Apply Settings to all Virtual Hosts in DirectAdmin

You are here:
< Back

Apply Customization Through Templates

Direct Admin has global templates for OpenLiteSpeed, which can be found in /usr/local/directadmin/data/templates.

# pwd
/usr/local/directadmin/data/templates
# ls -la openlitespeed_*
-rw-r--r-- 1 diradmin diradmin   99 Oct 22 18:25 openlitespeed_context_protected.conf
-rw-r--r-- 1 diradmin diradmin  978 Oct 22 18:25 openlitespeed_ips.conf
-rw-r--r-- 1 diradmin diradmin  398 Oct 22 18:25 openlitespeed_listener.conf
-rw-r--r-- 1 diradmin diradmin 1307 Oct 22 18:25 openlitespeed_redirect_vhost.conf
-rw-r--r-- 1 diradmin diradmin 3131 Oct 22 18:25 openlitespeed_vhost.conf

To customize OpenLiteSpeed settings, you can copy these default templates over to /usr/local/directadmin/data/templates/custom and place any customized templates in /usr/local/directadmin/data/templates/custom/openlitespeed*. Then, when you rewrite the configuration, customized templates will be used instead of default templates, where applicable.

cd /usr/local/directadmin/custombuild
./build rewrite_confs

If you need a configuration to apply to all virtual hosts, however, we suggest using the pre/post hooks that DirectAdmin supplies for customization. Such hooks include:

CUSTOM1: Appears at the very top of the template, before setting the variables.

CUSTOM2: Appears in the scripthandler{} section.

CUSTOM3: Appears in ALL context{} sections, used for password protected directories.

CUSTOM4: Appears in the phpIniOverride{} section.

CUSTOM5: Appears in the rewrite{} section.

CUSTOM6: Appears in the vhssl{} section.

CUSTOM7: The very last entry.

Example: Rewrite Rules

Say you want to block xmlrpc and wp-trackback files for all virtual hosts. You can use a rewrite rule like the following:

RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC]

To include this rewrite rule into all virtual host configurations, you can use the CUSTOM5 pre-hook, which appears in the rewrite{} section of the /usr/local/directadmin/data/templates/custom/ directory. Create a  /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.5.pre file with above rule in it, then rewrite the configuration:

cd /usr/local/directadmin/custombuild
./build rewrite_confs

After that, the cutomized rule will be inserted to each virtual host rewrite section. For example, /usr/local/directadmin/data/users/$USER/openlitespeed.conf might now contain the following:

rewrite  {
    enable                  1
    autoLoadHtaccess        1
RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC]
  }

Example: Headers

Let’s say you want to enable HSTS. To do so, you will need add headers to all virtual host “/” contexts, using code like the following:

context / {
  location                $DOC_ROOT/
  allowBrowse             1
  extraHeaders            <<<END_extraHeaders
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options nosniff
  END_extraHeaders


  rewrite  {

  }
  addDefaultCharset       off

  phpIniOverride  {

  }
}

Put the following code in /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.7.pre, and rewrite the configuration as shown in the first example. CUSTOM7 appears at the very end. So now the block of code should be inserted into the very last entries of all virtual host configurations.

DirectAdmin’s OpenLiteSpeed Templates

For reference, here is a list of the default DirectAdmin OpenLiteSpeed templates.

openlitespeed_context_protected.conf

authName |AUTH_NAME|
  allowBrowse 1
  realm |PROTECTED_PATH|/
  accessControl {
    allow *
  }

openlitespeed_ips.conf

|CUSTOM1|
|?DOCROOT=HOME/domains/sharedip|
|*if STATUS="server"|
|?DOCROOT=/var/www/html|
|*endif|
|?SSLPROTOCOL=30|
|CUSTOM2|
virtualHost |IP| {
  |CUSTOM3|
  listeners            |LISTENER_80|, |LISTENER_443|
  user                    |USER|
  group                   |USER|
  vhRoot                  |HOME|
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
  docRoot                   |DOCROOT|
  vhDomain                  |IP|
  adminEmails               root@localhost
  enableGzip                1
  enableIpGeo               1

  rewrite  {
    enable                  1
    autoLoadHtaccess        1
    RewriteFile .htaccess
        |CUSTOM4|
  }

  |CUSTOM5|
  vhssl  {
    keyFile                 |KEY|
    certFile                |CERT|
    certChain               1
    sslProtocol             |SSLPROTOCOL|
  }

  # include aliases
  include /usr/local/lsws/conf/httpd-alias.conf
  
  |CUSTOM6|
}

openlitespeed_listener.conf

|CUSTOM1|
|?SSLPROTOCOL=30|
|CUSTOM2|

listener |LISTENER_80| {
 |CUSTOM3|
 address                 |IP|:80
 secure                  0
 |CUSTOM4|
}

listener |LISTENER_443| {
 |CUSTOM5|
 address                 |IP|:443
 secure                  1
 keyFile                 |KEY|
 certFile                |CERT|
 certChain               1
 sslProtocol             |SSLPROTOCOL|
 |CUSTOM6|
}

openlitespeed_redirect_vhost.conf

|CUSTOM1|
|?WWW_PREFIX=www.|
|*if WWW_REDIRECT="no"|
|?WWW_PREFIX=|
|*endif|

|?VH_PORT=PORT_80|
|?VHROOT=HOME|
|?DOCROOT=HOME/domains/DOMAIN/public_html|

|?SSLPROTOCOL=30|
|CUSTOM2|

virtualHost |POINTER|-|VH_PORT| {
  |CUSTOM3|
  user                    |USER|
  group                   |GROUP|
  vhRoot                  |VHROOT|
  setUIDMode              2
  listeners |LISTENERS|

  docRoot                   |DOCROOT|
  vhDomain                  |POINTER|
  vhAliases                 www.|POINTER|
  
  rewrite  {
    enable                  1
    RewriteRule (.*)$ http://|WWW_PREFIX||DOMAIN|/$1 [R=301,L]
  }
  |CUSTOM4|
}

|*if HAVE_SSL="1"|
|?VH_PORT=PORT_443|
virtualHost |POINTER|-|VH_PORT| {
  |CUSTOM5|
  user                    |USER|
  group                   |GROUP|
  vhRoot                  |VHROOT|
  setUIDMode              2
  listeners |SSL_LISTENERS|

  docRoot                   |DOCROOT|
  vhDomain                  |POINTER|
  vhAliases                 www.|POINTER|
  
  rewrite  {
    enable                  1
    RewriteRule (.*)$ https://|WWW_PREFIX||DOMAIN|/$1 [R=301,L]
  }

  vhssl  {
    keyFile                 |KEY|
    certFile                |CERT|
    certChain               1
    sslProtocol             |SSLPROTOCOL|
  }
  |CUSTOM6|
}
|*endif|

openlitespeed_vhost.conf

CUSTOM1|

|?PUBLIC_HTML=public_html|
|?VH_PORT=PORT_80|
|*if SSL_TEMPLATE="1"|
|?PUBLIC_HTML=private_html|
|?VH_PORT=PORT_443|
|*endif|

|?DOCROOT=HOME/domains/DOMAIN/PUBLIC_HTML|
|?PUB_DOCROOT=HOME/domains/DOMAIN/public_html|
|?SDOMAIN=DOMAIN|
|?LOG_NAME=DOMAIN|

|*if SUB|
|?DOCROOT=DOCROOT/SUB|
|?SDOMAIN=SUB.DOMAIN|
|?LOG_NAME=DOMAIN.SUB|
|*endif|

|?REALDOCROOT=DOCROOT|

|?VHROOT=HOME|

|?SCRIPTHANDLER=lsphpPHP1_RELEASE|

|?SSLPROTOCOL=30|

|?OBDP1=|
|*if PHP1_RELEASE!="0"|
|?OBDP1=:/usr/local/phpPHP1_RELEASE/lib/php/|
|*endif|
|?OBDP2=|
|?OPEN_BASEDIR_PATH=HOME/:/tmp:/var/tmp:/opt/alt/phpPHP1_RELEASE/usr/share/pear/:/dev/urandom:/usr/local/lib/php/OBDP1OBDP2|

|?PHP_MAIL_LOG=|
|?CLI_PHP_MAIL_LOG=|
|*if PHP_MAIL_LOG_ENABLED="1"|
|?PHP_MAIL_LOG=-d mail.log="HOME/.php/php-mail.log"|
|?CLI_PHP_MAIL_LOG=php_admin_value mail.log HOME/.php/php-mail.log|
|*endif|

|?PHP_EMAIL=USER@DOMAIN|

virtualHost |SDOMAIN|-|VH_PORT| {
|CUSTOM|
  user                    |USER|
  group                   |GROUP|
  vhRoot                  |VHROOT|
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
  # listeners  listener1, listener2, listener3
  listeners |LISTENERS|
  
  #VirtualHost config settings
  docRoot                   |DOCROOT|
  vhDomain                  |SDOMAIN|
  vhAliases                 www.|SDOMAIN||SERVER_ALIASES|
  adminEmails               |ADMIN|
  enableGzip                1
  enableIpGeo               1

  errorlog |APACHELOGDIR|/|LOG_NAME|.error.log {
    useServer               0
    logLevel                NOTICE
    rollingSize             0
  }
  accesslog |APACHELOGDIR|/|LOG_NAME|.log {
    useServer               0
        logFormat               %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
    logHeaders              5
    rollingSize             0
  }
  accesslog |APACHELOGDIR|/|LOG_NAME|.bytes {
    useServer               0
    logFormat               %O %I
    rollingSize             0
  }

  scripthandler  {
    |CUSTOM2|
    add                     lsapi:|SCRIPTHANDLER| inc
    add                     lsapi:|SCRIPTHANDLER| php
    add                     lsapi:|SCRIPTHANDLER| phtml
    add                     lsapi:|SCRIPTHANDLER| php|PHP1_RELEASE|
  }

  phpIniOverride  {
    |CUSTOM4|
    php_admin_flag engine |PHP|
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f |PHP_EMAIL|"
  |*if OPEN_BASEDIR_ENABLED="ON"|
    php_admin_value open_basedir "|OPEN_BASEDIR_PATH|"
  |*endif|
    |CLI_PHP_MAIL_LOG|
  |*if HAVE_SAFE_MODE="1"|
    php_admin_flag safe_mode |SAFE_MODE|
  |*endif|
  }

  rewrite  {
    enable                  1
    autoLoadHtaccess        1
    |FORCE_SSL_REDIRECT|
    |OPENLITESPEED_REDIRECTS|
        |CUSTOM5|
  }

|CONTEXTS|
|REALMS|

  |*if SSL_TEMPLATE="1"|
  vhssl  {
    |CUSTOM6|
    keyFile                 |KEY|
    certFile                |CERT|
    certChain               1
    sslProtocol             |SSLPROTOCOL|
  }
  |*endif|

  # include aliases
  include /usr/local/lsws/conf/httpd-alias.conf

  |CUSTOM7|