hilfe mein git ist komisch

etc/sw-cp-server/conf.d/compression_plesk.inc

@@ -0,0 +1,2 @@
+gzip on;
+gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;

etc/sw-cp-server/conf.d/control_panel_plesk.inc

@@ -0,0 +1,14 @@
+location = /cp/index.php {
+  try_files ne @cproute;
+}
+
+location ^~ /cp {
+  alias /opt/psa/admin/cp/public;
+  try_files $uri @cproute;
+}
+
+location @cproute {
+  include /etc/sw-cp-server/fastcgi_params;
+  fastcgi_pass unix:/var/run/sw-engine.sock;
+  fastcgi_param SCRIPT_FILENAME /opt/psa/admin/cp/public/index.php;
+}

etc/sw-cp-server/conf.d/installer_plesk.inc

@@ -0,0 +1,6 @@
+location /installer {
+	proxy_pass https://127.0.0.1:8447;
+	proxy_set_header X-Real-IP         $remote_addr;
+	proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $original_proto;
+}

etc/sw-cp-server/conf.d/ipv6_ports.inc

@@ -0,0 +1,2 @@
+listen   [::]:8443 ipv6only=on ssl;
+listen   [::]:8880 ipv6only=on;

etc/sw-cp-server/conf.d/maintenance

@@ -0,0 +1 @@
+set $maintenance off;

etc/sw-cp-server/conf.d/phpmyadmin-plesk.inc

@@ -0,0 +1,16 @@
+location /phpMyAdmin {
+	root /usr/local/psa;
+	index index.php;
+
+	location ~* /phpMyAdmin/(libraries|templates|config\.)(.*) {
+		deny all;
+	}
+
+	location ~* /phpMyAdmin/(.*)\.php$ {
+		include /etc/sw-cp-server/fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_pass unix:/var/run/sw-engine.sock;
+	}
+}
+
+rewrite (?i)^/phpMyAdmin(.*) /phpMyAdmin$1 last;

etc/sw-cp-server/conf.d/plesk.conf

@@ -0,0 +1,26 @@
+server_names_hash_bucket_size  64;
+
+map $http_x_requested_with $error_doc_format {
+	default html;
+	XMLHttpRequest json;
+}
+
+map $http_x_forwarded_proto $original_proto {
+	default $http_x_forwarded_proto;
+	""      $scheme;
+}
+
+server {
+		listen 8443 ssl;
+		listen 8880;
+		listen 127.0.0.1:8880 default_server;
+		include conf.d/*ipv6_ports.inc;
+		http2 on;
+
+
+		ssl_certificate /opt/psa/admin/conf/httpsd.pem;
+		ssl_certificate_key /opt/psa/admin/conf/httpsd.pem;
+
+		include conf.d/*plesk.inc;
+		include conf.d/*wpb.inc;
+}

etc/sw-cp-server/conf.d/plesk.inc

@@ -0,0 +1,103 @@
+# Copyright 1999-2025. WebPros International GmbH. All rights reserved.
+		underscores_in_headers on;
+		access_log /var/log/plesk/httpsd_access_log main buffer=8k;
+
+		index index.php;
+		root /opt/psa/admin/htdocs;
+
+# Maintenance
+		include conf.d/maintenance;
+		if ($uri ~* \.(ico|css|js|gif|jpe?g|png|html|json|svg|woff2)(\?[0-9]+)? ) {
+			set $maintenance off;
+		}
+
+		if ($maintenance = on) {
+			return 503;
+		}
+
+		error_page 503 @maintenance;
+		location @maintenance {
+			if ($maintenance = on) {
+				rewrite ^(.*)$ /error_docs/503.1.html break;
+			}
+			rewrite ^(.*)$ /error_docs/503.html break;
+			internal;
+		}
+
+		location /maintenance/ { root /usr/local/psa/var/;  }
+# End: maintenance
+
+		location /extras/ {
+			alias /usr/local/psa/admin/share/modules/;
+		}
+
+# Admin panel
+		location /admin {
+			alias /opt/psa/admin/application/admin/public;
+			try_files $uri @route;
+		}
+
+# SMB panel
+		location /smb {
+			alias /opt/psa/admin/application/smb/public;
+			try_files $uri @route;
+		}
+
+		location @route {
+			include /etc/sw-cp-server/fastcgi_params;
+			fastcgi_pass unix:/var/run/sw-engine.sock;
+			fastcgi_param PATH_INFO $fastcgi_path_info;
+			fastcgi_param SCRIPT_FILENAME /opt/psa/admin/htdocs/application.php;
+			fastcgi_param HTTP_PRAGMA $http_pragma;
+		}
+
+# Custom skins
+		location ~ ^/theme-skins {
+			deny all;
+			location ~ "\.(css|gif|png|jpg|jpeg|webp|svg|xml|woff|woff2)$" {
+				allow all;
+				try_files $uri @default-skin;
+			}
+		}
+
+		location @default-skin {
+			rewrite ^/theme-skins/[^/]+/(.*)$ /cp/theme/$1 last;
+		}
+
+# Backward compatiblity for old URLs
+		rewrite (login|login_up|logout)\.php3(/|$) /$1.php$2 last;
+
+# New modern
+		rewrite ^/login/?$ /login_up.php last;
+
+# Rewrite for api
+		rewrite ^/api/modules/([^/]*)/(.*)$ /modules/$1/public/index.php/$2 last;
+		rewrite ^/api/(.*)$ /modules/rest-api/public/index.php/$1 last;
+
+		location ~* \.php(/|$) {
+			include /etc/sw-cp-server/fastcgi_params;
+			fastcgi_pass unix:/var/run/sw-engine.sock;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		}
+
+# Custom error pages
+		error_page 400 401 403 404 405 406 407 412 414 415 500 501 502 503 /error_docs/$status.$error_doc_format;
+
+# http to https redirect
+		error_page 497 https://$host:$server_port$request_uri;
+
+# Content security policy header to prevent XSS and phishing
+		add_header X-Content-Type-Options "nosniff";
+		location ~ ^/images/logos {
+			add_header Content-Security-Policy "default-src 'none'; form-action 'none'; frame-ancestors 'none'; sandbox";
+		}
+
+# Favicon branding
+		location /images/favicon.svg {
+			try_files /images/logos/favicon.custom.svg $uri =404;
+		}
+
+		location /favicon.ico {
+			try_files /images/logos/favicon.custom.ico $uri =404;
+		}
+

etc/sw-cp-server/conf.d/plesk_site_preview.conf

@@ -0,0 +1,98 @@
+server {
+		listen 127.0.0.1:8880;
+		server_name plesk-site-preview.local;
+
+		location ~ ^/plesk-site-preview/(?P<internal_host>.*?)/(?P<internal_scheme>https?)/(?P<internal_ip>.*?)/(?P<internal_uri>.*)$ {
+			# Validate parts of uri to avoid injections
+			if ($internal_host !~ "^[A-Za-z0-9]([A-Za-z0-9\-]{0,61}[A-Za-z0-9]){0,1}(\.[A-Za-z0-9]([A-Za-z0-9\-]{0,61}[A-Za-z0-9]){0,1}){1,}$") {
+				return 400;
+			}
+			if ($internal_ip !~ "^[A-Fa-f0-9\.\:\[\]]+$") {
+				return 400;
+			}
+			if ($internal_uri ~ "^server-status(/.*)?$") {
+				return 400;
+			}
+
+			set $dst_path "/plesk-site-preview/$internal_host/$internal_scheme/$internal_ip/";
+			set $public_scheme "http";
+			if ($http_x_forwarded_proto = 'https') {
+				set $public_scheme "https";
+			}
+			set $public_ip "";
+
+			access_by_lua '
+				local ip_map = io.open("/etc/sw-cp-server/conf.d/ip_mapping.inc")
+				if (ip_map == nil) then
+				    ip_map = io.open("/etc/sw-cp-server/conf.d/trusted_ips.inc")
+				end
+				if (ip_map == nil) then
+					ngx.log(ngx.ERR, "Could not find IP map file")
+					ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+				end
+
+				function filter_plesk_cookie()
+					local headers = ngx.req.get_headers()
+					if headers == nil or headers["Cookie"] == nil then
+						return
+					end
+					local cookie = headers["Cookie"]
+					local black_list = {"PLESKSESSID[^=]*", "SBSESSION", "phpMyAdmin", "PPA_ID", "plesk%-[^=]*"}
+					for k, v in pairs(black_list) do
+						cookie = cookie:gsub("%s?" .. v .. "=[^;]*;?", ""):gsub("^%s*(.-);?$", "%1")
+					end
+					ngx.req.set_header("Cookie", cookie)
+				end
+
+				for ips in ip_map:lines() do
+					local internal_ip, public_ip = ips:match("([^,]*),?([^,]*)")
+					if internal_ip == ngx.var.internal_ip then
+						ngx.var.public_ip = public_ip ~= "" and public_ip or internal_ip
+						ip_map:close()
+						filter_plesk_cookie()
+						return
+					end
+				end
+				ip_map:close()
+				ngx.log(ngx.ERR, "Forbidden for IP: " .. ngx.var.internal_ip)
+				ngx.exit(ngx.HTTP_FORBIDDEN)
+			';
+
+			rewrite ^/(.*)$ /$internal_uri break;
+			proxy_pass $internal_scheme://$internal_ip;
+			proxy_redirect http://$internal_host/ $public_scheme://$public_ip$dst_path;
+			proxy_redirect https://$internal_host/ $public_scheme://$public_ip/plesk-site-preview/$internal_host/https/$internal_ip/;
+			proxy_redirect https://$internal_host:443/ $public_scheme://$public_ip/plesk-site-preview/$internal_host/https/$internal_ip/;
+			proxy_redirect http://www.$internal_host/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/http/$internal_ip/;
+			proxy_redirect https://www.$internal_host/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/https/$internal_ip/;
+			proxy_redirect https://www.$internal_host:443/ $public_scheme://$public_ip/plesk-site-preview/www.$internal_host/https/$internal_ip/;
+			proxy_cookie_domain ~^.*$ $host;
+			proxy_cookie_path / $dst_path;
+			proxy_set_header Host $internal_host;
+			proxy_set_header X-Real-IP $remote_addr;
+			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+			proxy_set_header Accept-Encoding "";
+			proxy_set_header Is-SitePreview "1";
+			add_header X-Robots-Tag "noindex,nofollow";
+			header_filter_by_lua 'ngx.header.content_length = nil';
+
+			body_filter_by_lua '
+				local response_body = ngx.arg[1]
+				local src_address = "https?://" .. ngx.var.internal_host:gsub("[%-%.%+%[%]%(%)%$%^%%%?%*]", "%%%1") .. "/?"
+				local dst_address = ngx.var.public_scheme .. "://" .. ngx.var.public_ip .. ngx.var.dst_path
+				response_body = response_body:gsub(src_address, dst_address)
+				response_body = response_body:gsub("(src%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
+				response_body = response_body:gsub("(href%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
+				response_body = response_body:gsub("(action%s*=%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
+				response_body = response_body:gsub("(url%(%s*[\\"\']?)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
+				response_body = response_body:gsub("(url%(%s*&quot;)/([^/])", "%1" .. ngx.var.dst_path .. "%2")
+				response_body = response_body:gsub("(srcset%s*=%s*[\\"\']?)/", "data-plesk-site-preview-ignore-%1/")
+				ngx.arg[1] = response_body
+			';
+		}
+
+		location ~ ^/plesk-site-preview/(.*?)/(.*?)/(.*?)$ {
+			rewrite ^ $uri/ last;
+		}
+
+}

etc/sw-cp-server/conf.d/repair_plesk.inc

@@ -0,0 +1,11 @@
+		location /repair {
+			alias /opt/psa/admin/repair;
+			index index.html;
+
+			auth_request /repair/backend/auth;
+
+			location /repair/backend/ {
+				proxy_pass http://unix:/run/plesk_repaird.sock:/repair/backend/;
+				proxy_read_timeout 600;
+			}
+		}

etc/sw-cp-server/conf.d/ssl.conf

@@ -0,0 +1,5 @@
+ssl_dhparam /opt/psa/etc/dhparams2048.pem;
+ssl_protocols TLSv1.2 TLSv1.3;
+proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ssl_ciphers EECDH+AESGCM:EECDH+AESCCM:EECDH+CHACHA20:EECDH+ARIAGCM;
+ssl_prefer_server_ciphers off;

etc/sw-cp-server/conf.d/ui_library_plesk.inc

@@ -0,0 +1,3 @@
+		location /ui-library {
+			alias /opt/psa/admin/ui-library;
+		}

etc/sw-cp-server/conf.d/wpb.inc

@@ -0,0 +1,27 @@
+location /sitebuilder/api {
+	alias /usr/local/sb/htdocs;
+	try_files $uri @sitebuilder;
+}
+
+location /sitebuilder {
+	alias /usr/local/sb/htdocs;
+	index index.php index.html;
+	try_files $uri $uri/ @sitebuilder;
+
+	location ~* /sitebuilder/sites/(.*)/attachments/documents/(.*) {
+		deny all;
+	}
+
+	location ~* /sitebuilder/(.*)\.php$ {
+		include /etc/sw-cp-server/fastcgi.conf;
+		fastcgi_pass unix:/var/run/sw-engine.sock;
+		fastcgi_param SCRIPT_FILENAME $request_filename;
+	}
+}
+
+location @sitebuilder {
+	include /etc/sw-cp-server/fastcgi_params;
+	fastcgi_pass unix:/var/run/sw-engine.sock;
+	fastcgi_param PATH_INFO /sitebuilder/$fastcgi_path_info;
+	fastcgi_param SCRIPT_FILENAME /usr/local/sb/htdocs/index.php;
+}

etc/sw-cp-server/conf.d/ws_plesk.inc

@@ -0,0 +1,11 @@
+		location /ws {
+			proxy_http_version 1.1;
+			proxy_set_header Upgrade "websocket";
+			proxy_set_header Connection "Upgrade";
+			proxy_set_header Host $host;
+			proxy_set_header X-Real-IP $remote_addr;
+			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+			proxy_redirect off;
+
+			proxy_pass http://unix:/run/plesk-web-socket/ws.sock:/;
+		}