Handle missing ModSecurity config
This commit is contained in:
root
@@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
A modern web hosting control panel for WordPress and general PHP hosting. Built with Laravel 12, Filament v5, Livewire 4, and Tailwind CSS v4.
|
A modern web hosting control panel for WordPress and general PHP hosting. Built with Laravel 12, Filament v5, Livewire 4, and Tailwind CSS v4.
|
||||||
|
|
||||||
Version: 0.9-rc17 (release candidate)
|
Version: 0.9-rc19 (release candidate)
|
||||||
|
|
||||||
This is a release candidate. Expect rapid iteration and breaking changes until 1.0.
|
This is a release candidate. Expect rapid iteration and breaking changes until 1.0.
|
||||||
|
|
||||||
|
|||||||
@@ -56,7 +56,20 @@ class Waf extends Page implements HasForms
|
|||||||
|
|
||||||
protected function detectWaf(): bool
|
protected function detectWaf(): bool
|
||||||
{
|
{
|
||||||
return file_exists('/etc/nginx/modsec/main.conf') || file_exists('/etc/nginx/modsecurity.conf');
|
$paths = [
|
||||||
|
'/etc/nginx/modsec/main.conf',
|
||||||
|
'/etc/nginx/modsecurity.conf',
|
||||||
|
'/etc/modsecurity/modsecurity.conf',
|
||||||
|
'/etc/modsecurity/modsecurity.conf-recommended',
|
||||||
|
];
|
||||||
|
|
||||||
|
foreach ($paths as $path) {
|
||||||
|
if (file_exists($path)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getForms(): array
|
protected function getForms(): array
|
||||||
@@ -72,7 +85,9 @@ class Waf extends Page implements HasForms
|
|||||||
Section::make(__('WAF Settings'))
|
Section::make(__('WAF Settings'))
|
||||||
->schema([
|
->schema([
|
||||||
Toggle::make('enabled')
|
Toggle::make('enabled')
|
||||||
->label(__('Enable ModSecurity')),
|
->label(__('Enable ModSecurity'))
|
||||||
|
->disabled(fn () => ! $this->wafInstalled)
|
||||||
|
->helperText(fn () => $this->wafInstalled ? null : __('ModSecurity is not installed. Install it to enable WAF.')),
|
||||||
Select::make('paranoia')
|
Select::make('paranoia')
|
||||||
->label(__('Paranoia Level'))
|
->label(__('Paranoia Level'))
|
||||||
->options([
|
->options([
|
||||||
@@ -92,18 +107,33 @@ class Waf extends Page implements HasForms
|
|||||||
public function saveWafSettings(): void
|
public function saveWafSettings(): void
|
||||||
{
|
{
|
||||||
$data = $this->wafForm->getState();
|
$data = $this->wafForm->getState();
|
||||||
Setting::set('waf_enabled', ! empty($data['enabled']) ? '1' : '0');
|
$requestedEnabled = ! empty($data['enabled']);
|
||||||
|
if ($requestedEnabled && ! $this->wafInstalled) {
|
||||||
|
$requestedEnabled = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
Setting::set('waf_enabled', $requestedEnabled ? '1' : '0');
|
||||||
Setting::set('waf_paranoia', (string) ($data['paranoia'] ?? '1'));
|
Setting::set('waf_paranoia', (string) ($data['paranoia'] ?? '1'));
|
||||||
Setting::set('waf_audit_log', ! empty($data['audit_log']) ? '1' : '0');
|
Setting::set('waf_audit_log', ! empty($data['audit_log']) ? '1' : '0');
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$agent = new AgentClient;
|
$agent = new AgentClient;
|
||||||
$agent->wafApplySettings(
|
$agent->wafApplySettings(
|
||||||
! empty($data['enabled']),
|
$requestedEnabled,
|
||||||
(string) ($data['paranoia'] ?? '1'),
|
(string) ($data['paranoia'] ?? '1'),
|
||||||
! empty($data['audit_log'])
|
! empty($data['audit_log'])
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (! $this->wafInstalled && ! empty($data['enabled'])) {
|
||||||
|
Notification::make()
|
||||||
|
->title(__('ModSecurity is not installed'))
|
||||||
|
->body(__('WAF was disabled automatically. Install ModSecurity to enable it.'))
|
||||||
|
->warning()
|
||||||
|
->send();
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
Notification::make()
|
Notification::make()
|
||||||
->title(__('WAF settings applied'))
|
->title(__('WAF settings applied'))
|
||||||
->success()
|
->success()
|
||||||
|
|||||||
@@ -4030,6 +4030,8 @@ function domainCreate(array $params): array
|
|||||||
$uid = $userInfo['uid'];
|
$uid = $userInfo['uid'];
|
||||||
$gid = $userInfo['gid'];
|
$gid = $userInfo['gid'];
|
||||||
|
|
||||||
|
ensureJabaliNginxIncludeFiles();
|
||||||
|
|
||||||
// Create domain directories
|
// Create domain directories
|
||||||
$domainRoot = "{$userHome}/domains/{$domain}";
|
$domainRoot = "{$userHome}/domains/{$domain}";
|
||||||
$publicHtml = "{$domainRoot}/public_html";
|
$publicHtml = "{$domainRoot}/public_html";
|
||||||
|
|||||||
12
install.sh
12
install.sh
@@ -12,7 +12,7 @@
|
|||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Version - will be read from VERSION file after clone, this is fallback
|
# Version - will be read from VERSION file after clone, this is fallback
|
||||||
JABALI_VERSION="0.9-rc17"
|
JABALI_VERSION="0.9-rc19"
|
||||||
|
|
||||||
# Colors
|
# Colors
|
||||||
RED='\033[0;31m'
|
RED='\033[0;31m'
|
||||||
@@ -1001,6 +1001,16 @@ configure_nginx() {
|
|||||||
chmod 600 "$ssl_dir/panel.key"
|
chmod 600 "$ssl_dir/panel.key"
|
||||||
chmod 644 "$ssl_dir/panel.crt"
|
chmod 644 "$ssl_dir/panel.crt"
|
||||||
|
|
||||||
|
# Ensure Jabali Nginx include files exist for WAF/Geo includes
|
||||||
|
local jabali_includes="/etc/nginx/jabali/includes"
|
||||||
|
mkdir -p "$jabali_includes"
|
||||||
|
if [[ ! -f "$jabali_includes/waf.conf" ]]; then
|
||||||
|
echo "# Managed by Jabali" > "$jabali_includes/waf.conf"
|
||||||
|
fi
|
||||||
|
if [[ ! -f "$jabali_includes/geo.conf" ]]; then
|
||||||
|
echo "# Managed by Jabali" > "$jabali_includes/geo.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
# Create Jabali site config with HTTPS and HTTP redirect
|
# Create Jabali site config with HTTPS and HTTP redirect
|
||||||
cat > /etc/nginx/sites-available/${SERVER_HOSTNAME} << NGINX
|
cat > /etc/nginx/sites-available/${SERVER_HOSTNAME} << NGINX
|
||||||
# Redirect HTTP to HTTPS
|
# Redirect HTTP to HTTPS
|
||||||
|
|||||||
Reference in New Issue
Block a user