594..0446cc3 100755
--- a/bin/container/domainctl.sh
+++ b/bin/container/domainctl.sh
@@ -1,11 +1,24 @@
#!/usr/bin/env bash
CK_RESULT=''
-HTTPD_CONF='httpd_config.conf'
+LSDIR='/usr/local/lsws'
+LS_HTTPD_CONF="${LSDIR}/conf/httpd_config.xml"
+OLS_HTTPD_CONF="${LSDIR}/conf/httpd_config.conf"
help_message(){
echo 'Command [-add|-del] [domain_name]'
- echo 'Example 1: domain-ctl.sh -add example.com'
- echo 'Example 2: domain-ctl.sh -del example.com'
+ echo 'Example 1: domainctl.sh -add example.com'
+ echo 'Example 2: domainctl.sh -del example.com'
+}
+
+check_lsv(){
+ if [ -f ${LSDIR}/bin/openlitespeed ]; then
+ LSV='openlitespeed'
+ elif [ -f ${LSDIR}/bin/litespeed ]; then
+ LSV='lsws'
+ else
+ echo 'Version not exist, abort!'
+ exit 1
+ fi
}
dot_escape(){
@@ -23,7 +36,7 @@ fst_match_after(){
FIRST_NUM_AFTER=$(tail -n +${1} ${2} | grep -n -m 1 ${3} | awk -F ':' '{print $1}')
}
lst_match_line(){
- fst_match_after ${1} ${2} '}'
+ fst_match_after ${1} ${2} ${3}
LAST_LINE_NUM=$((${FIRST_LINE_NUM}+${FIRST_NUM_AFTER}-1))
}
@@ -47,34 +60,73 @@ www_domain(){
WWW_DOMAIN=$(echo www.${1})
}
+add_ls_domain(){
+ fst_match_line 'ccl.xml' ${LS_HTTPD_CONF}
+ NEWNUM=$((FIRST_LINE_NUM+1))
+ sed -i "${NEWNUM}i \ \ \ \ \ \ \n \ \ \ \ \ \ \ ${DOMAIN}\n \ \ \ \ \ \ \ ${DOMAIN},${WWW_DOMAIN}\n \ \ \ \ \ \ " ${LS_HTTPD_CONF}
+}
+
+add_ols_domain(){
+ perl -0777 -p -i -e 's/(vhTemplate centralConfigLog \{[^}]+)\}*(^.*listeners.*$)/\1$2
+ member '${DOMAIN}' {
+ vhDomain '${DOMAIN},${WWW_DOMAIN}'
+ }/gmi' ${OLS_HTTPD_CONF}
+}
+
add_domain(){
+ check_lsv
dot_escape ${1}
DOMAIN=${ESCAPE}
www_domain ${1}
- check_duplicate "member.*${DOMAIN}" ${HTTPD_CONF}
- if [ "${CK_RESULT}" != '' ]; then
- echo "# It appears the domain already exist! Check the ${HTTPD_CONF} if you believe this is a mistake!"
- exit 1
- else
- perl -0777 -p -i -e 's/(vhTemplate centralConfigLog \{[^}]+)\}*(^.*listeners.*$)/\1$2
- member '${1}' {
- vhDomain '${1},${WWW_DOMAIN}'
- }/gmi' ${HTTPD_CONF}
+ if [ "${LSV}" = 'lsws' ]; then
+ check_duplicate "vhDomain.*${DOMAIN}" ${LS_HTTPD_CONF}
+ if [ "${CK_RESULT}" != '' ]; then
+ echo "# It appears the domain already exist! Check the ${LS_HTTPD_CONF} if you believe this is a mistake!"
+ exit 1
+ fi
+ elif [ "${LSV}" = 'openlitespeed' ]; then
+ check_duplicate "member.*${DOMAIN}" ${OLS_HTTPD_CONF}
+ if [ "${CK_RESULT}" != '' ]; then
+ echo "# It appears the domain already exist! Check the ${OLS_HTTPD_CONF} if you believe this is a mistake!"
+ exit 1
+ fi
fi
+ add_ls_domain
+ add_ols_domain
+}
+
+del_ls_domain(){
+ fst_match_line "*${1}" ${LS_HTTPD_CONF}
+ FIRST_LINE_NUM=$((FIRST_LINE_NUM-1))
+ lst_match_line ${FIRST_LINE_NUM} ${LS_HTTPD_CONF} ''
+ sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${LS_HTTPD_CONF}
+}
+
+del_ols_domain(){
+ fst_match_line ${1} ${OLS_HTTPD_CONF}
+ lst_match_line ${FIRST_LINE_NUM} ${OLS_HTTPD_CONF} '}'
+ sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${OLS_HTTPD_CONF}
}
del_domain(){
+ check_lsv
dot_escape ${1}
DOMAIN=${ESCAPE}
- check_duplicate "member.*${DOMAIN}" ${HTTPD_CONF}
- if [ "${CK_RESULT}" = '' ]; then
- echo "# We couldn't find the domain you wanted to remove! Check the ${HTTPD_CONF} if you believe this is a mistake!"
- exit 1
- else
- fst_match_line ${1} ${HTTPD_CONF}
- lst_match_line ${FIRST_LINE_NUM} ${HTTPD_CONF}
- sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${HTTPD_CONF}
+ if [ "${LSV}" = 'lsws' ]; then
+ check_duplicate "vhDomain.*${DOMAIN}" ${LS_HTTPD_CONF}
+ if [ "${CK_RESULT}" = '' ]; then
+ echo "# Domain non-exist! Check the ${LS_HTTPD_CONF} if you believe this is a mistake!"
+ exit 1
+ fi
+ elif [ "${LSV}" = 'openlitespeed' ]; then
+ check_duplicate "member.*${DOMAIN}" ${OLS_HTTPD_CONF}
+ if [ "${CK_RESULT}" = '' ]; then
+ echo "# Domain non-exist! Check the ${OLS_HTTPD_CONF} if you believe this is a mistake!"
+ exit 1
+ fi
fi
+ del_ls_domain ${1}
+ del_ols_domain ${1}
}
check_input ${1}
diff --git a/bin/container/owaspctl.sh b/bin/container/owaspctl.sh
index 53c959e..fa825be 100755
--- a/bin/container/owaspctl.sh
+++ b/bin/container/owaspctl.sh
@@ -2,7 +2,8 @@
LSDIR='/usr/local/lsws'
OWASP_DIR="${LSDIR}/conf/owasp"
RULE_FILE='modsec_includes.conf'
-HTTPD_CONF="${LSDIR}/conf/httpd_config.conf"
+LS_HTTPD_CONF="${LSDIR}/conf/httpd_config.xml"
+OLS_HTTPD_CONF="${LSDIR}/conf/httpd_config.conf"
help_message(){
echo 'Command [-enable|-disable]'
@@ -11,6 +12,17 @@ help_message(){
exit 0
}
+check_lsv(){
+ if [ -f ${LSDIR}/bin/openlitespeed ]; then
+ LSV='openlitespeed'
+ elif [ -f ${LSDIR}/bin/litespeed ]; then
+ LSV='lsws'
+ else
+ echo 'Version not exist, abort!'
+ exit 1
+ fi
+}
+
check_input(){
if [ -z "${1}" ]; then
help_message
@@ -36,12 +48,12 @@ fst_match_after(){
FIRST_NUM_AFTER=$(tail -n +${1} ${2} | grep -n -m 1 ${3} | awk -F ':' '{print $1}')
}
lst_match_line(){
- fst_match_after ${1} ${2} '}'
+ fst_match_after ${1} ${2} ${3}
LAST_LINE_NUM=$((${FIRST_LINE_NUM}+${FIRST_NUM_AFTER}-1))
}
-enable_modsec(){
- grep 'module mod_security {' ${HTTPD_CONF} >/dev/null 2>&1
+enable_ols_modsec(){
+ grep 'module mod_security {' ${OLS_HTTPD_CONF} >/dev/null 2>&1
if [ ${?} -eq 0 ] ; then
echo "Already configured for modsecurity."
else
@@ -49,22 +61,70 @@ enable_modsec(){
sed -i "s=module cache=module mod_security {\nmodsecurity on\
\nmodsecurity_rules \`\nSecRuleEngine On\n\`\nmodsecurity_rules_file \
${OWASP_DIR}/${RULE_FILE}\n ls_enabled 1\n}\
- \n\nmodule cache=" ${HTTPD_CONF}
+ \n\nmodule cache=" ${OLS_HTTPD_CONF}
fi
}
-disable_modesec(){
- grep 'module mod_security {' ${HTTPD_CONF} >/dev/null 2>&1
+enable_ls_modsec(){
+ grep '1' ${LS_HTTPD_CONF} >/dev/null 2>&1
+ if [ ${?} -eq 0 ] ; then
+ echo "LSWS already configured for modsecurity"
+ else
+ echo 'Enable modsecurity'
+ sed -i \
+ "s=0=1=" ${LS_HTTPD_CONF}
+ sed -i \
+ "s==\n\
+ \n\
+ ModSec\n\
+ 1\n\
+ include ${OWASP_DIR}/modsec_includes.conf\n\
+ =" ${LS_HTTPD_CONF}
+ fi
+}
+
+enable_modsec(){
+ if [ "${LSV}" = 'lsws' ]; then
+ enable_ls_modsec
+ elif [ "${LSV}" = 'openlitespeed' ]; then
+ enable_ols_modsec
+ fi
+}
+
+disable_ols_modesec(){
+ grep 'module mod_security {' ${OLS_HTTPD_CONF} >/dev/null 2>&1
if [ ${?} -eq 0 ] ; then
echo 'Disable modsecurity'
- fst_match_line 'module mod_security' ${HTTPD_CONF}
- lst_match_line ${FIRST_LINE_NUM} ${HTTPD_CONF}
- sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${HTTPD_CONF}
+ fst_match_line 'module mod_security' ${OLS_HTTPD_CONF}
+ lst_match_line ${FIRST_LINE_NUM} ${OLS_HTTPD_CONF} '}'
+ sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${OLS_HTTPD_CONF}
else
echo 'Already disabled for modsecurity'
fi
}
+disable_ls_modesec(){
+ grep '0' ${LS_HTTPD_CONF}
+ if [ ${?} -eq 0 ] ; then
+ echo 'Already disabled for modsecurity'
+ else
+ echo 'Disable modsecurity'
+ sed -i \
+ "s=1=0=" ${LS_HTTPD_CONF}
+ fst_match_line 'censorshipRuleSet' ${LS_HTTPD_CONF}
+ lst_match_line ${FIRST_LINE_NUM} ${LS_HTTPD_CONF} '/censorshipRuleSet'
+ sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${LS_HTTPD_CONF}
+ fi
+}
+
+disable_modsec(){
+ if [ "${LSV}" = 'lsws' ]; then
+ disable_ls_modesec
+ elif [ "${LSV}" = 'openlitespeed' ]; then
+ disable_ols_modesec
+ fi
+}
+
install_git(){
if [ ! -f /usr/bin/git ]; then
echo 'Install git'
@@ -145,10 +205,12 @@ while [ ! -z "${1}" ]; do
;;
-enable | -e | -E)
main_owasp
+ check_lsv
enable_modsec
;;
-disable | -d | -D)
- disable_modesec
+ check_lsv
+ disable_modsec
;;
*)
help_message
diff --git a/bin/webadmin.sh b/bin/webadmin.sh
index 3ff0081..9b097d9 100755
--- a/bin/webadmin.sh
+++ b/bin/webadmin.sh
@@ -39,12 +39,14 @@ mod_secure(){
}
ls_upgrade(){
+ echo 'Upgrade web server to latest stable version.'
docker-compose exec ${CONT_NAME} su -c '/usr/local/lsws/admin/misc/lsup.sh 2>/dev/null'
}
set_web_admin(){
+ echo 'Update web admin password.'
docker-compose exec ${CONT_NAME} su -s /bin/bash lsadm -c \
- 'echo "admin:$(/usr/local/lsws/admin/fcgi-bin/admin_php -q /usr/local/lsws/admin/misc/htpasswd.php '${1}')" > /usr/local/lsws/admin/conf/htpasswd';
+ 'echo "admin:$(/usr/local/lsws/admin/fcgi-bin/admin_php* -q /usr/local/lsws/admin/misc/htpasswd.php '${1}')" > /usr/local/lsws/admin/conf/htpasswd';
}
main(){
diff --git a/lsws/httpd_config.xml b/lsws/httpd_config.xml
new file mode 100644
index 0000000..4e97392
--- /dev/null
+++ b/lsws/httpd_config.xml
@@ -0,0 +1,228 @@
+
+
+ $HOSTNAME
+ 2
+ nobody
+ nogroup
+ 0
+ /
+ 0
+ 120M
+ /tmp/lshttpd/swap
+ 1
+ 0
+ $SERVER_ROOT/conf/mime.properties
+ 0
+ 86400
+ 1
+ root@localhost
+
+
+ $SERVER_ROOT/logs/error.log
+ DEBUG
+ 0
+ 10M
+ 1
+ 1
+
+
+ $SERVER_ROOT/logs/access.log
+ 10M
+ 30
+ 0
+
+
+ index.html, index.php
+
+ 0
+ .htaccess
+
+
+ 1
+ image/*=A604800, text/css=A604800, application/x-javascript=A604800, application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800
+
+
+ 10000
+ 10000
+ 300
+ 10000
+ 5
+ 0
+ 0
+ 8192
+ 16380
+ 500M
+ 8K
+ 500M
+ 4096
+ 20M
+ 256K
+ 40M
+ 1
+ 1
+ 4
+ 1
+ text/*,application/x-javascript,application/javascript,application/xml,image/svg+xml,application/rss+xml
+ 1
+ 1
+
+
+
+ 1
+ 0
+ 000
+ 000
+
+
+ 0
+ 0
+ 0
+ 0
+ 10000
+ 10000
+ 15
+ 300
+
+
+ 200
+ 11
+ 10
+ 0
+ 300
+ 600
+ 1450M
+ 1500M
+ 1400
+ 1450
+
+
+ 0
+ 0
+ deny,log,status:403
+ 1
+
+
+ /
+ /etc/*
+ /dev/*
+ $SERVER_ROOT/conf/*
+ $SERVER_ROOT/admin/conf/*
+
+
+ ALL
+
+
+
+
+ lsapi
+ lsphp7
+ uds://tmp/lshttpd/lsphp7.sock
+ 35
+ PHP_LSAPI_CHILDREN=35
+ 60
+ 0
+ 1
+ 0
+ 3
+ $SERVER_ROOT/lsphp73/bin/lsphp
+ 100
+ 1
+ 0
+ 2047M
+ 2047M
+ 1000
+ 1000
+
+
+
+
+ php
+ lsapi
+ lsphp7
+
+
+ php5
+ lsapi
+ lsphp7
+
+
+
+ 35
+ PHP_LSAPI_CHILDREN=35
+ 60
+ 0
+ 1
+ 0
+ 60
+ 2047M
+ 2047M
+ 400
+ 500
+
+
+ 5
+ LSAPI_MAX_IDLE=60
+ 180
+ 0
+ 60
+ 0
+ 50
+ 1
+ 3
+ 2047M
+ 2047M
+ 400
+ 500
+
+
+
+ Example
+ $SERVER_ROOT/DEFAULT/
+ $VH_ROOT/conf/vhconf.xml
+ 1
+ 1
+ 1
+ 0
+ 0
+
+
+
+
+ HTTPS
+ *:443
+ 1
+
+
+ $SERVER_ROOT/admin/conf/webadmin.key
+ $SERVER_ROOT/admin/conf/webadmin.crt
+
+
+ HTTP
+ *:80
+ 0
+
+
+
+
+
+
+ centralConfigLog
+ $SERVER_ROOT/conf/templates/ccl.xml
+ HTTP, HTTPS
+
+ localhost
+ localhost, *
+
+
+
+ PHP_SuEXEC
+ $SERVER_ROOT/conf/templates/phpsuexec.xml
+ HTTP
+
+
+ EasyRailsWithSuEXEC
+ $SERVER_ROOT/conf/templates/rails.xml
+ HTTP
+
+
+
\ No newline at end of file