Global subdomain questions

[derick]

Hi,

 

I'm new to Froxlor (migrating from zpanel) and have some questions about subdomains.

 

1) How can i create a webmail and cpanel subdomain for every current and future domain? I already got roundcube working.

I tried something like this:

/etc/apache2/conf.d$ sudo cat httpd-vhosts 
<VirtualHost *:80>
    ServerName webmail.*
    ServerAlias webmail.*
    DocumentRoot /var/www/roundcube
    UseCanonicalName Off
</VirtualHost>

2) Is there a way to redirect all subdomains that are not defined in froxler to a custom page, and not to the homepage? (Like cpanel)?

 

3) Is there a best practice for iptables and STMP security?

 

This is my iptables right now, but the mail is not fully working.

# Flush iptables
iptables -F

#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

#  Accepts all established inbound connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allows all outbound traffic
#  You can modify this to only allow certain traffic
iptables -A OUTPUT -j ACCEPT

# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT 
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

# SMTP,POP and other protocols
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT 

#  Allows SSH connections (only 4 attempts by an IP every 3 minutes, drop the rest)
iptables -A INPUT -p tcp -m tcp --dport 2222 -m state --state NEW -m recent --set --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp --dport 2222 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP
iptables -A INPUT -p tcp -m state --state NEW --dport 2222 -j ACCEPT

# Allow ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# log iptables denied calls
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

service iptables-persistent save

Thanks in advance!

[derick]

OK, Not sure if it is the right way, but i created a simple script for my demands in question 1. Hope that some has some answers to my other questions..

(The script could be better, i just made this in 10 minutes..)

#!/bin/bash
# Create subdomains for Cpanel, Webmail, PHPMyadmin and non-existing subdomains in Froxlor
# Version: 0.9.
#
# How to:
# - Copy this script to a location on your server, for example /root/bin/froxlor-create-subdomains.sh
# - Make the file executable: chmod +x /root/bin/froxlor-create-subdomains.sh
# - Place the file in the crontab of root:
#   crontab -e
#   # Generate subdomains for Froxlor
#   */1 * * * * /root/bin/froxlor-create-subdomains.sh
# - Force run by running the script with force: /root/bin/froxlor-create-subdomains.sh force


# Set variables
serverip=$(/sbin/ifconfig | /bin/sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')

# Create configurations
/bin/grep -h ServerName /etc/apache2/sites-enabled/*froxlor* | /bin/sed -e 's/ServerName//g' | /bin/sed -e 's/ //g' | while read -r line ; do
    restart=0
    if [ -f /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf ];
    then
        if [ ! -f /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf ] || [[ -n $1 ]]
        then
            restart=1
            # Get date
            currentdate=$(date)
        
            # Get variables
            domainid=$(/bin/grep -h "Domain ID" /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf)
            serveradmin=$(/bin/grep -h ServerAdmin /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf)
            phpadminvalue=$(/bin/grep -h php_admin_value /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf)
            errorlog=$(/bin/grep -h ErrorLog /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf)
            customlog=$(/bin/grep -h CustomLog /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf)
            
            # Output
            /bin/echo "Processing $line"

            # Create configuration
            /bin/cat <<EOF > /etc/apache2/sites-enabled/21_froxlor_custom_vhost_$line.conf
# 21_froxlor_custom_vhost_$line.conf
# Created 30.07.2015 14:43
# Created by ${0}
# Do NOT manually edit this file, all changes will be deleted after the next crontab run

$domainid
# Webmail configuation
<VirtualHost $serverip:80>
  ServerName webmail.$line
  ServerAlias webmail.$line
  DocumentRoot "/var/www/roundcube"
$serveradmin
$errorlog
$customlog
</VirtualHost>

# Cpanel configuration
<VirtualHost $serverip:80>
  ServerName cpanel.$line
  ServerAlias cpanel.$line
  DocumentRoot "/var/www/froxlor"
$serveradmin
$errorlog
$customlog
</VirtualHost>

# PHPMyAdmin configuration
<VirtualHost $serverip:80>
  ServerName phpmyadmin.$line
  ServerAlias phpmyadmin.$line
  DocumentRoot "/var/www/phpmyadmin"
$serveradmin
$errorlog
$customlog
</VirtualHost>

# Subdomains that do not exist
<VirtualHost $serverip:80>
  ServerName *.$line
  ServerAlias *.$line
  ServerAdmin info@rbytes.nl
  DocumentRoot "/var/www"
$serveradmin
$errorlog
$customlog
</VirtualHost>
EOF
        fi
    fi
if [ $restart == 1 ]
then
    /bin/echo "Reload apache"
        /etc/init.d/apache2 reload &>/dev/null
fi
done