Submit
Path:
~
/
/
scripts
/
File Content:
ea-nginx
#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - ea-nginx Copyright 2020 cPanel, L.L.C. # All rights Reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited use strict; use warnings; package scripts::ea_nginx; use Cpanel::Apache::TLS (); use Cpanel::Config::LoadCpConf (); use Cpanel::Config::LoadUserDomains (); use Cpanel::Config::LoadWwwAcctConf (); use Cpanel::Config::userdata (); use Cpanel::Config::userdata::PassengerApps (); use Cpanel::DIp::IsDedicated (); use Cpanel::DomainIp (); use Cpanel::DomainLookup::DocRoot (); use Cpanel::EA4::Conf (); use Cpanel::EA4::Conf::Tiny (); use Cpanel::FileGuard (); use Cpanel::FileUtils::Move (); use Cpanel::FileUtils::TouchFile (); use Cpanel::HTTP::Client (); use Cpanel::HttpUtils::ApRestart::BgSafe (); use Cpanel::HttpUtils::Vhosts::PrimaryReader (); use Cpanel::Hostname (); use Cpanel::JSON (); use Cpanel::Kernel (); use Cpanel::NAT (); use Cpanel::OpenSSL (); use Cpanel::PHP::Config (); use Cpanel::PHPFPM::Get (); use Cpanel::PwCache (); use Cpanel::Rand::Get (); use Cpanel::SafeRun::Object (); use Cpanel::Server::Type (); use Cpanel::Transaction::File::JSON (); use Cpanel::Validate::URL (); use Cpanel::Validate::Username (); use Cpanel::WildcardDomain (); use File::Glob (); use File::Path::Tiny (); use IO::Callback (); use String::UnicodeUTF8 (); use Template (); use Whostmgr::TweakSettings (); use Path::Tiny; use MCE::Loop; our $var_cache_ea_nginx = '/var/cache/ea-nginx'; our $var_cpanel_userdata = '/var/cpanel/userdata'; our $etc_nginx = '/etc/nginx'; our $etc_ea_nginx = "$etc_nginx/ea-nginx"; our $settings_file = "$etc_ea_nginx/settings.json"; our $cache_file = "$etc_ea_nginx/cache.json"; our $proxy_header_file = "$etc_ea_nginx/cpanel_localhost_header.json"; our $serial_touch_file = "$etc_ea_nginx/serial_config_mode"; our $skip_clearing_cache_touch_file = "$etc_ea_nginx/do_not_clear_cache_on_reload_i_understand_the_risks"; #This is highly discouraged, we do not want to document this functionality. See ZC-11741 our $wp_toolkit_bin = '/usr/local/bin/wp-toolkit'; our $wordpress_cache_dir = '/etc/nginx/wordpress_info_cache'; our $disable_wordpress_info_cache_file = '/var/cpanel/nginx_disable_wordpress_info_cache'; our $cpanel_proxy_file = '/etc/nginx/conf.d/includes-optional/cpanel-proxy-xt.conf'; our $custom_settings_dir = '/var/nginx/ea-nginx'; our $piped_module_conf = '/etc/nginx/conf.d/modules/ngx_http_pipelog_module.conf'; our $user_id_file = '/etc/cpanel/ea4/option-flags/set-USER_ID'; our $default_server_names_hash_bucket_size = 128; # Used to validate certificates my $openssl_obj; my $nginxroot = "/etc/nginx"; my $cmds = { config => { code => \&config, clue => "config [--all|--global|<user>] [--no-reload] [--serial]", abstract => 'Build nginx configuration for users', help => "Build nginx configuration for one or all users.\n\t--global will only rebuild global configurations and executes anything in /etc/nginx/ea-nginx/config-scripts/global/\n\t--all implies --global and re-does configuration for all users\n\t--serial used with --all will build the config synchronously. Otherwise, the script default is to build the config in parallel", }, reload => { code => \&reload, clue => "reload", abstract => 'reload nginx configuration', help => "reload nginx configuration - a convenience for `restartsrv_nginx reload` (useful after multiple changes w/ --no-reload)", }, remove => { code => \&remove, clue => "remove <user> [--no-reload]", abstract => "remove a given user’s nginx configuration", help => "Remove the given user’s nginx configuration. Only does the generated conf.d/user/<user>.conf, does not touch the user customization directory conf.d/users/<user>/", }, clear_cache => { code => \&clear_cache_cmd, clue => "clear_cache [--all|<user1> <user2> ...]", abstract => 'Clear the cache for a user, some users, or all users.', help => 'Clears a cache or caches. Pass the users you want to clear or none for all users.', }, cache => { code => \&cache_config, clue => "cache [--system|<user>] [--no-rebuild] [[--reset|--enabled=[1|0]]]", abstract => "Manage cache configuration at the system or user level", help => "View, configure, reset NGINX caching at the system or user level\n\n\t--no-rebuild will make it skip the config regeneration and NGINX reload necessary to make the changes take effect\n\n\t--reset w/ --system will reset the system level config to the defaults\n\t--reset w/ a user will remove the user’s config effectively resetting it to the system level config\n", }, }; my $hint_blurb = "Usage: `$0 {command} …`.\n\tThis tool supports the following commands:"; my $opts = { 'help:pre_hint' => $hint_blurb, 'help:pre_help' => "Various ea-nginx related admin utilities\n\n$hint_blurb", default_commands => "help", alias => { conf => "config" }, 'help:post_help' => "More information on `ea-nginx` (what works and what does not, how to customize configuration, etc)\n can be found at https://go.cpanel.net/ea-nginx.", }; run(@ARGV) if !caller; =encoding utf-8 =head1 NAME scripts::ea_nginx =head1 SYNOPSIS ea-nginx [ cache|clear_cache|config|reload|remove|help ] NOTE: Execute the script with --help for more details or go to https://go.cpanel.net/ea-nginx Can also execute 'ea-nginx [help|hint] subcommand' for targeted details about a subcommand =head1 DESCRIPTION This script provides various ea-nginx related admin utilities =over =item cache subcommand View, configure, reset NGINX caching at the system or user level =item clear_cache subcommand Clears a cache or caches. Pass the users you want to clear or none for all users =item config subcommand Build nginx configuration for one or all users =item reload subcommand Reload nginx configuration =item remove subcommand Remove the given user’s nginx configuration =back =cut sub run { my (@argv) = @_; die "This script should only be called as root\n" if $> != 0; local $ENV{TERM} = $ENV{TERM} || "xterm-256color"; # non-CLI modulino avoid needless: Cannot find termcap: TERM not set at …/Term/ReadLine.pm line 373. require App::CmdDispatch; import App::CmdDispatch; # need to have App::CmdDispatch do this automatically see CPANEL-22328 if ( @argv && grep { defined && m/\A\-\-help\z/ } @argv ) { App::CmdDispatch->new( $cmds, $opts )->help(); exit(0); } my $orig_command_hint = \&App::CmdDispatch::command_hint; no warnings "redefine"; local *App::CmdDispatch::command_hint = sub { $orig_command_hint->(@_); exit(1); }; no warnings 'once'; require App::CmdDispatch::IO; local *App::CmdDispatch::IO::print = sub { shift; if ( ref($@) && $@ =~ m/^App::CmdDispatch::Exception/ ) { CORE::print STDERR @_; return; } CORE::print(@_); return; }; use warnings 'once'; # ^^^ /need to have App::CmdDispatch do this automatically see CPANEL-22328 # Enforce acquiring a lock before continuing so that two competing processes # do not stomp on each other my $lock_dir = '/var/cpanel/locks'; mkdir( $lock_dir, 0700 ) unless -e $lock_dir; my $nginx_config_lock = Cpanel::FileGuard->new("$lock_dir/ea-nginx-config-in-progress"); # allows customers to set custom configs before ea-nginx is installed _update_for_custom_configs(); return App::CmdDispatch->new( $cmds, $opts )->run(@argv); } ################ #### commands ## ################ =head2 remove() Remove the given user’s nginx configuration =over =item user - required A valid cPanel username =item --no-reload - optional Whether to reload nginx and clear the cache after removing the user =back =cut sub remove { my ( $app, $user, @args ) = @_; _validate_user_arg( $app, $user ); my $file = "$nginxroot/conf.d/users/$user.conf"; my $dir = "$nginxroot/conf.d/users/$user/"; if ( -f $file ) { print "Removing $file …\n"; unlink $file; if ( -f $file ) { die "Unable to remove $file\n"; } unless ( grep { $_ eq '--no-reload' } @args ) { _reload(); clear_cache($user); } } else { print "$file is already removed or never existed.\n"; } if ( -d $dir ) { warn "Customization path $dir exists, you will need to manually move/remove/reconfigure that.\n"; } else { print "Customization path $dir does not exist. You are all set!\n"; } return; } =head2 config() Build nginx configuration for one or all users. =over =item --all --all implies --global and re-does configuration for all users =item --global --global will only rebuild global configurations and executes anything in /etc/nginx/ea-nginx/config-scripts/global/ =item user A valid cPanel username =back =over =item --no-reload - optional Whether to reload nginx and clear the cache after making config changes =item --serial - optional --serial used with --all will build the config synchronously. Otherwise, the script default is to build the config in parallel =back =cut sub config { my ( $app, $user, @args ) = @_; my $reload = grep( { $_ eq '--no-reload' } @args ) ? 0 : 1; my $use_serial_mode = grep( { $_ eq '--serial' } @args ) ? 1 : 0; $use_serial_mode = 1 if -e $serial_touch_file; if ( $user eq '--all' || $user eq '--global' ) { _write_global_cpanel_localhost(); _write_global_logging(); _write_global_passenger(); _write_global_ea_nginx(); _write_global_nginx_conf(); _write_global_default(); _write_global_cpanel_proxy_non_ssl(); _do_other_global_config(); my $errors = {}; if ( $user eq '--all' ) { _populate_wordpress_cache( { all => 1 } ); my $global_config_data = _get_global_config_data(); mkdir "/etc/nginx/conf.d/users/"; unlink( File::Glob::bsd_glob("/etc/nginx/conf.d/users/*.conf") ); $errors = $use_serial_mode ? _update_user_configs_in_serial_mode($global_config_data) : _update_user_configs_in_parallel_mode($global_config_data); } if ($reload) { _reload(); clear_cache() if !-e $skip_clearing_cache_touch_file; } if ( keys %$errors ) { my $err = ""; for my $usr ( sort keys %$errors ) { $err .= "\tUser “$usr”: $errors->{$usr}\n\n"; } die "The following user related errors need attention:\n$err"; } } else { _validate_user_arg( $app, $user ); mkdir "/etc/nginx/conf.d/users/"; # Settings in this file can be affected when a new user is added _write_global_ea_nginx(); _populate_wordpress_cache( { user => $user } ); my $global_config_data = _get_global_config_data(); _write_user_conf( $user, $global_config_data ); if ($reload) { _reload("/etc/nginx/conf.d/users/$user.conf"); clear_cache($user) if !-e $skip_clearing_cache_touch_file; } } return 1; } =head2 cache_config() View, configure, or reset NGINX caching at the system or user level =over =item --system View, configure, or reset the global defaults =item user View, configure, or reset the NGINX caching config for the given user =back =over =item --no-rebuild - optional Will make it skip the config regeneration and NGINX reload necessary to make the changes take effect =item --reset - optional =over 2 =item with --system Will reset the system level config to the defaults =item with a user Will remove the user’s config effectively resetting it to the system level config =back =item --enabled=[1|0] - optional =over 2 =item with --system Will enable/disable caching for users using the global default =item with user Will enable/disable caching for the user =back =back =cut sub cache_config { my ( $app, $which, @flags ) = @_; die "First argument to `cache` must be `--system` or a cPanel user name\n" if !length $which; my $file = $cache_file; my $config_arg = "--all"; if ( $which ne "--system" ) { _validate_user_arg( $app, $which ); $file = $var_cpanel_userdata . "/$which/nginx-cache.json"; $config_arg = $which; } if ( !@flags ) { print eval { path($file)->slurp } || "{}\n"; } else { require Getopt::Param::Tiny; my $prm = Getopt::Param::Tiny->new( { array_ref => \@flags, known_only => [qw(reset enabled no-rebuild)], help_coderef => sub { $app->help(); exit(1) }, validate => sub { my ($prm) = @_; my @given = grep { $_ ne "reset" && $_ ne "no-rebuild" } @{ $prm->param() }; die "--reset does not make sense w/ other flags (besides --no-rebuild)\n" if $prm->param('reset') && @given; return 1; }, } ); if ( $prm->param('reset') ) { if ( $which eq "--system" ) { my %caching_defaults = caching_defaults(); _jsonify_caching_booleans( \%caching_defaults ); _write_json( $file, \%caching_defaults ); } else { unlink $file; } } else { my $conf_hr = eval { Cpanel::JSON::LoadFile($file) } || {}; # always set it since its the only option until ZC-8549 $conf_hr->{enabled} = _bool_param( enabled => scalar( $prm->param('enabled') ) ); # ZC-8549 example: # my %given_params; # @given_params{ $prm->param() } = (); # for my $bool (qw(enabled x_cache_header logging)) { # next if !exists $given_params{$bool}; # only set it if given # $conf_hr->{$bool} = _bool_param( $bool => scalar($prm->param($bool)) ); # } # # if (exists $given_params{zone_size}) { # my $zone_size = $prm->param('zone_size'); # die "Invalid --zone_size, it must …\n" if … $zone_size; # $conf_hr->{zone_size} = $zone_size; # } _jsonify_caching_booleans($conf_hr); _write_json( $file, $conf_hr ); } config( $app, $config_arg ) unless $prm->param("no-rebuild"); } return 1; } =head2 clear_cache_cmd() Clears a cache or caches. Pass the users you want to clear or none for all users. =over =item --all - optional Clear the cache for all users =item user1 user2 user3 … A list of users to clear the cache for =back =cut sub clear_cache_cmd { my ( $app, @users ) = @_; if ( @users == 0 || $users[0] eq '--all' ) { shift @users; die "--all can not be mixed with usernames\n" if @users; } else { foreach my $user (@users) { _validate_user_arg( $app, $user ); } } clear_cache(@users); return 1; } =head2 clear_cache() Clear the cache for a given list of users if received. Otherwise, clear the cache for all users. =over =item users - optional A list of cPanel users to clear the cache for =back =cut sub clear_cache { my (@users) = @_; if (@users) { foreach my $user (@users) { _delete_glob( $var_cache_ea_nginx . "/*/$user/*" ); } } else { _delete_glob( $var_cache_ea_nginx . "/*/*/*" ); } return 1; } =head2 reload() Reload nginx configuration =cut sub reload { _reload(); clear_cache() if !-e $skip_clearing_cache_touch_file; } ############### #### helpers ## ############### =head2 _wants_http2() Returns whether http2 is enabled or not. =head3 RETURNS Returns 1 if http2 is enabled. 0 otherwise. =cut our $wants_http2; sub _wants_http2 { if ( !defined $wants_http2 ) { $wants_http2 = -e "/etc/nginx/conf.d/http2.conf" ? 1 : 0; } return $wants_http2; } =head2 _has_ipv6() Returns whether IPv6 is enabled or not. =head3 RETURNS Returns 1 if IPv6 is enabled. 0 otherwise. =cut our $has_ipv6; sub _has_ipv6 { $has_ipv6 //= -f '/proc/net/if_inet6' ? 1 : 0; return $has_ipv6; } =head2 ensure_valid_nginx_config() Attempt to verify that the nginx binary reports that it has a valid configuration in place. Attempt to fix any errors that the nginx binary reports. Dies if it is unable to verify a valid nginx configuration. This effectively prevents the script from reloading nginx with a bad configuration and gives a warning to the user that they will need to manually resolve the issue before reloading nginx. =cut sub ensure_valid_nginx_config { my ($depth) = @_; $depth //= 0; # limit recursion depth to 25 my $max_depth = 25; my $nginx_bin = _get_nginx_bin(); my $combined_output = ''; my $output_handler = IO::Callback->new( '>', sub { $combined_output .= shift } ); my $run = Cpanel::SafeRun::Object->new( program => $nginx_bin, args => ['-t'], stdout => $output_handler, stderr => $output_handler, ); my $resolved_issue; if ( $run->CHILD_ERROR() ) { $resolved_issue = _attempt_to_fix_syntax_errors($combined_output); } else { print "Verified valid syntax for nginx configuration\n"; return; } ( $resolved_issue && $depth < $max_depth ) ? return ensure_valid_nginx_config( ++$depth ) : die "Unable to ensure a valid nginx configuration:\n\n$combined_output\n\nYou will need to manually resolve this issue.\n"; return; } =head2 caching_defaults() Returns a hash with the hardcoded caching fallbacks in case the user / global defined files are either missing altogether or missing a setting. The return changes depending on whether micro caching is enabled or not. Micro caching can be enabled by putting the following touch file in place: /etc/nginx/ea-nginx/enable.micro-cache-defaults =head3 RETURNS A hash of hardcoded caching fallbacks. =cut sub caching_defaults { # do not want `our %caching_defaults` or a hash reference so that no one can accidentally change it # non-micro my %defaults = ( proxy_cache_valid => { "200 301 302" => "60m", "404" => "1m", }, ); if ( -e '/etc/nginx/ea-nginx/enable.micro-cache-defaults' ) { # micro %defaults = ( proxy_cache_valid => { "301 302" => "5m", "404" => "1m", }, ); } # hard coded fallback in case they remove stuff from /etc/nginx/ea-nginx/cache.json return ( %defaults, enabled => 1, logging => 0, x_cache_header => 0, zone_size => "10m", inactive_time => "60m", levels => "1:2", proxy_cache_use_stale => "error timeout http_429 http_500 http_502 http_503 http_504", proxy_cache_background_update => "on", proxy_cache_revalidate => "on", proxy_cache_min_uses => 1, proxy_cache_lock => "off", ); } sub _bool_param { my ( $flag, $value ) = @_; die "--$flag value must be 1 or 0\n" if !defined $value || ( $value ne "1" && $value ne "0" ); return $value; } sub _jsonify_caching_booleans { my ($hr) = @_; require JSON::PP; for my $boolkey (qw(enabled logging x_cache_header)) { next if !exists $hr->{$boolkey}; $hr->{$boolkey} = $hr->{$boolkey} ? JSON::PP::true() : JSON::PP::false(); } return; } =head2 _write_json() Given a filename and a hashref of data to write to it, it will write the data to the file in json pretty format. =over =item file A valid filename =item ref A hashref containing data to write to the filename =back =cut sub _write_json { my ( $file, $ref ) = @_; my $transaction = Cpanel::Transaction::File::JSON->new( path => $file, "permissions" => 0644 ); $transaction->set_data($ref); $transaction->save_pretty_canonical_or_die(); $transaction->close_or_die(); return 1; } =head2 _render_tt_to_file() Consume a given template toolkit file and produce a given output file with the given data. =over =item tt_file The path to the template toolkit file to consume located within '/etc/nginx/ea-nginx/' =item output_file The path of the configuration file to output to within the '/etc/nginx/conf.d/' directory. =item tt_data A hashref of data that will be used by the template toolkit file. =back =cut my $tt; sub _render_tt_to_file { my ( $tt_file, $output_file, $tt_data ) = @_; $tt ||= Template->new( { INCLUDE_PATH => "/etc/nginx/" } ); my $output_path = "/etc/nginx/conf.d/$output_file"; path($output_path)->touchpath; my $output_tt = path("/etc/nginx/ea-nginx/$tt_file")->slurp; $tt->process( \$output_tt, $tt_data, sub { my ($out) = @_; path($output_path)->spew($out); return 1; } ); if ( $tt->error() ) { my $tt_err = $tt->error(); unlink $output_path; die "$tt_err\nFailed to ensure “$output_path” does not exist: $!\n" if -e $output_path; die $tt_err; } return 1; } =head2 _do_other_global_config() Allow for integrators to customize the configuration. It consumes and executes any executable scripts within the '/etc/nginx/ea-nginx/config-scripts/global' directory. It also gets called after all other global configurations meaning that it can overwrite them if the integrator wishes for the scripts to do so. =cut sub _do_other_global_config { # /etc/nginx/ea-nginx/config-scripts/global/* allows for future # _do_other_config_user($user) via /etc/nginx/ea-nginx/config-scripts/user/* for my $script ( File::Glob::bsd_glob("/etc/nginx/ea-nginx/config-scripts/global/*") ) { # Seen during the install of ea-modsec30-connector-nginx # During the install of multiple packages, the script # - May not actually be completely there it ends in .dpkg-new # - May not be executable if ( -x $script && $script !~ m/dpkg-new$/ ) { print "Running (global) “$script” …\n"; system($script) && warn "“$script” did not exit clean\n"; } else { print "Skipping “$script” as it is not executable\n"; } } return; } =head2 _get_application_paths() Populates a given hashref with the path to the binaries for the global default versions of ruby, python, and nodejs. =over =item app A hashref to populate with the paths to the binaries. Note, the given hashref will be altered by this sub. =back =cut sub _get_application_paths { my ($app) = @_; return Cpanel::Config::userdata::PassengerApps->ensure_paths( $app, 0 ); } =head2 _write_global_cpanel_localhost() Write '/etc/nginx/conf.d/includes-optional/cpanel-proxy-xt.conf' with a unique cPanel-localhost header. The cPanel-localhost will be refreshed if the file that it is stored in does not exist or has an mtime more than 30 minutes old. =cut sub _write_global_cpanel_localhost { # regen new value if its not set or if its been at least half an hour _write_cpanel_localhost_header() if !-e $proxy_header_file || ( stat(_) )[9] < ( time() - 1800 ); my $conf = Cpanel::JSON::LoadFile($proxy_header_file); my $val = $conf->{'cPanel-localhost'} || _write_cpanel_localhost_header(); my $path = Path::Tiny::path($cpanel_proxy_file); my $contents = <<"CPANEL_PROXY"; proxy_set_header cPanel-localhost $val; # for secure use of proxying to Apache w/ mod_remoteip proxy_headers_hash_bucket_size 128; proxy_set_header X-Forwarded-For-$val \$proxy_add_x_forwarded_for; CPANEL_PROXY $path->spew($contents); $path->chmod(0600); return; } =head2 _write_cpanel_localhost_header() Generate a new cPanel-localhost header, write the cPanel-localhost header to /etc/nginx/ea-nginx/cpanel_localhost_header.json, and rebuild and restart apache so that it can pick up the new cPanel localhost header that nginx will send. =head3 RETURNS Returns the new cPanel localhost header value. =cut sub _write_cpanel_localhost_header { my $rand = Cpanel::Rand::Get::getranddata(64); # Though technically legal, NGINX does not like _ in header names (for good reason honestly) # and we want to do things like: proxy_set_header X-Forwarded-For-<RAND> …; $rand =~ s/_/-/g; my %headers = ( 'cPanel-localhost' => $rand, ); _write_json( $proxy_header_file, \%headers ); chmod 0600, $proxy_header_file; # in case it is reset out form under the package _rebuild_and_restart_apache(); # needed so that apache can pick up the new header file return $headers{"cPanel-localhost"}; } =head2 _write_global_nginx_conf() Update '/etc/nginx/nginx.conf' with the custom values for 'worker_processes' and 'worker_shutdown_timeout' if any. Otherwise, update it with a default value for these two configuration variables. =cut sub _write_global_nginx_conf { my $main = path("/etc/nginx/nginx.conf"); my $cont = $main->slurp; my $local_settings = _get_settings_hr(); # worker_processes my $val = "1"; if ( exists $local_settings->{worker_processes} ) { if ( $local_settings->{worker_processes} =~ m/^[1-9][0-9]*$/ || $local_settings->{worker_processes} eq "auto" ) { $val = $local_settings->{worker_processes}; } else { warn "Custom `worker_processes` in “$settings_file” is not a number (and is not “auto”), falling back to “$val” …\n"; } } $cont =~ s/^(\s*worker_processes\s+)\S+(\s*;)/$1$val$2/gm; # worker_shutdown_timeout $val = "10s"; if ( exists $local_settings->{worker_shutdown_timeout} ) { if ( $local_settings->{worker_shutdown_timeout} =~ m/^[1-9][0-9]*(?:ms|[smhdwMy])?$/ ) { $val = $local_settings->{worker_shutdown_timeout}; } else { warn "Custom `worker_shutdown_timeout` in “$settings_file” is not an NGINX time value, falling back to “$val” …\n"; } } $cont =~ s/^(\s*worker_shutdown_timeout\s+)\S+(\s*;)/$1$val$2/gm; $main->spew($cont); return 1; } =head2 _write_global_cpanel_proxy_non_ssl() Update '/etc/nginx/conf.d/cpanel-proxy-non-ssl.conf' with the correct values for IPv6 and USER_ID. =cut sub _write_global_cpanel_proxy_non_ssl { my $ipv6 = _has_ipv6(); my $prefix = $ipv6 ? "" : "# server does not have IPv6 enabled: "; my $cpns = path("/etc/nginx/conf.d/cpanel-proxy-non-ssl.conf"); my $content = $cpns->slurp; # toggle IPv6 $content =~ s/^.*(listen\s+\[::\]:)/ $prefix$1/gm; my $user_id_prefix = _wants_user_id() ? '' : '# '; # toggle $USER_ID $content =~ s/^.*(set\s+\$USER_ID\s+""\s*;)/ $user_id_prefix$1/gm; $cpns->spew($content); return 1; } =head2 _write_global_default() Update '/etc/nginx/conf.d/default.conf' with the correct values for IPv6, http2, USER_ID, reuseport, and the correct default ssl certificate to use on the system. =cut sub _write_global_default { my $reuseport = Cpanel::Kernel::system_is_at_least('3.9.0') ? 1 : 0; my $ipv6 = _has_ipv6(); my $http2 = _wants_http2(); my $wants_uid = _wants_user_id(); my $ssl_certificate = -f '/var/cpanel/ssl/cpanel/mycpanel.pem' ? '/var/cpanel/ssl/cpanel/mycpanel.pem' : '/var/cpanel/ssl/cpanel/cpanel.pem'; return _render_tt_to_file( 'default.conf.tt' => 'default.conf', { reuseport => $reuseport, ipv6 => $ipv6, http2 => $http2, ssl_certificate => $ssl_certificate, ssl_certificate_key => $ssl_certificate, uid => $wants_uid, }, ); } =head2 _write_global_passenger() Write '/etc/nginx/conf.d/passenger.conf' with the correct application paths for ruby, python, and nodejs =cut sub _write_global_passenger { unlink '/etc/nginx/conf.d/passenger.conf'; # will get re-written fresh below if its needed, otherwise we want it gone return 1 unless -e '/etc/nginx/modules/ngx_http_passenger_module.so'; my $defaults_hr = { name => "global passenger defaults" }; _get_application_paths($defaults_hr); my $passenger_root = $defaults_hr->{ruby}; $passenger_root =~ s{/[^/]+$}{/../share/passenger/phusion_passenger/locations.ini}; my $passenger_instance_registry_dir = $defaults_hr->{ruby}; if ( $passenger_instance_registry_dir =~ m{^/opt/cpanel} ) { $passenger_instance_registry_dir =~ s{/[^/]+$}{/../../var/run/passenger-instreg}; } else { $passenger_instance_registry_dir = '/opt/cpanel/ea-passenger/run/passenger-instreg'; } File::Path::Tiny::mk($passenger_instance_registry_dir); return _render_tt_to_file( 'ngx_http_passenger_module.conf.tt' => 'passenger.conf', { passenger => { global => { passenger_root => $passenger_root, passenger_instance_registry_dir => $passenger_instance_registry_dir, default => $defaults_hr, }, }, }, ); } =head2 _get_settings_hr() Returns a hashref containing nginx settings based on the default settings, the contents of '/etc/nginx/ea-nginx/settings.json', and the calculated values of 'server_names_hash_bucket_size', and 'server_names_hash_max_size'. The result of this sub is cached and the cached result will be returned after the first call. =head3 RETURNS A hashref similar to the following: { apache_port_ip => '127.0.0.1', server_names_hash_bucket_size => 128, server_names_hash_max_size => 1024, apache_ssl_port_ip => '127.0.0.1', client_max_body_size => '128m', apache_port => 81, apache_ssl_port => 444, } =cut our $settings_hr; sub _get_settings_hr { if ( !defined $settings_hr ) { my $global_settings = Cpanel::JSON::LoadFile($settings_file); $settings_hr = { _settings_defaults(), %{$global_settings}, }; # Do this here so that these two settings are always calculated # NOTE: The calculations are based on the advice given here: http://nginx.org/en/docs/http/server_names.html#optimization $settings_hr->{server_names_hash_max_size} = _get_server_names_hash_max_size(); $settings_hr->{server_names_hash_bucket_size} = _get_server_names_hash_bucket_size( $settings_hr->{server_names_hash_max_size} ); } return $settings_hr; } =head2 _get_server_names_hash_bucket_size() Calculate the value of 'server_names_hash_bucket_size' based on the length of the longest domain hosted on the server. =head3 RETURNS An integer greater than or equal to 128. The integer must be a power of 2. =cut sub _get_server_names_hash_bucket_size { my ($server_names_hash_max_size) = @_; my $server_names_hash_bucket_size = $default_server_names_hash_bucket_size; my $domain_length_info = _get_domain_length_info(); # server_names_hash_bucket_size should be power of 2 for CPU cache line size # optimization purposes. Set it to first power of 2 larger then the longest # server_name or 128 if it is sufficient # As a sanity check, we also need to ensure that # server_names_hash_max_size * server_names_hash_bucket_size # is larger than the total bytes taken up by all the domains combined my $server_names_total_size = $server_names_hash_max_size * $server_names_hash_bucket_size; while ( $server_names_hash_bucket_size < $domain_length_info->{longest} || $server_names_total_size < $domain_length_info->{total_length} ) { $server_names_hash_bucket_size *= 2; $server_names_total_size = $server_names_hash_max_size * $server_names_hash_bucket_size; } return $server_names_hash_bucket_size; } =head2 _get_aligned_domain_length() Given an integer, it returns the smallest integer that is larger than the integer and divisible by 8. =over =item domain_length An unsigned integer to align to 8 =back =head3 RETURNS The smallest integer that is larger than the given integer and divisible by 8 =cut sub _get_aligned_domain_length { my ($domain_length) = @_; my $align_to = 8; # Assumes x86_64 my $remainder = $domain_length % $align_to; # if there is a remainder, then we need to align the domain length # otherwise, it is already divisible by 8 and there is nothing to do my $aligned_domain_length = $remainder ? $domain_length + $align_to - $remainder : $domain_length; return $aligned_domain_length; } =head2 _get_domain_length_info() Returns a hashref containing two keys that represent that have values representing the length of the longest domain on the server and the total length of all domains hosted on the server =head3 RETURNS A hashref similar to the following: { longest => 200, total_length => 4242, } =cut sub _get_domain_length_info { # If a miss is encountered while building the server_names_hash, then up to # 5/8 of the hash length could be unused my $nginx_buffer = $default_server_names_hash_bucket_size / 8 * 5; my $service_subdomain_buffer = 16; # Add padding for service subdomains (autodiscover. is currently the longest) my $longest = 0; my $total_length = 0; my $user_lookup = _get_user_domains(); for my $usr ( sort keys %$user_lookup ) { for my $domain ( @{ $user_lookup->{$usr} } ) { my $domain_length = length $domain; my $aligned_domain_length = _get_aligned_domain_length($domain_length); my $total_domain_length = $aligned_domain_length + $nginx_buffer + $service_subdomain_buffer; $longest = $total_domain_length if $total_domain_length > $longest; # There are up to 10 copies of the domain generated between the two # server_name blocks for the domain. On average, this number is 8, # but we go with the larger number here to be sure that we the # configure nginx with large enough values to generate its # server_names hash $total_domain_length *= 10; $total_length += $total_domain_length; } } my $domain_length_info = { longest => $longest, total_length => $total_length, }; return $domain_length_info; } =head2 _get_server_names_hash_max_size() Calculates the value of 'server_names_hash_max_size' based on the total number of domains hosted on the server. =head3 RETURNS An integer greater than or equal to 1024. =cut sub _get_server_names_hash_max_size { my $minimum_hash_max_size = 1024; my $num_domains = _get_num_total_domains(); # We generate ~8 server blocks for each domain my $num_server_blocks = $num_domains * 8; # At a minimum, 'server_names_hash_max_size' needs to match the number of server blocks generated # If the number of server blocks to generate is larger than the minimum that we allow this setting to be # then increase the setting size to the number of server blocks to generate # otherwise, honor the minimum size return ( $minimum_hash_max_size < $num_server_blocks ) ? $num_server_blocks : $minimum_hash_max_size; } =head2 _write_global_ea_nginx() Uses template toolkit file to write '/etc/nginx/conf.d/ea-nginx.conf' =cut sub _write_global_ea_nginx { my $cur_settings = _get_settings_hr(); my $ea4_conf_hr = Cpanel::EA4::Conf->instance->as_hr(); my $vhosts = _get_httpd_vhosts_hash(); my %ips = map { $vhosts->{$_}{ip} => 1 } keys %{$vhosts}; return _render_tt_to_file( 'ea-nginx.conf.tt' => 'ea-nginx.conf', { ea4conf => $ea4_conf_hr, settings => $cur_settings, ips => [ sort keys %ips ] } ); } =head2 _settings_defaults() Returns a hash containing the default settings for nginx. This is needed as a fallback in case '/etc/nginx/ea-nginx/settings.json' is missing a crucial value needed for rendering the template toolkit for 'ea-nginx.conf'. =cut sub _settings_defaults { my $cpconf_hr = _get_cpconf_hr(); my %ports; foreach my $key ( 'apache_port', 'apache_ssl_port' ) { $ports{$key} = $cpconf_hr->{$key} =~ /:([0-9]+)$/ ? $1 : 0; if ( $ports{$key} < 1 || $ports{$key} > 65535 ) { # last ditch fall back if cpconf has an invalid value $ports{$key} = $key eq 'apache_port' ? 81 : 444; } } # hard coded fallback in case they remove stuff from /etc/nginx/ea-nginx/settings.json return ( apache_port => $ports{apache_port}, apache_port_ip => '127.0.0.1', apache_ssl_port => $ports{apache_ssl_port}, apache_ssl_port_ip => '127.0.0.1', client_max_body_size => '128m', ); } =head2 _write_global_logging() Uses template toolkit file to write '/etc/nginx/conf.d/global-logging.conf' and enables/disables piped logging based on the global system setting =cut sub _write_global_logging { my $logging_hr = _get_logging_hr(); _render_tt_to_file( 'global-logging.tt' => 'global-logging.conf', { logging => $logging_hr, hostname => scalar( Cpanel::Hostname::gethostname() ), }, ); if ( $logging_hr->{piped_logs} ) { path($piped_module_conf)->spew("load_module modules/ngx_http_pipelog_module.so;"); } else { unlink $piped_module_conf; die "Failed to ensure “$piped_module_conf” does not exist: $!\n" if -e $piped_module_conf; } return 1; } =head2 _reload() Reload nginx configuration =over =item new_file - optional If nginx fails to reload, then this file will be removed and second attempt to reload nginx without this file in place will take place =back =cut sub _reload { my ($new_file) = @_; ensure_valid_nginx_config(); # dies if it fails to ensure a valid config if ( system("/usr/local/cpanel/scripts/restartsrv_nginx reload") != 0 ) { if ($new_file) { warn "Could not reload generated nginx config, removing and attempting reload without it: $?\n"; unlink $new_file; system("/usr/local/cpanel/scripts/restartsrv_nginx reload") || return 1; } exit 1; } return 1; } =head2 _validate_domains_data_or_die( $user, $domains_data ) Validates that the given user was able to load its domain userdata and that the domain userdata has the minimum expected data =over =item user The username that is being validated =item domains_data A hashref containing the domain data that is being validated =back =cut sub _validate_domains_data_or_die { my ( $user, $domains_data ) = @_; die "Failed to load user ‘$user’s web vhost data\n" unless $domains_data; die "No vhosts config data for user ‘$user’\n" unless $domains_data->{main_domain}; return; } =head2 _validate_user_uid_and_gid($user) Validates that the given user has a valid system UID and GID =over =item user The username being validated =back =cut sub _validate_user_uid_and_gid { my ($user) = @_; die "Unable to determine user id for $user, assuming invalid user and skipping\n" unless ( Cpanel::PwCache::getpwnam($user) )[2]; die "Unable to determine group id for $user, assuming invalid user and skipping\n" unless _get_group_for($user); return; } =head2 _write_user_conf() Writes the configuration for the given user. This includes the caching configuration, server block for the primary and parked domains, and the server blocks for any subdomains and/or addon domains belonging to the user. =over =item user A valid cPanel username =item global_config_data A hashref containing data that should be treated as read only that all users can use to build their configs with. =back =cut sub _write_user_conf { my ( $user, $global_config_data ) = @_; _validate_user_uid_and_gid($user); my $domains_data = Cpanel::Config::userdata::Load::load_userdata_main($user); _validate_domains_data_or_die( $user, $domains_data ); my $userdata_for_main_domain = _get_userdata_for( $user => $domains_data->{main_domain} ); my %addon_subdomains = map { $domains_data->{addon_domains}{$_} => 1 } grep { $domains_data->{addon_domains}{$_} } keys %{ $domains_data->{addon_domains} }; my @actual_subdomains = grep { $_ && !exists $domains_data->{addon_domains}{$_} && !$addon_subdomains{$_} } @{ $domains_data->{sub_domains} }; my %subdomains_hash = map { $_ => 1 } @{ $domains_data->{sub_domains} }; my $userconf = "/etc/nginx/conf.d/users/$user.conf"; print "Setting up $userconf …\n"; if ( !defined &scripts::ea_nginx_userdata::run ) { my $prefix = "/usr/local/cpanel/scripts/ea-nginx"; if ( $0 =~ m{/SOURCES/} ) { # Can’t use FindBin because the script name is different in repo and in RPM require Cwd; $prefix = Cwd::abs_path($0); } require "$prefix-userdata"; } scripts::ea_nginx_userdata::run($user); my $caching_hr = _get_caching_hr($user); my $pre_server = ""; if ( $caching_hr->{enabled} ) { $pre_server = "proxy_cache_path /var/cache/ea-nginx/proxy/$user levels=$caching_hr->{levels} keys_zone=$user:$caching_hr->{zone_size} inactive=$caching_hr->{inactive_time};\n\n"; } my $domains = [ $domains_data->{main_domain}, 'www.' . $domains_data->{main_domain}, ]; push( @$domains, "mail.$domains_data->{main_domain}" ) unless $subdomains_hash{"mail.$domains_data->{main_domain}"}; push( @$domains, "ipv6.$domains_data->{main_domain}" ) if exists $userdata_for_main_domain->{ipv6}; foreach my $dom ( @{ $domains_data->{parked_domains} } ) { push @$domains, $dom; if ( !Cpanel::WildcardDomain::is_wildcard_domain($dom) ) { push @$domains, "www.$dom"; push( @$domains, "mail.$dom" ) unless $subdomains_hash{"mail.$dom"}; } } path($userconf)->spew( $pre_server . "#### main domain for $user ##\n" ); _render_and_append( { user => $user, domains => $domains, global_config_data => $global_config_data, } ); _init_logs_for( $user, $domains_data->{main_domain} ); if (@actual_subdomains) { path($userconf)->append("\n#### sub domains for $user ##\n"); for my $subdom (@actual_subdomains) { my $subdoms = [$subdom]; push( @$subdoms, "www.$subdom" ) unless Cpanel::WildcardDomain::is_wildcard_domain($subdom); _render_and_append( { user => $user, domains => $subdoms, global_config_data => $global_config_data, } ); _init_logs_for( $user, $subdom ); } } if ( keys %{ $domains_data->{addon_domains} } ) { path($userconf)->append("\n#### addon domains for $user ##\n"); for my $aod ( sort keys %{ $domains_data->{addon_domains} } ) { my $sub = $domains_data->{addon_domains}{$aod}; next unless $sub; if ( !$subdomains_hash{$sub} ) { warn "Skipping addon domain $aod for $user, corresponding sub domain $sub does not exist"; next; } my $ao_domains = []; # subdomain first -- does not add mail subdomain push @$ao_domains, $sub; push( @$ao_domains, "www.$sub" ) unless Cpanel::WildcardDomain::is_wildcard_domain($sub); # addon domain second -- adds mail subdomain push @$ao_domains, $aod; if ( !Cpanel::WildcardDomain::is_wildcard_domain($aod) ) { push @$ao_domains, "www.$aod"; push( @$ao_domains, "mail.$aod" ) unless $subdomains_hash{"mail.$aod"}; } _render_and_append( { user => $user, domains => $ao_domains, global_config_data => $global_config_data, } ); _init_logs_for( $user, $sub ); } } return 1; } our ( $server_tt, $docroots, $logging_hr, $caching_cache, $global_caching ); =head2 caching_global() Return a hashref containing nginx's global caching settings. This sub will return a cached result after the first call. =head3 RETURNS A hashref similar to the following: { 'inactive_time' => '60m', 'proxy_cache_use_stale' => 'error timeout http_429 http_500 http_502 http_503 http_504', 'proxy_cache_valid' => { '200 301 302' => '60m', '404' => '1m' }, 'zone_size' => '10m', 'proxy_cache_lock' => 'off', 'proxy_cache_revalidate' => 'on', 'proxy_cache_background_update' => 'on', 'levels' => '1:2', 'enabled' => bless( do{\(my $o = 1)}, 'JSON::PP::Boolean' ), 'proxy_cache_min_uses' => 1, 'logging' => bless( do{\(my $o = 0)}, 'JSON::PP::Boolean' ), }; =cut sub caching_global { return $global_caching if $global_caching; my $caching_global = Cpanel::JSON::LoadFile($cache_file); # UGMO :/ clean it up if the touch file exists and they have the defaults # if they happen to edit it and make it the default and they really want that then they should not have this touchfile if ( -e '/etc/nginx/ea-nginx/enable.micro-cache-defaults' ) { # only change it if its the non-micro default if ( keys %{ $caching_global->{proxy_cache_valid} } == 2 && exists $caching_global->{proxy_cache_valid}{"200 301 302"} && $caching_global->{proxy_cache_valid}{"200 301 302"} eq "60m" && exists $caching_global->{proxy_cache_valid}{404} && $caching_global->{proxy_cache_valid}{404} eq "1m" ) { warn "Changing default `proxy_cache_valid` to micro-cache version per the existance of the `/etc/nginx/ea-nginx/enable.micro-cache-defaults` touch-file\n"; delete $caching_global->{proxy_cache_valid}{"200 301 302"}; $caching_global->{proxy_cache_valid}{"301 302"} = "5m"; _write_json( $cache_file, $caching_global ); } } else { # only change it back if its the micro default if ( keys %{ $caching_global->{proxy_cache_valid} } == 2 && exists $caching_global->{proxy_cache_valid}{"301 302"} && $caching_global->{proxy_cache_valid}{"301 302"} eq "5m" && exists $caching_global->{proxy_cache_valid}{404} && $caching_global->{proxy_cache_valid}{404} eq "1m" ) { warn "Changing default `proxy_cache_valid` to non-micro-cache version per the absence of the `/etc/nginx/ea-nginx/enable.micro-cache-defaults` touch-file\n"; $caching_global->{proxy_cache_valid}{"200 301 302"} = "60m"; delete $caching_global->{proxy_cache_valid}{"301 302"}; _write_json( $cache_file, $caching_global ); } } return $caching_global; } =head2 _get_caching_hr() Returns the given users cache settings. The cache settings have the following order of precendence: 1. user specific based on '/var/cpanel/userdata/$user/nginx-cache.json' 2. global cache settings based on '/etc/nginx/ea-nginx/cache.json' 3. The caching defaults provided by caching_defaults() NOTE: The results of this sub are cached for each user in the $caching_cache hashref and the cached result is returned on subsequent calls to this sub. =over =item user A valid cPanel username =back =head3 RETURNS A hashref representing the user's caching configuration. See caching_global() for a detailed example of what this data structure looks like. =cut sub _get_caching_hr { my ($user) = @_; if ( !exists $caching_cache->{$user} ) { # at this point that file should exist; if it does not we want this to barf so we know about it my $global_caching = caching_global(); my $user_caching = eval { Cpanel::JSON::LoadFile("/var/cpanel/userdata/$user/nginx-cache.json") } || {}; $caching_cache->{$user} = { caching_defaults(), %{$global_caching}, %{$user_caching}, }; } return $caching_cache->{$user}; } =head2 _get_logging_hr() Return a hashref containing the user's global logging preferences. This sub will return a cached result after the first call. =head3 RETURNS This returns a hashref similar to the following: { 'default_format_name' => 'combined', 'enable_cache_log' => bless( do{\(my $o = 0)}, 'JSON::PP::Boolean' ), 'loglevel' => 'warn', 'piped_logs' => '1' }; =cut sub _get_logging_hr { return $logging_hr if $logging_hr; $logging_hr->{piped_logs} = Whostmgr::TweakSettings::get_value( Main => 'enable_piped_logs' ); my $wwwacct = Cpanel::Config::LoadWwwAcctConf::loadwwwacctconf() // {}; $logging_hr->{default_format_name} = $wwwacct->{LOGSTYLE} || "combined"; my $global_caching = caching_global(); $logging_hr->{enable_cache_log} = $global_caching->{logging}; if ( $logging_hr->{default_format_name} ne "combined" && $logging_hr->{default_format_name} ne "common" ) { warn "Invalid “LOGSTYLE”, using `combined`\n"; $logging_hr->{default_format_name} = "combined"; } my $e4c = Cpanel::EA4::Conf::Tiny::get_ea4_conf_hr(); $logging_hr->{loglevel} = $e4c->{loglevel} || 'warn'; return $logging_hr; } =head2 _get_group_for() Returns the group name for the given username. The result is cached in a hash and the cached result will be returned if the given username exists in the hash. =over =item user A valid cPanel username =back =head3 RETURNS A string representing the group name of the given username or undef. =cut my %group_cache; sub _get_group_for { my ($user) = @_; return $group_cache{$user} if $group_cache{$user}; # prefer: group same name as user $group_cache{$user} = scalar getgrnam($user) ? $user : undef; return $group_cache{$user} if $group_cache{$user}; # otherwise: via gid my $gid = _get_gid_for($user); return unless $gid; $group_cache{$user} = getgrgid($gid); return $group_cache{$user}; } =head2 _get_gid_for() Returns the gid for the given username. The result is cached in a hash and the cached result will be returned if the given username exists in the hash. =over =item user A valid cPanel username =back =head3 RETURNS An integer representing the group ID of the given username or undef. =cut my %gid_cache; sub _get_gid_for { my ($user) = @_; return $gid_cache{$user} if $gid_cache{$user}; my $gid = ( getpwnam($user) )[3]; return unless $gid; $gid_cache{$user} = $gid; return $gid_cache{$user}; } =head2 _get_domains_with_ssls() Returns a hashref where the keys are the domains that have SSL enabled and the value is 1 for every key. =cut our $domains_with_ssl; sub _get_domains_with_ssls { return $domains_with_ssl if $domains_with_ssl; my %ssl_vhosts = map { $_ =~ s/_SSL$//; $_ => 1 } grep { substr( $_, -4 ) eq '_SSL' ? 1 : 0 } keys %{ _get_httpd_vhosts_hash() }; $domains_with_ssl = \%ssl_vhosts; return $domains_with_ssl; } =head2 _get_httpd_vhosts_hash() Returns a hashref containing the apache configuration structure for all the vhosts that will be configured on the system. See <Cpanel::ConfigFiles::Apache::Config> for more details regarding this data structure. The result of this sub is cached and the cached result will be returned after the first call. =cut our $httpd_vhosts_hr; sub _get_httpd_vhosts_hash { return unless ( eval { require Cpanel::ConfigFiles::Apache::Config; 1; } ); $httpd_vhosts_hr ||= Cpanel::ConfigFiles::Apache::Config::get_httpd_vhosts_hash(); return $httpd_vhosts_hr; } =head2 _is_standalone() Returns whether nginx is currently in standalone mode or not. The return value is cached and the cached value will be returned on subsequent calls to this sub. =head3 RETURNS Returns 1 or 0 =cut our $standalone; sub _is_standalone { $standalone //= -e "/etc/nginx/ea-nginx/enable.standalone" ? 1 : 0; return $standalone; } =head2 _render_and_append() Appends the server block for the given domains to the given user's configuration file. Dies if it fails to render the server block for the user. =over =item args A hashref containing named args to be passed in. =over 2 =item user A valid cPanel username =item domains A arrayref of domains names =item global_config_data A hashref containing data that should be treated as read only that all users can use to build their configs with. =back =back =cut sub _render_and_append { my ($args) = @_; my $user = $args->{user}; my $domains = $args->{domains}; my $global_config_data = $args->{global_config_data}; my $group = _get_group_for($user); # at this point that file should exist; if it does not we want this to barf so we know about it my $cpanel_password_protected_directories = Cpanel::JSON::LoadFile("/var/cpanel/userdata/$user/cpanel_password_protected_directories.json"); my $cpanel_redirects = Cpanel::JSON::LoadFile("/var/cpanel/userdata/$user/cpanel_redirects.json"); my $userconf = "/etc/nginx/conf.d/users/$user.conf"; $tt ||= Template->new( { INCLUDE_PATH => "/etc/nginx/" } ); $server_tt ||= path("/etc/nginx/ea-nginx/server.conf.tt")->slurp; my $user_docroots = _get_docroots_for($user); my $docroot = $user_docroots->{ $domains->[0] }; my $basic_auth = _get_basic_auth( $user, $docroot, $cpanel_password_protected_directories ); my $redirects = _get_redirects( $domains, $cpanel_redirects ); my $ssl_redirect = _get_ssl_redirect( $user => $domains ); my $secruleengineoff = -e "/etc/nginx/conf.d/modules/ngx_http_modsecurity_module.conf" ? _get_secruleengineoff( $user => $domains ) : 0; my $passenger_apps = _get_passenger_apps( $user => $domains ); my $caching_hr = _get_caching_hr($user); # Include numeric UID if they want it my $uid = ( Cpanel::PwCache::getpwnam($user) )[2] if _wants_user_id(); my $fpm_socket; my $php_major_version; # Check if the LSAPI flag file exists my $lsapi_flag_file = "/etc/nginx/conf.d/modules/ea-nginx-lsapi-module.conf"; my $lsapi_available = -e $lsapi_flag_file; my $lsapi_handler; foreach my $dom (@$domains) { my $has_fpm = Cpanel::PHPFPM::Get::get_php_fpm( $user, $dom ); my $php_config_ref; eval { $php_config_ref = Cpanel::PHP::Config::get_php_config_for_domains( [$dom] )->{$dom}; }; if ( $php_config_ref && $php_config_ref->{'phpversion'} =~ m/\w+-php(\d)\d/ ) { $php_major_version = $1; } if ($has_fpm) { if ($php_config_ref) { my ( $proxy, $socket ) = Cpanel::PHPFPM::Get::get_proxy_from_php_config_for_domain($php_config_ref); $fpm_socket = $socket; if ( $fpm_socket =~ m{/\w+-php(\d)\d/} ) { $php_major_version = $1; } } elsif ( $global_config_data->{standalone} ) { warn "Could not find PHP configuration for “$dom”, it will not be configured to use PHP-FPM\n"; } last; } elsif ( $lsapi_available && $global_config_data->{standalone} ) { # we have CL’s lsapi NGINX module && we’re under standalone NGINX # Construct the lsapi_handler variable if ( $php_config_ref && $php_config_ref->{'phpversion'} ) { $lsapi_handler = "application/x-httpd-" . $php_config_ref->{'phpversion'} . "___lsphp"; last; } } } $domains_with_ssl ||= _get_domains_with_ssls(); my $is_wp_squared = 0; if ( defined &Cpanel::Server::Type::is_wp_squared ) { $is_wp_squared = Cpanel::Server::Type::is_wp_squared() ? 1 : 0; } my @service_subdomains; $httpd_vhosts_hr ||= _get_httpd_vhosts_hash(); if ( exists $httpd_vhosts_hr->{"$domains->[0]_SSL"}{proxy_subdomains} ) { if ($is_wp_squared) { # Add wp and wp2 service subdomains my $domain = $httpd_vhosts_hr->{"$domains->[0]_SSL"}{proxy_subdomains}{ ( keys %{ $httpd_vhosts_hr->{"$domains->[0]_SSL"}{proxy_subdomains} } )[0] }; $httpd_vhosts_hr->{"$domains->[0]_SSL"}{proxy_subdomains}{wp} = $domain; $httpd_vhosts_hr->{"$domains->[0]_SSL"}{proxy_subdomains}{wp2} = $domain; } for my $sub ( sort keys %{ $httpd_vhosts_hr->{"$domains->[0]_SSL"}{proxy_subdomains} } ) { push @service_subdomains, map { "$sub.$_" } @{ $httpd_vhosts_hr->{"$domains->[0]_SSL"}{proxy_subdomains}{$sub} }; } } my $combined_tls = Cpanel::Apache::TLS->get_tls_path( $domains->[0] ); if ( !_is_certfile_valid($combined_tls) ) { if ( -f "/var/cpanel/ssl/cpanel/mycpanel.pem" ) { $combined_tls = "/var/cpanel/ssl/cpanel/mycpanel.pem"; } else { $combined_tls = "/var/cpanel/ssl/cpanel/cpanel.pem"; } } my $ip = Cpanel::DomainIp::getdomainip( $domains->[0] ) || '127.0.0.1'; # juuust in case so we don’t break nginx w/ syntax error my $servername_ip = $ip ne '127.0.0.1' && $global_config_data->{domain_ips}{$ip} && $global_config_data->{domain_ips}{$ip} eq $domains->[0] ? $ip : ""; # Use the public IP on NAT systems # NOTE: this is fine to run on non-NAT systems as it just returns the same IP $servername_ip = Cpanel::NAT::get_public_ip($servername_ip) if $servername_ip; my $wordpress_hr = _get_wordpress_info( $user, $user_docroots->{ $domains->[0] } ); my $has_wordpress = ( $wordpress_hr->{docroot_install} || scalar @{ $wordpress_hr->{non_docroot_uris} } ) ? 1 : 0; my $include_cloudflare = 1; my $settings_hr = _get_settings_hr(); $include_cloudflare = $settings_hr->{include_cloudflare} if ( exists $settings_hr->{include_cloudflare} ); $tt->process( \$server_tt, { docroot => $docroot, ssl_certificate => $combined_tls, ssl_certificate_key => $combined_tls, ssl_redirect => $ssl_redirect, secruleengineoff => $secruleengineoff, domains => $domains, service_subdomains => \@service_subdomains, user => $user, group => $group, ( defined $uid ? ( uid => $uid ) : () ), proxy_ip => $ip, ip => $servername_ip, ipv6 => $global_config_data->{ipv6}, http2 => $global_config_data->{http2}, fpm_socket => $fpm_socket, php_major_version => $php_major_version, has_wordpress => $has_wordpress, lsapi_handler => $lsapi_handler, wordpress => { docroot_install => $wordpress_hr->{docroot_install}, non_docroot_uris => $wordpress_hr->{non_docroot_uris}, }, basic_auth => $basic_auth, redirects => $redirects, logging => $global_config_data->{logging}, ea4conf => $global_config_data->{e4c}, settings => $global_config_data->{cur_settings}, passenger => { apps => $passenger_apps, }, behavior => { standalone => $global_config_data->{standalone}, caching => $caching_hr, }, proxysubdomains_enabled => $global_config_data->{cpconf}->{proxysubdomains}, include_cloudflare => $include_cloudflare, }, sub { my ($out) = @_; path($userconf)->append($out); return 1; } ); if ( $tt->error() ) { unlink $userconf; die $tt->error(); } return 1; } =head2 _init_logs_for() Initializes the logs for a given user and domain. =over =item user A valid cPanel username =item domain The domain to initialize =back =cut sub _init_logs_for { my ( $user, $domain ) = @_; my $gid = _get_gid_for($user); # STD log Cpanel::FileUtils::TouchFile::touchfile("/var/log/nginx/domains/$domain"); chmod 0640, "/var/log/nginx/domains/$domain"; chown 0, $gid, "/var/log/nginx/domains/$domain"; # SSL log Cpanel::FileUtils::TouchFile::touchfile("/var/log/nginx/domains/$domain-ssl_log"); chmod 0640, "/var/log/nginx/domains/$domain-ssl_log"; chown 0, $gid, "/var/log/nginx/domains/$domain-ssl_log"; # Bytes log Cpanel::FileUtils::TouchFile::touchfile("/var/log/nginx/domains/$domain-bytes_log"); chmod 0644, "/var/log/nginx/domains/$domain-bytes_log"; chown 0, 0, "/var/log/nginx/domains/$domain-bytes_log"; return; } =head2 _is_certfile_valid() Tests if an SSL certificate file is valid =head3 RETURNS Returns false if the certificate file has been found to be invalid Returns true otherwise =cut sub _is_certfile_valid { my ($certfile) = @_; # It cannot be valid if it is absent or empty if ( !-f $certfile || -z _ ) { print "Certificate file $certfile is absent or empty; excluding from config file\n"; return; } # We cannot meaningfully test further if the openssl binary hasn't been found # This issue will have already been reported my $openssl = _get_openssl_obj(); return 1 unless $openssl; my $output = $openssl->get_cert_text( { crtfile => $certfile } ); if ( $output->{CHILD_ERROR} ) { print "Certificate file $certfile is invalid; excluding from config file: " . $output->{stderr} . "\n"; return; } return 1; } =head2 _get_openssl_obj() Gets a cached instance of a Cpanel::OpenSSL object If not present in the cache, then allocates & caches =head3 RETURNS Returns a Cpanel::OpenSSL instance if OpenSSL binaries are present Returns false otherwise =cut sub _get_openssl_obj { $openssl_obj //= Cpanel::OpenSSL->new(); if ( !$openssl_obj ) { warn "The openssl binary could not be located\n"; } return $openssl_obj; } =head2 _get_homedir() Returns the path to the given cPanel user's homedir =head3 RETURNS The path to the user's homedir =cut sub _get_homedir { my ($user) = @_; return ( getpwnam($user) )[7]; } =head2 _get_passenger_apps() Given a user and an array reference of domains, it consumes the applications userdatafile for the user, and returns an array reference of hashes for any applications that are enabled for one of the given domains. =over =item user A cPanel username =item domains A arrayreferences of domains owned by the user =back =head3 RETURNS An array reference of hashes containing application data for any enabled passenger applications =cut sub _get_passenger_apps { my ( $user, $domains ) = @_; my @apps; my %domains; @domains{ @{$domains} } = (); my $apps_hr = eval { Cpanel::JSON::LoadFile("/var/cpanel/userdata/$user/applications.json") } || {}; for my $app_name ( sort keys %{$apps_hr} ) { my $app = $apps_hr->{$app_name}; if ( $app->{enabled} && exists $domains{ $app->{domain} } ) { _get_application_paths($app); push @apps, $app; } } return \@apps; } =head2 _get_userdata_for() Given a cPanel username and a domain that it owns, it returns the userdata for the domain. =over =item user A valid cPanel username =item dom A domain owned by the cPanel user =back =head3 RETURNS A hashref representing the userdata for the user's domain =cut our %load_userdata_cache; sub _get_userdata_for { my ( $user, $dom ) = @_; if ( !exists $load_userdata_cache{$user}{$dom} ) { $load_userdata_cache{$user}{$dom} = Cpanel::Config::userdata::Load::load_userdata( $user => $dom ) || {}; } return $load_userdata_cache{$user}{$dom}; } =head2 _get_ssl_redirect() Given a cPanel username and an arrayref of domains that the cpanel user owns, return 1 if any of the domains has force ssl redirect enabled. Otherwise, return undef =over =item user A valid cPanel username =item domains An arrayref of domain names =back =head3 RETURNS 1 or undef =cut sub _get_ssl_redirect { my ( $user, $domains ) = @_; for my $dom ( @{$domains} ) { my $lu = _get_userdata_for( $user => $dom ); return 1 if $lu->{ssl_redirect}; } return; } =head2 _get_secruleengineoff() Returns 1 if mod_security is enabled for the given user. Otherwise, returns undef. =over =item user A valid cPanel username =item domains An arrayref of domains =back =head3 RETURNS 1 or undef =cut sub _get_secruleengineoff { my ( $user, $domains ) = @_; for my $dom ( @{$domains} ) { my $lu = _get_userdata_for( $user => $dom ); return 1 if $lu->{secruleengineoff}; } return; } =head2 _get_redirects() Given an arrayref of domains and an arrayref of hashes describing redirect userdata for a cPanel user, it returns an arrayref of hashes describing the redirects for each domain. =over =item domains An arrayref of domains =item cpanel_redirects An arrayref of hashes describing redirect userdata similar to the following: [ { docroot => '/home/foo/public_html', domain => '.*', kind => 'rewrite', matchwww => 1, opts => 'L', sourceurl => '/uri', targeturl => 'https://domain.tld', type => 'permanent', wildcard => 0, }, ] =back =head3 RETURNS An arrayref of hashes describing the redirects that need to be configured that will appear similar to the following: [ { flag => 'redirect', replacement => 'https://domain.tld/$1', regex => '^\\/uri\\/?(.*)$', }, { flag => 'permanent', replacement => 'https://domain.tld', regex => '^\\/uri$', }, ] =cut sub _get_redirects { my ( $domains, $cpanel_redirects ) = @_; my %domains; @domains{ @{$domains} } = (); my @applicable_redirects; for my $redirect ( @{$cpanel_redirects} ) { next unless exists $domains{ $redirect->{domain} } || $redirect->{domain} eq '.*'; if ( $redirect->{domain} ne '.*' ) { if ( $redirect->{targeturl} =~ m{^(?:[A-Za-z0-9\+_\.\-\:]+)?//(?:www\.)?\Q$redirect->{domain}\E(?:$|/|\?|\#)} ) { warn "Skipping circular redirect for “$redirect->{domain}” to “$redirect->{targeturl}”\n"; next; } } my %res; if ( $redirect->{statuscode} eq "301" ) { $res{flag} = "permanent"; } elsif ( $redirect->{statuscode} eq "302" ) { $res{flag} = "redirect"; } else { warn "Skipping non 301/302 redirect\n"; next; } # sourceurl and targeturl can be anything meaning a user would take down the server (not just their site) if its invalid # or worse they could inject configuration into nginx. We need to ensure nginx sees them as a single string. # Cpanel::UTF8::Utils::quotemeta() make sense for sourceurl since its a regex # 78 does not have Cpanel::UTF8::Utils so we use String::UnicodeUTF8 which it does have. # Escaping is bad for targeturl because the slashes are literal despite it being syntactically correct ¯\_(ツ)_/¯ if ( !Cpanel::Validate::URL::is_valid_url( $redirect->{targeturl} ) ) { warn "Skipping invalid targeturl “$redirect->{targeturl}”\n"; next; } if ( $redirect->{wildcard} ) { $res{regex} = $redirect->{sourceurl}; $res{regex} =~ s{/+$}{}; $res{regex} = '^' . String::UnicodeUTF8::quotemeta_bytes( $res{regex} ) . '\\/?(.*)$'; $res{replacement} = $redirect->{targeturl} . '$1'; } else { $res{regex} = '^' . String::UnicodeUTF8::quotemeta_bytes( $redirect->{sourceurl} ) . '$'; $res{replacement} = $redirect->{targeturl}; } push @applicable_redirects, \%res; } return \@applicable_redirects; } =head2 _get_basic_auth() Returns a hashref containing directory privacy information for the domain whose docroot is being processed. =over =item user A valid cPanel username =item docroot The docroot for the domain that is being processed =item cpanel_password_protected_directories A hashref of directory privacy userdata similar to the following: { '/public_html' => { '_htaccess_mtime' => 1234, 'realm_name' => 'docroot', }, '/public_html/dir' => { '_htaccess_mtime' => 5678, 'realm_name' => 'dir', }, } =back =head3 RETURNS A hashref of directory privacy information similar to the following: { realm_name => 'docroot', auth_file => '/home/foo/.htpasswds/public_html/passwd', _htaccess_mtime => 1234, locations => { '/sub' => { 'auth_file' => '/home/foo/.htpasswds/public_html/sub/passwd', 'realm_name' => 'sub', }, }, } =cut sub _get_basic_auth { my ( $user, $docroot, $cpanel_password_protected_directories ) = @_; my $docroot_rel = $docroot; my $homedir = _get_homedir($user); $docroot_rel =~ s{\Q$homedir\E}{}; my $basic_auth = $cpanel_password_protected_directories->{$docroot_rel}; my $auth_file_from; if ( !$basic_auth ) { my $docroot_rel_copy = $docroot_rel; while ($docroot_rel_copy) { $docroot_rel_copy =~ s{/[^/]+$}{}; if ( exists $cpanel_password_protected_directories->{$docroot_rel_copy} ) { $basic_auth = $cpanel_password_protected_directories->{$docroot_rel_copy}; $auth_file_from = $docroot_rel_copy; last; } } } $basic_auth ||= $cpanel_password_protected_directories->{""} || undef; if ($basic_auth) { $basic_auth->{auth_file} = $auth_file_from ? "$homedir/.htpasswds$auth_file_from/passwd" : $cpanel_password_protected_directories->{$docroot_rel} ? "$homedir/.htpasswds$docroot_rel/passwd" : "$homedir/.htpasswds/passwd"; } $basic_auth->{locations} = {}; for my $dir ( keys %{$cpanel_password_protected_directories} ) { my $abs = "$homedir$dir"; if ( $abs =~ m{^\Q$docroot\E(/.+)$} ) { my $loc = $1; $basic_auth->{locations}{$loc} = { auth_file => "$homedir/.htpasswds$docroot_rel$loc/passwd", realm_name => $cpanel_password_protected_directories->{$dir}{realm_name}, }; } } return $basic_auth; } my $wordpress_lu; sub _get_wp_uapi { my ($user) = @_; my $uapi = Cpanel::SafeRun::Object->new( program => "/usr/bin/uapi", args => [ "--output=json", "--user=$user", "WordPressInstanceManager", "get_instances" ], ); warn "Could not determine managed wordpress instances for $user\n" if $uapi->CHILD_ERROR(); return eval { Cpanel::JSON::Load( $uapi->stdout() ) } || {}; } my $wp_toolkit_list; sub _get_wp_toolkit_list { print "Gathering wordpress data...\n"; my $run = Cpanel::SafeRun::Object->new( program => $wp_toolkit_bin, args => [ '--list', '-format', 'json' ], ); warn 'Could not determine managed wordpress instances via wordpress toolkit' if $run->CHILD_ERROR(); print "...done gathering wordpress data\n"; return eval { Cpanel::JSON::Load( $run->stdout() ) } || []; } sub _get_wp_toolkit_list_for_user { my ( $user, $docroot, $res ) = @_; $wp_toolkit_list ||= _get_wp_toolkit_list(); my ( @list, %non_docroot_uris ); foreach my $wordpress_instance (@$wp_toolkit_list) { if ( $wordpress_instance->{fullPath} =~ m{/\Q$user\E/} ) { if ( $wordpress_instance->{fullPath} eq $docroot ) { $res->{docroot_install} = 1; next; } my $uri_from_path = $wordpress_instance->{fullPath}; $uri_from_path =~ s{^\Q$docroot\E/}{}; my $uri_from_siteurl = $wordpress_instance->{siteUrl}; $uri_from_siteurl =~ s{^https?://[^/]+/}{}; if ( $uri_from_path eq $uri_from_siteurl ) { $non_docroot_uris{$uri_from_path} = 1; next; } } push @list, $wordpress_instance; } # Do it this way in case there are duplicate entries in $wp_toolkit_list @{ $res->{non_docroot_uris} } = keys %non_docroot_uris; # Remove the entries in $res from the list since they will only match 1 time $wp_toolkit_list = \@list; return $res; } =head2 _get_wordpress_info() Given a user and a docroot, it gathers information the locations of wordpress installs relative to the document root and returns a hashref with this info. =over =item user A cPanel username =item docroot The path to the user's docroot =back =head3 RETURNS A hashref that appears similar to the following: { docroot_install => 1, non_docroot_uris => [ 'foo', 'bar', ], } =cut our %wordpress_info; sub _get_wordpress_info { my ( $user, $docroot ) = @_; return $wordpress_info{$docroot} if exists $wordpress_info{$docroot}; my $docroot_underscore = $docroot; $docroot_underscore =~ s{/}{_}g; my $cache_file = "$wordpress_cache_dir/${user}_${docroot_underscore}_wordpress_info.json"; # Returns undef if the cache_file fails to load or does not contain the required keys $wordpress_info{$docroot} = _get_wordpress_info_from_cache($cache_file) if _is_wordpress_info_cache_valid($cache_file); return $wordpress_info{$docroot} if exists $wordpress_info{$docroot}; my $res = { docroot_install => 0, non_docroot_uris => [], }; if ( -e $wp_toolkit_bin ) { $wordpress_info{$docroot} = _get_wp_toolkit_list_for_user( $user, $docroot, $res ); } elsif ( -e '/usr/local/cpanel/Cpanel/API/WordPressInstanceManager.pm' ) { $wordpress_lu->{$user} ||= _get_wp_uapi($user); $wordpress_info{$docroot} = _get_wordpress_info_from_wpmanager( $docroot, $wordpress_lu->{$user}{result}{data}{instances}, $res ); } else { $wordpress_info{$docroot} = $res; } # cache wordpress info _ensure_wordpress_info_cache_directory(); _write_json( $cache_file, $res ); return $wordpress_info{$docroot}; } sub _get_wordpress_info_from_wpmanager { my ( $docroot, $wordpress_instances, $res ) = @_; # paths passed in and from API call do not have trailing slash, if that changes we could normalize them for my $wp_instance (@$wordpress_instances) { if ( length $wp_instance->{rel_path} ) { my $instance_docroot = $wp_instance->{full_path}; $instance_docroot =~ s{/\Q$wp_instance->{rel_path}\E$}{}; if ( $instance_docroot eq $docroot ) { push @{ $res->{non_docroot_uris} }, $wp_instance->{rel_path}; } } else { if ( $wp_instance->{full_path} eq $docroot ) { $res->{docroot_install} = 1; } } } return $res; } sub _ensure_wordpress_info_cache_directory { mkdir $wordpress_cache_dir; return; } =head2 _is_wordpress_info_cache_valid() Returns 1 or 0 depending on if the cache file is valid or not. NOTE: it will always return 0 if the '/var/cpanel/nginx_disable_wordpress_info_cache' touch file is in place. =over =item cache_file The path of the cache file to check =back =cut sub _is_wordpress_info_cache_valid { my ($cache_file) = @_; return 0 if -e $disable_wordpress_info_cache_file; my $now = time(); my $ttl = 18000; # Cache it for 5 days my $mtime = ( stat($cache_file) )[9]; return ( -s $cache_file && $mtime > ( $now - $ttl ) ) ? 1 : 0; } =head2 _get_wordpress_info_from_cache() Loads the given cache file, and returns the data as a hashref. It will warn and return undef if the given cache file is not valid json or if it is missing the required keys. =over =item cache_file The path to the cache file to load =back =cut sub _get_wordpress_info_from_cache { my ($cache_file) = @_; my $res; unless ( eval { $res = Cpanel::JSON::LoadFile($cache_file); 1; } ) { warn "Failed to load cache file: ‘$cache_file’\n"; return; } if ( !exists $res->{docroot_install} || !exists $res->{non_docroot_uris} ) { warn "The cache file ‘$cache_file’ has missing data\n"; return; } return $res; } =head2 _validate_user_arg() Validate that the given username is a valid cPanel user =over =item user A cPanel user to validate =back =head3 RETURNS Returns 1 if the give username is valid. Dies otherwise. =cut sub _validate_user_arg { my ( $app, $user ) = @_; _bail( $app, "The user argument is missing." ) if !$user; my $user_lookup = _get_user_domains(); _bail( $app, "The given user is not a cPanel user.\n" ) if !$user_lookup->{$user}; return 1; } sub _get_cmd { return $cmds; } =head2 _bail() Handles unclean script exits. For example, if an invalid username is given. =cut sub _bail { my ( $app, $msg ) = @_; chomp($msg); die "$msg\n" if $ENV{ __PACKAGE__ . "::bail_die" }; # for API calls, otherwise: warn "$msg\n"; $app->help(); exit(1); # there is no return()ing from this lol } sub _delete_glob { my ($glob) = @_; for my $item ( File::Glob::csh_glob($glob) ) { # File::Path::Tiny::rm does not delete files if ( -l $item || -f _ ) { unlink($item); } elsif ( -d $item ) { File::Path::Tiny::rm($item); } } return; } =head2 _get_cpconf_hr() Returns a hashref containing the cPanel settings from '/var/cpanel/cpanel.config'. The result of this sub is cached and the cached result will be returned after the first call. =cut our $cpconf_hr; sub _get_cpconf_hr { $cpconf_hr ||= Cpanel::Config::LoadCpConf::loadcpconf(); return $cpconf_hr; } =head2 _get_nginx_bin() Returns the path to the nginx binary. Dies if the nginx does not exist or is not executable. =cut sub _get_nginx_bin { my $nginx_bin = '/usr/sbin/nginx'; # This executable is provided by the ea-nginx RPM so this should never happen die "Could not find an executable nginx binary\n" unless -x $nginx_bin; return $nginx_bin; } =head2 _attempt_to_fix_syntax_errors() Parses the given output for known nginx configuration syntax errors such as duplicate keys and attempts to fix them. Returns 0 or 1 depending on if it resolved an issue or not. =over =item combined_output A multiline string to parse =back =head3 RETURNS Returns 1 if it resolved an issue. Returns 0 otherwise. =cut sub _attempt_to_fix_syntax_errors { my ($combined_output) = @_; die "_attempt_to_fix_syntax_errors: ‘combined_output’ arg is required\n" unless defined $combined_output; my $resolved_issue = 0; my @output_lines = split /\n/, $combined_output; foreach my $output_line (@output_lines) { # For example: # nginx: [emerg] "client_max_body_size" directive is duplicate in /etc/nginx/conf.d/ea-nginx.conf:19 # use non greedy modifier here to ensure we do not match more than we intend to if ( $output_line =~ m{^nginx: \[emerg\] "(.*?)" directive is duplicate in (.*?):([0-9]+)$} ) { my $key = $1; my $file_path = $2; my $line_num = $3; die "‘$file_path’ reported an error on line $line_num. However, ‘$file_path’ does not exist on the system\n" unless -s $file_path; my $file = Path::Tiny::path($file_path); my @file_lines = $file->lines(); chomp(@file_lines); $line_num--; # avoid off by 1 error (line 42 in the file is item 41 in the array) # For example: # nginx_key value_for_key; if ( $file_lines[$line_num] =~ m{^\s*\Q$key\E.*;$} ) { $resolved_issue = 1; $file_lines[$line_num] = '# ' . $file_lines[$line_num]; $line_num++; print "Line $line_num in the file ‘$file_path’ was commented out since another entry exists for the key: $key\n"; } $file->spew( join( "\n", @file_lines ) ); last; # nginx -t only reveals the first issue it encounters } elsif ( $output_line =~ m{^nginx: \[emerg\].*?in (/etc/nginx/conf.d/users/[a-z0-9]{1,16}\.conf):([0-9]+)$} ) { my $file_path = $1; my $line_num = $2; die "‘$file_path’ reported an error on line $line_num. However, ‘$file_path’ does not exist on the system\n" unless -s $file_path; unlink $file_path; die "Unable to remove $file_path\n" if -f $file_path; $resolved_issue = 1; print "‘$file_path’ was removed due to a configuration issue: $output_line\n"; last; # nginx -t only reveals the first issue it encounters } } return $resolved_issue; } =head2 _get_num_total_domains() Returns an integer representing the total number of domains hosted on the system. =cut sub _get_num_total_domains { return unless ( eval { require Cpanel::Config::LoadUserDomains::Count; 1; } ); return Cpanel::Config::LoadUserDomains::Count::countuserdomains(); } =head2 _get_user_domains() This is a wrapper around 'Cpanel::Config::LoadUserDomains::loaduserdomains'. See the POD for loaduserdomains for details. The result of this sub is cached and the cached result will be returned after the first call. =head3 RETURNS This function returns a hash ref with a key/value mapping of users to domains. =cut my $user_domains; sub _get_user_domains { $user_domains //= Cpanel::Config::LoadUserDomains::loaduserdomains( undef, 0, 1 ); return $user_domains; } =head2 _rebuild_and_restart_apache() Rebuild the apache configuration and restart the service =cut sub _rebuild_and_restart_apache { my $run = Cpanel::SafeRun::Object->new( program => '/usr/local/cpanel/scripts/rebuildhttpdconf', args => [], ); if ( $run->CHILD_ERROR() ) { my $out = $run->stdout() . $run->stderr(); warn "Failed to rebuild apache configuration: $out\n"; } Cpanel::HttpUtils::ApRestart::BgSafe::restart(); return; } =head2 _update_user_configs_in_parallel_mode() Build the configuration for all users asynchronously. =over =item global_config_data A hashref containing data that should be treated as read only that all users can use to build their configs with. =back =head3 RETURNS A hashref of users that had errors during the configuration process that should be similar to the following: { user1 => 'error message', user2 => 'another error message', } OR undef if all of the users were configured successfully. =cut sub _update_user_configs_in_parallel_mode { my ($global_config_data) = @_; my $user_lookup = _get_user_domains(); my %errors = mce_loop { my ( $mce, $chunk_ref ) = @_; my $err_href = _process_users( $chunk_ref, $global_config_data ); MCE->gather( $_, $err_href->{$_} ) for ( keys %$err_href ); } keys %$user_lookup; return \%errors; } =head2 _update_user_configs_in_serial_mode() Build the configuration for all users synchronously. =over =item global_config_data A hashref containing data that should be treated as read only that all users can use to build their configs with. =back =head3 RETURNS A hashref of users that had errors during the configuration process that should be similar to the following: { user1 => 'error message', user2 => 'another error message', } OR undef if all of the users were configured successfully. =cut sub _update_user_configs_in_serial_mode { my ($global_config_data) = @_; print "Serial mode detected. User configuration will take longer …\n"; my $user_lookup = _get_user_domains(); my @users = sort keys %$user_lookup; my $errors = _process_users( \@users, $global_config_data ); return $errors; } =head2 _process_users() Accepts an arrayref of users and writes the configuration for each user. =over =item users A arrayref of users to process =item global_config_data A hashref containing data that should be treated as read only that all users can use to build their configs with. =back =head3 RETURNS A hashref of users to error messages for any user that configuration fails for. =cut sub _process_users { my ( $users, $global_config_data ) = @_; my %errors; foreach my $usr (@$users) { eval { _write_user_conf( $usr, $global_config_data ); }; $errors{$usr} = $@ if $@; } return \%errors; } =head2 _update_for_custom_configs() Should only be called by run(). The idea here is to allow clients to place a file in the $custom_settings_dir prior to installing the ea-nginx RPM. Then, this script will pick up the file and place it in the proper location on first run. After which, these subs should become no-ops unless another overwrite file is place in the $custom_settings_dir. Currently, the following two files are supported: settings.json cache.json To add a new file, create a sub to handle moving said file to its proper location, then call the sub from _update_for_custom_configs() =cut sub _update_for_custom_configs { _update_nginx_settings_config_file(); _update_nginx_cache_config_file(); return; } =head2 _update_nginx_settings_config_file() This reads in a settings.json file from the $custom_settings_dir and moves it to '/etc/nginx/ea-nginx/settings.json'. NOTE: the following keys are not honored since they are server specific: apache_port apache_port_ip apache_ssl_port apache_ssl_port_ip =cut sub _update_nginx_settings_config_file { my $custom_settings_file = "$custom_settings_dir/settings.json"; my $custom_settings_path = path($custom_settings_file); if ( $custom_settings_path->exists ) { # do not allow specifying apache_ ones my $new = Cpanel::JSON::LoadFile($custom_settings_file); my $cur = _get_settings_hr(); $settings_hr = undef; # clear _get_settings_hr() cache since we are changing settings for my $key (qw(apache_port apache_port_ip apache_ssl_port apache_ssl_port_ip)) { $new->{$key} = $cur->{$key}; } _write_json( $custom_settings_file, $new ); # Do not use Path::Tiny until 110 or greater only is supported # See CPANEL-41646 for details # $custom_settings_path->move($settings_file); Cpanel::FileUtils::Move::safemv( '-fv', $custom_settings_file, $settings_file ); } return; } =head2 _update_nginx_cache_config_file() This reads in a cache.json file from the $custom_settings_dir and moves it to '/etc/nginx/ea-nginx/cache.json'. =cut sub _update_nginx_cache_config_file { my $custom_cache_file = "$custom_settings_dir/cache.json"; my $custom_cache_path = path($custom_cache_file); # Do not use Path::Tiny until 110 or greater only is supported # See CPANEL-41646 for details # $custom_cache_path->move($cache_file) if $custom_cache_path->exists; Cpanel::FileUtils::Move::safemv( '-fv', $custom_cache_file, $cache_file ) if $custom_cache_path->exists; return; } =head2 _get_global_config_data() Gathers data that should be treated as read only and will be the same for every user when rendering the user's config file. This sub will get called directly in config() so that the data it gathers is cloned to every fork and thus will be the same in every fork when building in parallel mode (MCE::Loop). =head3 RETURNS A hashref containing data that should be considered read only =cut sub _get_global_config_data { my %global_config_data = ( domain_ips => _get_domain_ips(), ipv6 => _has_ipv6(), http2 => _wants_http2(), logging => _get_logging_hr(), e4c => Cpanel::EA4::Conf->instance->as_hr(), cur_settings => _get_settings_hr(), standalone => _is_standalone(), cpconf => _get_cpconf_hr(), ); return \%global_config_data; } =head2 _populate_wordpress_cache( { all => 1 } ) This populates the wordpress cache before the script starts forking so that a potentially expensive call to wp-toolkit will only ever be called a maximum of one time =over =item args A hashref containing the known args as listed below =over =item all => 1 This tells the sub to populate the wordpress cache for all users =item user => $user This tells the sub to only populate the wordpress cache for the given user =back =back =cut sub _populate_wordpress_cache { my ($args) = @_; die "_populate_wordpress_cache: invalid args passed. Either ‘all’ or ‘user’ is required\n" if ( !$args->{all} && !$args->{user} ); return _populate_wordpress_cache_for_all_users() if $args->{all}; return _populate_wordpress_cache_for_user( $args->{user} ) if $args->{user}; return; } sub _populate_wordpress_cache_for_all_users { my $user_lookup = _get_user_domains(); foreach my $user ( sort keys %$user_lookup ) { _populate_wordpress_cache_for_user($user); } return; } sub _populate_wordpress_cache_for_user { my ($user) = @_; my $docroots = _get_docroots_for($user); foreach my $domain ( keys %$docroots ) { _get_wordpress_info( $user, $docroots->{$domain} ); } return; } =head2 _get_docroots_for($user) =over =item user A valid cPanel username =back =head3 RETURNS A hashref where the keys are all the domains owned by the given user and the values represent the docroot for the given domain =cut sub _get_docroots_for { my ($user) = @_; $docroots->{$user} ||= { Cpanel::DomainLookup::DocRoot::getdocroots($user) }; return $docroots->{$user}; } =head2 _get_domain_ips() Maps IPs to the primary domain that they are associated with on the server. This allows us to configure the domain on only one server block and to the server block that the user desires according to metadata / apache. =head3 RETURNS A hashref that maps IPs to domains. =cut sub _get_domain_ips { my $primary_vhosts_obj = Cpanel::HttpUtils::Vhosts::PrimaryReader->new(); my %domain_ips; my $user_lookup = _get_user_domains(); for my $usr ( sort keys %$user_lookup ) { my $domain = Cpanel::Config::userdata::Load::load_userdata_main($usr)->{main_domain}; my $ip = Cpanel::DomainIp::getdomainip($domain); if ( $ip && !exists $domain_ips{$ip} ) { if ( Cpanel::DIp::IsDedicated::isdedicatedip($ip) || $domain eq $primary_vhosts_obj->get_primary_non_ssl_servername($ip) ) { $domain_ips{$ip} = $domain; } } } return \%domain_ips; } =head2 _wants_user_id() Returns whether the server admin wants the user id of the server block that was hit logged or not. Caches the result for subsequent calls. =head3 RETURNS Returns 1 or 0 depending on the existence of the touch file =cut our $wants_user_id; sub _wants_user_id { return $wants_user_id if defined $wants_user_id; $wants_user_id = -e $user_id_file ? 1 : 0; return $wants_user_id; } 1;
Submit
FILE
FOLDER
Name
Size
Permission
Action
cpan_sandbox
---
0755
php_sandbox
---
0755
MirrorSearch_pingtest
2437 bytes
0755
activesync-invite-reply
1734 bytes
0755
add_dns
2418 bytes
0755
adddns
2418 bytes
0755
addpop
6228 bytes
0755
addsystemuser
3345 bytes
0755
adduser
92 bytes
0755
after_apache_make_install
281 bytes
0755
agent360.sh
16414 bytes
0700
apachelimits
4410 bytes
0755
archive_sync_zones
3122 bytes
0755
auto-adjust-mysql-limits
1854 bytes
0755
autorepair
1274 bytes
0755
backup_jobs_helper
8218 bytes
0755
backups_clean_metadata_for_missing_backups
1612 bytes
0755
backups_create_metadata
16126 bytes
0755
backups_list_user_files
4671 bytes
0755
balance_linked_node_quotas
2643 bytes
0755
biglogcheck
1729 bytes
0755
build_bandwidthdb_root_cache_in_background
1561 bytes
0755
build_cpnat
3494 bytes
0755
build_mail_sni
3966 bytes
0755
build_maxemails_config
1169 bytes
0755
builddovecotconf
9869 bytes
0755
buildeximconf
7167 bytes
0755
buildhttpdconf
2664 bytes
0755
buildpureftproot
539 bytes
0755
call_pkgacct
2218 bytes
0755
ccs-check
5031 bytes
0755
check_cpanel_pkgs
11007 bytes
0755
check_domain_tls_service_domains.pl
6841 bytes
0755
check_immutable_files
5621 bytes
0755
check_mail_spamassassin_compiledregexps_body_0
187 bytes
0755
check_maxmem_against_domains_count
3652 bytes
0755
check_mount_procfs
2072 bytes
0755
check_mysql
5697 bytes
0755
check_plugin_pkgs
2512 bytes
0755
check_security_advice_changes
8477 bytes
0755
check_unmonitored_enabled_services
4666 bytes
0755
check_unreliable_resolvers
3672 bytes
0755
check_users_my_cnf
6191 bytes
0755
check_valid_server_hostname
7840 bytes
0755
checkalldomainsmxs
2462 bytes
0755
checkbashshell
1205 bytes
0755
checkccompiler
1253 bytes
0755
checkexim.pl
3172 bytes
0755
checklink
1323 bytes
0755
checkusers
856 bytes
0755
chkpaths
141 bytes
0755
chpass
416 bytes
0755
ckillall
1139 bytes
0755
clean_dead_mailman_locks
2141 bytes
0755
clean_up_temp_wheel_users
2498 bytes
0755
clean_user_php_sessions
4875 bytes
0755
cleandns
13429 bytes
0755
cleandns8
417 bytes
0755
cleanmsglog
735 bytes
0755
cleanphpsessions
932 bytes
0755
cleanphpsessions.php
658 bytes
0644
cleanquotas
1651 bytes
0755
cleansessions
6032 bytes
0755
cleanupinterchange
2706 bytes
0755
cleanupmysqlprivs
773 bytes
0755
clear_cpaddon_ui_caches
1301 bytes
0755
clear_orphaned_virtfs_mounts
3645 bytes
0755
comet_license_registration_sync
1795 bytes
0755
comet_protected_item_maintenance
21192 bytes
0755
comparecdb
1561 bytes
0755
compilers
2932 bytes
0755
compilerscheck
999 bytes
0755
configure_firewall_for_cpanel
520 bytes
0755
configure_rh_firewall_for_cpanel
520 bytes
0755
configure_rh_ipv6_firewall_for_cpanel
520 bytes
0755
convert2dovecot
682 bytes
0755
convert_accesshash_to_token
4171 bytes
0755
convert_and_migrate_from_legacy_backup
2017 bytes
0755
convert_maildir_to_mdbox
1703 bytes
0755
convert_mdbox_to_maildir
1698 bytes
0755
convert_roundcube_mysql2sqlite
26748 bytes
0755
convert_to_dovecot_delivery
4438 bytes
0755
convert_whmxfer_to_sqlite
1499 bytes
0755
copy_user_mail_as_root
1281 bytes
0755
copy_user_mail_as_user
1375 bytes
0755
cpaddonsup
3324 bytes
0755
cpan_config
2870 bytes
0755
cpanel_initial_install
69748 bytes
0755
cpanelsync
28991 bytes
0755
cpanelsync_postprocessor
1657 bytes
0755
cpanpingtest
965 bytes
0755
cpbackup
45861 bytes
0755
cpbackup_transport_file
5781 bytes
0755
cpdig
2136 bytes
0755
cpfetch
1258 bytes
0755
cphulkdblacklist
433 bytes
0755
cphulkdwhitelist
1336 bytes
0755
cpservice
2934 bytes
0755
cpuser_port_authority
19755 bytes
0755
cpuser_service_manager
11113 bytes
0755
create_default_featurelist
11903 bytes
0700
createacct
31175544 bytes
0700
custom_backup_destination.pl.sample
5182 bytes
0755
custom_backup_destination.pl.skeleton
2906 bytes
0755
dcpumon-wrapper
850 bytes
0755
delpop
6350 bytes
0755
detect_env_capabilities
508 bytes
0755
disable_prelink
2841 bytes
0755
disable_sqloptimizer
1524 bytes
0755
disablefileprotect
2241 bytes
0755
distro_changed_hook
1185 bytes
0755
dnscluster
4546 bytes
0755
dnsqueuecron
1316 bytes
0755
dnssec-cluster-keys
3840 bytes
0755
dovecot_maintenance
7842 bytes
0755
dovecot_set_defaults.pl
984 bytes
0755
dumpcdb
866 bytes
0755
dumpinodes
687 bytes
0755
dumpquotas
616 bytes
0755
dumpstor
913 bytes
0755
ea-nginx
94702 bytes
0755
ea-nginx-userdata
9849 bytes
0755
ea4_fresh_install
2699 bytes
0755
edit_cpanelsync_exclude_list
2641 bytes
0755
editquota
3512 bytes
0755
email_archive_maintenance
6300 bytes
0755
email_hold_maintenance
1495 bytes
0755
enable_spf_dkim_globally
9039 bytes
0755
enable_sqloptimizer
1609 bytes
0755
enablefileprotect
2149 bytes
0755
ensure_autoenabled_features
3308088 bytes
0700
ensure_conf_dir_crt_key
4940 bytes
0755
ensure_cpuser_file_ip
2610 bytes
0755
ensure_crontab_permissions
1101 bytes
0755
ensure_dovecot_memory_limits_meet_minimum
3208 bytes
0755
ensure_hostname_resolves
2572 bytes
0755
ensure_includes
601 bytes
0755
ensure_vhost_includes
13851 bytes
0755
exim_tidydb
3036 bytes
0755
eximconfgen
1350 bytes
0755
eximstats_spam_check
867 bytes
0755
expunge_expired_certificates_from_sslstorage
3648 bytes
0755
expunge_expired_pkgacct_sessions
852 bytes
0755
expunge_expired_transfer_sessions
1089 bytes
0755
fastmail
5281 bytes
0755
featuremod
1970 bytes
0755
fetchfile
422 bytes
0755
find_and_fix_rpm_issues
7157 bytes
0755
find_outdated_services
6202 bytes
0755
find_pids_with_inotify_watch_on_path
3745 bytes
0755
fix-cpanel-perl
29112 bytes
0755
fix-listen-on-localhost
3604 bytes
0755
fix-web-vhost-configuration
6296 bytes
0755
fix_addon_permissions
7870 bytes
0755
fix_dns_zone_ttls
1369 bytes
0755
fix_innodb_tables
4149 bytes
0755
fix_reseller_acls
10958 bytes
0755
fixetchosts
4424 bytes
0755
fixheaders
572 bytes
0755
fixmailinglistperms
1008 bytes
0755
fixmailman
2144 bytes
0755
fixnamedviews
1247 bytes
0755
fixndc
413 bytes
0755
fixquotas
18834 bytes
0755
fixrelayd
1784 bytes
0755
fixrndc
16780 bytes
0755
fixtar
503 bytes
0755
fixtlsversions
4816 bytes
0755
fixvaliases
2047 bytes
0755
fixwebalizer
966 bytes
0755
forcelocaldomain
895 bytes
0755
ftpfetch
2251 bytes
0755
ftpquotacheck
8511 bytes
0755
ftpsfetch
2416 bytes
0755
ftpupdate
261 bytes
0755
gather_update_log_stats
4354 bytes
0700
gather_update_logs_setupcrontab
5582 bytes
0700
gemwrapper
1783 bytes
0755
gencrt
6410 bytes
0755
generate_account_suspension_include
5840 bytes
0755
generate_google_drive_credentials
1135 bytes
0755
generate_google_drive_oauth_uri
984 bytes
0755
generate_maildirsize
14272 bytes
0755
gensysinfo
1185 bytes
0755
get_locale_from_legacy_name_info
2041 bytes
0755
getremotecpmove
12978 bytes
0755
grpck
1218 bytes
0755
hackcheck
3092 bytes
0755
hook
1487 bytes
0755
httpspamdetect
2724 bytes
0755
hulk-unban-ip
4268008 bytes
0700
import_exim_data
8593 bytes
0755
increase_filesystem_limits
891 bytes
0755
initacls
5107 bytes
0755
initfpsuexec
444 bytes
0755
initialize_360monitoring
2824 bytes
0700
initquotas
19811 bytes
0755
initsuexec
4123 bytes
0755
install_cpanel_analytics
1973 bytes
0755
install_dovecot_fts
1605 bytes
0755
install_plugin
2869 bytes
0755
install_tuxcare_els_php
1889 bytes
0755
installpkg
575 bytes
0755
installpostgres
6715 bytes
0755
installsqlite3
1866 bytes
0755
ipcheck
4020 bytes
0755
ipusage
7624 bytes
0755
is_update_available
3343 bytes
0755
isdedicatedip
602 bytes
0755
jetbackup-check
3776 bytes
0755
killdns
422 bytes
0755
killdns-dnsadmin
1180 bytes
0755
killmysqluserprivs
433 bytes
0755
killmysqlwildcard
1180 bytes
0755
killpvhost
853 bytes
0755
killspamkeys
937 bytes
0755
link_3rdparty_binaries
1271 bytes
0755
linksubemailtomainacct
3248 bytes
0755
listcheck
538 bytes
0755
listsubdomains
1074 bytes
0755
litespeed-check
3952 bytes
0755
locale_export
5331 bytes
0755
locale_import
4453 bytes
0755
locale_info
4086 bytes
0755
log_retention
21793 bytes
0755
logo.dat
205 bytes
0644
magicloader
1985 bytes
0755
maildir_converter
6222 bytes
0755
mailperm
16923 bytes
0755
mailscannerupdate
2478 bytes
0755
mainipcheck
10236 bytes
0755
maintenance
53586 bytes
0755
make_config
407 bytes
0644
make_hostname_unowned
1189 bytes
0755
manage_extra_marketing
13068 bytes
0700
manage_greylisting
16577 bytes
0755
manage_mysql_profiles
16727 bytes
0755
migrate_ccs_to_cpdavd
48186 bytes
0755
migrate_local_ini_to_php_ini
7587 bytes
0755
migrate_whmtheme_file_to_userdata
3025 bytes
0755
mkwwwacctconf
2385 bytes
0755
modify_accounts
4169 bytes
0755
modify_featurelist
11597 bytes
0700
modify_packages
3726 bytes
0755
modsec_vendor
16008 bytes
0755
mysqlconnectioncheck
6877 bytes
0755
mysqlpasswd
4235 bytes
0755
named.ca
1603 bytes
0644
named.rfc1912.zones
774 bytes
0644
notify_expiring_certificates
9592 bytes
0755
notify_expiring_certificates_on_linked_nodes
1361 bytes
0755
oopscheck
1142 bytes
0755
optimize_eximstats
3975 bytes
0755
patch_mail_spamassassin_compiledregexps_body_0
2452 bytes
0755
patchfdsetsize
2784 bytes
0755
pedquota
2310 bytes
0755
perform_sqlite_auto_rebuild_db_maintenance
2031 bytes
0755
perlinstaller
528 bytes
0755
perlmods
1204 bytes
0755
php_fpm_config
9968 bytes
0755
phpini_tidy
687 bytes
0755
pkgacct
90900 bytes
0755
post_snapshot
2144 bytes
0755
post_sync_cleanup
6237 bytes
0755
posteasyapache
226 bytes
0755
postupcp
1295 bytes
0755
precpbackup
1159 bytes
0755
preeasyapache
371 bytes
0755
primary_virtual_host_migration
2502 bytes
0755
process_cpmove
4331 bytes
0755
process_pending_cpanel_php_pear_registration
2793 bytes
0755
proxydomains
9822 bytes
0755
ptycheck
724 bytes
0755
purge_modsec_log
1563 bytes
0755
purge_old_config_caches
2125 bytes
0755
pwck
708 bytes
0755
quickdnslookup
1159 bytes
0755
quickwhoisips
2348 bytes
0755
quota_auto_fix
1440 bytes
0755
quotacheck
22900 bytes
0755
rawchpass
460 bytes
0755
rdate
4913 bytes
0755
realadduser
5743 bytes
0755
realchpass
3336 bytes
0755
realperlinstaller
5805 bytes
0755
realrawchpass
425 bytes
0755
rebuild_available_addons_packages_cache
1301 bytes
0755
rebuild_available_rpm_addons_cache
1301 bytes
0755
rebuild_bandwidthdb_root_cache
1487 bytes
0755
rebuild_dbmap
5937 bytes
0755
rebuild_provider_openid_connect_links_db
1039 bytes
0755
rebuild_whm_chrome
2277 bytes
0755
rebuilddnsconfig
26110 bytes
0755
rebuildhttpdconf
2664 bytes
0755
rebuildinstalledssldb
2917 bytes
0755
rebuildippool
509 bytes
0755
rebuilduserssldb
948 bytes
0755
refresh-dkim-validity-cache
6110 bytes
0755
regenerate_tokens
2228 bytes
0755
remote_log_transfer
11875 bytes
0755
remove_dovecot_index_files
6028 bytes
0755
removeacct
28670008 bytes
0700
rescan_user_dovecot_fts
3048 bytes
0755
reset_mail_quotas_to_sane_values
6982 bytes
0755
resetmailmanurls
2077 bytes
0755
resetquotas
4723 bytes
0755
restartsrv
3266 bytes
0755
restartsrv_apache
422 bytes
0755
restartsrv_apache_php_fpm
11305864 bytes
0755
restartsrv_base
11305864 bytes
0755
restartsrv_bind
11305864 bytes
0755
restartsrv_chkservd
427 bytes
0755
restartsrv_clamd
11305864 bytes
0755
restartsrv_cpanel_php_fpm
11305864 bytes
0755
restartsrv_cpanellogd
11305864 bytes
0755
restartsrv_cpdavd
11305864 bytes
0755
restartsrv_cpgreylistd
11305864 bytes
0755
restartsrv_cphulkd
11305864 bytes
0755
restartsrv_cpipv6
11305864 bytes
0755
restartsrv_cpsrvd
11305864 bytes
0755
restartsrv_crond
11305864 bytes
0755
restartsrv_dnsadmin
11305864 bytes
0755
restartsrv_dovecot
11305864 bytes
0755
restartsrv_exim
11305864 bytes
0755
restartsrv_eximstats
504 bytes
0755
restartsrv_ftpd
426 bytes
0755
restartsrv_ftpserver
911 bytes
0755
restartsrv_httpd
11305864 bytes
0755
restartsrv_imap
437 bytes
0755
restartsrv_inetd
2525 bytes
0755
restartsrv_ipaliases
11305864 bytes
0755
restartsrv_lmtp
437 bytes
0755
restartsrv_mailman
11305864 bytes
0755
restartsrv_mysql
11305864 bytes
0755
restartsrv_named
579 bytes
0755
restartsrv_nginx
11305864 bytes
0755
restartsrv_nscd
11305864 bytes
0755
restartsrv_p0f
11305864 bytes
0755
restartsrv_pdns
11305864 bytes
0755
restartsrv_pop3
437 bytes
0755
restartsrv_postgres
427 bytes
0755
restartsrv_postgresql
11305864 bytes
0755
restartsrv_powerdns
442 bytes
0755
restartsrv_proftpd
11305864 bytes
0755
restartsrv_pureftpd
11305864 bytes
0755
restartsrv_queueprocd
11305864 bytes
0755
restartsrv_rsyslog
11305864 bytes
0755
restartsrv_rsyslogd
437 bytes
0755
restartsrv_spamd
11305864 bytes
0755
restartsrv_sshd
11305864 bytes
0755
restartsrv_syslogd
2458 bytes
0755
restartsrv_tailwatchd
11305864 bytes
0755
restartsrv_unknown
11305864 bytes
0755
restartsrv_xinetd
422 bytes
0755
restorecpuserfromcache
2008 bytes
0755
restorepkg
49643984 bytes
0700
rfc1912_zones.tar
10240 bytes
0644
rpmup
5191 bytes
0755
rsync-user-homedir.pl
5903 bytes
0755
run_if_exists
512 bytes
0755
run_plugin_lifecycle
3910 bytes
0700
runstatsonce
440 bytes
0755
runweblogs
1045 bytes
0755
sa-update_wrapper
3418 bytes
0755
safetybits.pl
844 bytes
0755
secureit
4834 bytes
0755
securemysql
4501 bytes
0755
securerailsapps
3661 bytes
0755
securetmp
17162 bytes
0755
sendicq
474 bytes
0755
servicedomains
9822 bytes
0755
set_mailman_archive_perms
1796 bytes
0755
setpostgresconfig
6181 bytes
0755
setup_greylist_db
16577 bytes
0755
setup_modsec_db
1335 bytes
0755
setup_systemd_timer_for_plugins
4015 bytes
0700
setupftpserver
10726 bytes
0755
setupmailserver
9618 bytes
0755
setupnameserver
12898 bytes
0755
shrink_modsec_ip_database
13285 bytes
0755
simpleps
3124 bytes
0755
slurp_exim_mainlog
5914 bytes
0755
smartcheck
15491 bytes
0755
smtpmailgidonly
8346 bytes
0755
snapshot_prep
6017 bytes
0755
spamassassin_dbm_cleaner
5993 bytes
0755
spamassassindisable
3830 bytes
0755
spamboxdisable
2324 bytes
0755
sshcontrol
14722 bytes
0755
ssl_crt_status
3928 bytes
0755
suspendacct
18516 bytes
0755
suspendmysqlusers
4890 bytes
0755
swapip
3914 bytes
0755
sync-mysql-users-from-grants
1225 bytes
0755
sync_child_accounts
1813 bytes
0755
sync_contact_emails_to_cpanel_users_files
1163 bytes
0755
synccpaddonswithsqlhost
6753 bytes
0755
synctransfers
1971 bytes
0755
syslog_check
1391 bytes
0755
sysup
645 bytes
0755
test_sa_compiled
1093 bytes
0755
transfer_account_as_user
2398 bytes
0755
transfer_accounts_as_root
4870 bytes
0755
transfer_in_progress
3156 bytes
0755
transfer_in_progress.pod
312 bytes
0644
transfermysqlusers
10565304 bytes
0700
try-later
8140 bytes
0755
unblockip
667 bytes
0755
uninstall_cpanel_analytics
1230 bytes
0755
uninstall_dovecot_fts
562 bytes
0755
uninstall_plugin
2907 bytes
0755
unlink_service_account
2682 bytes
0755
unpkgacct
4713 bytes
0755
unslavenamedconf
863 bytes
0755
unsuspendacct
18387 bytes
0755
unsuspendmysqlusers
7266 bytes
0755
upcp
34714 bytes
0755
upcp-running
2768 bytes
0755
upcp.static
778390 bytes
0755
update-packages
5191 bytes
0755
update_apachectl
480 bytes
0755
update_db_cache
430 bytes
0755
update_dkim_keys
1485 bytes
0755
update_exim_rejects
1242 bytes
0755
update_existing_mail_quotas_for_account
4891 bytes
0755
update_feature_flags
957 bytes
0755
update_freebusy_data
5376 bytes
0755
update_known_proxy_ips
1002 bytes
0755
update_local_rpm_versions
4669 bytes
0755
update_mailman_cache
8545 bytes
0755
update_mysql_systemd_config
1094 bytes
0755
update_neighbor_netblocks
487 bytes
0755
update_sa_config
2196 bytes
0755
update_spamassassin_config
10988 bytes
0755
update_users_jail
691 bytes
0755
update_users_vhosts
801 bytes
0755
updatedomainips
605 bytes
0755
updatenameserverips
1696 bytes
0755
updatenow
5302 bytes
0755
updatenow.static
2119454 bytes
0755
updatesigningkey
1996 bytes
0755
updatessldomains
1856 bytes
0755
updatesupportauthorizations
2552 bytes
0755
updateuserdatacache
2529 bytes
0755
updateuserdomains
774 bytes
0755
upgrade_bandwidth_dbs
2272 bytes
0755
upgrade_subaccount_databases
2797 bytes
0755
userdata_wildcard_cleanup
5877 bytes
0755
userdirctl
5134 bytes
0755
validate_sshkey_passphrase
1244 bytes
0755
verify_api_spec_files
757 bytes
0755
verify_pidfile
2008 bytes
0755
verify_vhost_includes
7517 bytes
0755
vps_optimizer
8007 bytes
0755
vzzo-fixer
725 bytes
0755
whmlogin
2390 bytes
0755
whoowns
1155 bytes
0755
wwwacct
31175544 bytes
0700
wwwacct2
88 bytes
0755
xfer_rcube_schema_migrate.pl
2460 bytes
0755
xfer_rcube_uid_resolver.pl
1846 bytes
0755
xferpoint
3201 bytes
0755
xfertool
16624 bytes
0755
zoneexists
800 bytes
0755
N4ST4R_ID | Naxtarrr
