derick Posted July 30, 2015 Share Posted July 30, 2015 Hi, I'm new to Froxlor (migrating from zpanel) and have some questions about subdomains. 1) How can i create a webmail and cpanel subdomain for every current and future domain? I already got roundcube working. I tried something like this: /etc/apache2/conf.d$ sudo cat httpd-vhosts <VirtualHost *:80> ServerName webmail.* ServerAlias webmail.* DocumentRoot /var/www/roundcube UseCanonicalName Off </VirtualHost> 2) Is there a way to redirect all subdomains that are not defined in froxler to a custom page, and not to the homepage? (Like cpanel)? 3) Is there a best practice for iptables and STMP security? This is my iptables right now, but the mail is not fully working. # Flush iptables iptables -F # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT # Accepts all established inbound connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allows all outbound traffic # You can modify this to only allow certain traffic iptables -A OUTPUT -j ACCEPT # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites) iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT # SMTP,POP and other protocols iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 110 -j ACCEPT iptables -A INPUT -p tcp --dport 465 -j ACCEPT iptables -A INPUT -p tcp --dport 143 -j ACCEPT iptables -A INPUT -p tcp --dport 993 -j ACCEPT iptables -A INPUT -p tcp --dport 587 -j ACCEPT iptables -A INPUT -p tcp --dport 995 -j ACCEPT # Allows SSH connections (only 4 attempts by an IP every 3 minutes, drop the rest) iptables -A INPUT -p tcp -m tcp --dport 2222 -m state --state NEW -m recent --set --name DEFAULT --rsource iptables -A INPUT -p tcp -m tcp --dport 2222 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP iptables -A INPUT -p tcp -m state --state NEW --dport 2222 -j ACCEPT # Allow ping iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # log iptables denied calls iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT service iptables-persistent save Thanks in advance! Link to comment Share on other sites More sharing options...
derick Posted July 30, 2015 Author Share Posted July 30, 2015 OK, Not sure if it is the right way, but i created a simple script for my demands in question 1. Hope that some has some answers to my other questions.. (The script could be better, i just made this in 10 minutes..) #!/bin/bash # Create subdomains for Cpanel, Webmail, PHPMyadmin and non-existing subdomains in Froxlor # Version: 0.9. # # How to: # - Copy this script to a location on your server, for example /root/bin/froxlor-create-subdomains.sh # - Make the file executable: chmod +x /root/bin/froxlor-create-subdomains.sh # - Place the file in the crontab of root: # crontab -e # # Generate subdomains for Froxlor # */1 * * * * /root/bin/froxlor-create-subdomains.sh # - Force run by running the script with force: /root/bin/froxlor-create-subdomains.sh force # Set variables serverip=$(/sbin/ifconfig | /bin/sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') # Create configurations /bin/grep -h ServerName /etc/apache2/sites-enabled/*froxlor* | /bin/sed -e 's/ServerName//g' | /bin/sed -e 's/ //g' | while read -r line ; do restart=0 if [ -f /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf ]; then if [ ! -f /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf ] || [[ -n $1 ]] then restart=1 # Get date currentdate=$(date) # Get variables domainid=$(/bin/grep -h "Domain ID" /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf) serveradmin=$(/bin/grep -h ServerAdmin /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf) phpadminvalue=$(/bin/grep -h php_admin_value /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf) errorlog=$(/bin/grep -h ErrorLog /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf) customlog=$(/bin/grep -h CustomLog /etc/apache2/sites-enabled/*_froxlor_normal_vhost_$line.conf) # Output /bin/echo "Processing $line" # Create configuration /bin/cat <<EOF > /etc/apache2/sites-enabled/21_froxlor_custom_vhost_$line.conf # 21_froxlor_custom_vhost_$line.conf # Created 30.07.2015 14:43 # Created by ${0} # Do NOT manually edit this file, all changes will be deleted after the next crontab run $domainid # Webmail configuation <VirtualHost $serverip:80> ServerName webmail.$line ServerAlias webmail.$line DocumentRoot "/var/www/roundcube" $serveradmin $errorlog $customlog </VirtualHost> # Cpanel configuration <VirtualHost $serverip:80> ServerName cpanel.$line ServerAlias cpanel.$line DocumentRoot "/var/www/froxlor" $serveradmin $errorlog $customlog </VirtualHost> # PHPMyAdmin configuration <VirtualHost $serverip:80> ServerName phpmyadmin.$line ServerAlias phpmyadmin.$line DocumentRoot "/var/www/phpmyadmin" $serveradmin $errorlog $customlog </VirtualHost> # Subdomains that do not exist <VirtualHost $serverip:80> ServerName *.$line ServerAlias *.$line ServerAdmin info@rbytes.nl DocumentRoot "/var/www" $serveradmin $errorlog $customlog </VirtualHost> EOF fi fi if [ $restart == 1 ] then /bin/echo "Reload apache" /etc/init.d/apache2 reload &>/dev/null fi done Link to comment Share on other sites More sharing options...
Question
derick
Hi,
I'm new to Froxlor (migrating from zpanel) and have some questions about subdomains.
1) How can i create a webmail and cpanel subdomain for every current and future domain? I already got roundcube working.
I tried something like this:
2) Is there a way to redirect all subdomains that are not defined in froxler to a custom page, and not to the homepage? (Like cpanel)?
3) Is there a best practice for iptables and STMP security?
This is my iptables right now, but the mail is not fully working.
Thanks in advance!
Link to comment
Share on other sites
1 answer to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.