ISPmanager 5 Business Documentation

/
/
/
Web-server configuration

Web-server configuration

This is documentation for an outdated product. See the current documentation

 

Supported software

Currently, ISPmanager supports the following servers:

  • Nginx 1.1.15 and later
  • Apache 2.2
  • Microsoft IIS.

Differences from the previous versions

  1. Information about the web-domain settings is saved in the ISPmanager internal base. I.e. the changes made to the configuration files manually will be lost when changing parameters from the control panel, if the settings made manually conflict with those configured in the control panel. Those changes will be saved when editing a domain, if possible.
  2. Settings of each web-domain are located in a separate file. The files are located in directories based on the domain owner name.
  3. Access to directories (diraccess) is specified in the web-server configuration file into file containing corresponding web-domain settings (.htaccess was used in the previous version)
  4. PHP can be used through both Apache and Nginx (php-fpm is used). As now you can use php without Apache, using Apache and Nginx may not start the Apache server, if the request can be processed by Nginx.
  5. You can use multiple IP addresses for web-domain.
  6. Activating SSL in the Nginx settings will create a separate "server" section
  7. logrotate is used for rotating logs and errors

Web server settings

The following parameters are used regardles of the type of your web-server

path php-cgi Path to the executable file php-cgi path php_open_basedir The open_basedir value for php that will be used for web-domains. You can use the macros _home_ to add into the path to user home directory WebDefaultAliases List of aliases that will be available to users when ordering a web-domain. You may use the _name_ macros, to add the line into the name of the main domain. BackendBind IP address where the back-end will be set up(the web-server to which the front-end server will send requests). If both Nginx and Apache backend are installed — Apache. WebModules List of web-domains that are used WebUser Username which privileges the web-server uses (you must specify the name, rather than uid) WebGroup Group which privileges the web-server uses (you must specify the name, rather than gid) WebRestartDelay Minimum period of time between server restart ApsExtRepository Path to the xml-file of the external APS Option ApsRepositoryUpdated do not update the list of APS-scrips when starting the panel Option DisableSecurePhpBin do not create the php-bin secure directory (DefaultHomeDir/php-bin/username) for user and hard links for php and php.ini from the user home directory into secure directory (php as CGI or FastCGI (Apache)). php and php.ini will be created in the user's php-bin directory.

List of available encoding for the web-domain from the file etc/charset. Only utf-8 is specified by default.

Example

If you specify

path php_open_basedir none

The following information will be added into VirtualHost

php_admin_value open_basedir "none"

Apache configuration

When starting the panel, Apache modules are queried to define possible settings

cgi_module if it is possible to work with CGI scripts fastcgi_module or fcgid_module if it is possible to use php as fastcgi php5_module if it is possible to work with php as Apache module

If CGI is supported the the file specified in path php-cgi, you will be able to use php as CGI

Following is a list of parameters used for customizing the control panel:

Option ApacheITK is added if Apache ITK is used. AssignUserID is specified instead of the SuexecUserGroup directive path apachectl Path to the program/script that is used for Apach restart. It must process the following parameters: -M (get a list of modules), graceful (soft reboot), restart (hard reboot, which is used when adding/deleting IP addresses) path apache-vhosts Directory where files with web-domain settings will be created path apache.conf Path to the Apache main configuration file, where Listen and NameVirtualHost will be specified ApacheWidePorts For specifying ports in Apache Listen will be added for all IP address of the server. By default: 80 443. This will enable to decrease the number of hard reboots of Apache.

Nginx configuration

When starting the panel, php-fpm is checked. If it is found, php as fastcgi can be used in web-domain settings.

Following is a list of parameters that are used for customizing the control panel:

path nginx-vhosts directory where files with web-domain settings will be cretaed path nginx-vhosts-includes paths to files with additional settings that will be added into "server" for each domain (the Include direcrory is used) path fpm-pool.d name of directory where files with php-fpm settings will be created path fpm-service Name of the php-fpm service. It is used for restart upon new user creation. path nginx-static is used for defining files that Nginx must sent. path nginxctl Is used to restart Nginx when adding new web-domains. It must process the following parameters: reload (re-read the web-domain settings), restart (restart Nginx that is used for adding/deleting IP addresses), stop/start (restart Nginx is used for converting settings in case the web-domain is added/deleted) path nginx-configtest is used for checking contents of the Nginx configuration file. The default value is path nginxctl configtest path nginx is used for restarting the panel to check Nginx performance. It must process the -V parameter correctly ForwardedSecret is used to prevent fake IP addresses

Example

If you set

path nginx-static ~* ^youscript\.ext$

location will be created

location ~* ^youscript\.ext$ {
   try_files $uri $uri/ @fallback;
}

instead of

location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
    try_files $uri $uri/ @fallback;
}

ForwardedSecret

If you redirect requests from Nginx into the panel, we define a reverse address by the X-Forwarded-For HTTP header. Fraudulents will be able to change a reverse address using using that header enabling him to use COOKIE for sending requests as if it is another user. The panel will ignore X-Forwarded-For, if the request does not contain X-Forwarded-Secret with the same value as specified in the configuration file.

Web-server restart

Web-server is restarted in 2 seconds after the last change of settings. If during that time more changes are made, the server will be restarted in 2 seconds. You can also specify the WebRestartDelay parameter that specifies the minimum period between web-server reboot.

If the changes are not applied to the list of IP addresses/ports, soft reboot of the web-server will be made. Otherwise, the whole server will reboot.

Templates of web-server's configuration files

Configuration file templates can be used by server administrator to modify web-server's configuration files for a specific web-domain.

Templates do not modify the settings specified by ISPmanager, but enables to add additional records.

Template files are located in:

  • etc/templates/apache-vhost.template — template of the web-domain's configuration file for Apache
  • etc/templates/nginx-vhost.template — template of the web-domain's configuration file for Nginx

These template files are used for generating the configuration file of a certain web-domain. You may use macros for your convenience — special records that will be changed into corresponding values.

Macros have the following format: *__{PARAMETER_NAME}__*, macros names must be always upper-case

You can use any upper-case parameter of the control panel session (i.e. web-domain creation or edit request session) as a parameter name. You can also use additional parameters.

Example of macros for session parameters:

  • _NAME_ — web-domain's name
  • _OWNER_ — web-domain's owner
  • _ALIASES_ — list of web-domain's aliases
  • _EMAIL_ — web-domain's administrator email
  • _DIRINDEX_ — list of web-domain's index pages
  • _CHARSET_ — web-domain's default page encodings

Additional macros:

  • _HOSTNAME_ — domain name of the server where the control panel is installed
  • _LISTEN_ON_ — list of sequences such as IP-address:port that are used by web-domain

Example

Create the following template to add records into server's location /

server {	
  server_name __NAME__ __ALIASES__;        
  location / {        
  try_files $uri $uri/ /index.php?$args;        
  rewrite /wp-admin$ $scheme://$host$uri/ permanent; 
  }  
}

Be sure to specify *server_name __NAME__ __ALIASES__;* in the template, otherwise ISPmanager cannot define the _server_ to add data to, and add one more _server_ into the end of the file.

Logs rotation

The web-server logs are specified into the httpd-logs directory that is not available to users. In the user home directory the "logs" directory is created where hard links to access and error logs of the user web-domains are created. Besides, the old copies of logs are also saved into the the "logs" directory.

ISPmanager 5 uses logrotate for web-server logs rotation.

path logrotate.d specifies a directory, where logrotate will be saved (separate file for each web-domain)

Log analyzer

In theory, ISPmanager can work with any logs analyzers. The following analyzers are currently supported:

  • awstats
  • webalizer
    path analyzer.d Directory where scripts for log analysis are saved (separate files for each web-domain)

When installing the analyzer, the following section will be specified in the configuration file of the control panel:

Analyzer awstats {
  ConfPath /etc/awstats/awstats.__NAME__.conf
  BinPath /usr/lib/cgi-bin/awstats.pl
  Lang en
  Lang ru
}

ConfPath path where the analyzer settings for a certain web-domain will be saved. BinPath path to the executable file Lang supported languages. The Analyzer section may contain any number of such lines.

When activating the analyzer the corresponding script template from the etc/template directory (the file name matches the analyzer name) is taken. All the macros will be placed there (a complete list of macros can be found when enabling debug for the web module) and is paste into analyzer.d. The configuration will be created as well. From etc/template a corresponding .conf file will be taken. All the macros will be changed, and it will be saved into the file specified in ConfPath (_NAME_ is changed into the web-domain's name).

The script that you will receive will be called from logrotate each time logs rotation is running. If you select a rotation period, the script execution will be added into a cron job.

The following parameters of the control panel's configuration file are also used when configuring web-domains to correctly display statistics:

  • AwstatsEncoding — encoding of the awstats report html-pages
  • WebalizerEncoding — encoding of the webalizer report html-pages

By default these parameters are specified in "utf-8"

Re-configuring web-server (ISPmanager Business)

Sometimes when working the web-server and control you may need to reconfigure the web-server. Configuration files of all the web-domains that were created in the control panel, will be re-created.

Note! Performing this operation will delete all the manual changes made to the configuration file!

Consequently execute the following functions:

webreconfigure.initialize with parameter shutdown=on
webreconfigure.restore

Let's consider the following example using mgrctl :

/usr/local/mgr5/sbin/mgrctl -m ispmgr webreconfigure.initialize shutdown=on

/usr/local/mgr5/sbin/mgrctl -m ispmgr webreconfigure.restore

 

In this article