diff --git a/etc/apache2/mods-available/macro.conf b/etc/apache2/mods-available/macro.conf
index 2bc6aba..77a5770 100644
--- a/etc/apache2/mods-available/macro.conf
+++ b/etc/apache2/mods-available/macro.conf
@@ -79,6 +79,16 @@
SSLEngine on
SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
+ Alias /stats /srv/www/$vhost/stats
+ AddExternalAuth pwauth /usr/sbin/pwauth
+ SetExternalAuthMethod pwauth pipe
+
+ AuthType Basic
+ AuthName "Usage Statistics for $vhost"
+ AuthBasicProvider external
+ AuthExternal pwauth
+ Require user $username
+
diff --git a/etc/cron.daily/webalizer b/etc/cron.daily/webalizer
new file mode 100755
index 0000000..c9d9b37
--- /dev/null
+++ b/etc/cron.daily/webalizer
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# purge dns cache records older than 7 days
+if [[ -f /var/lib/webalizer_dns_cache.db ]]; then
+ /usr/bin/wcmgr -p7 /var/lib/webalizer_dns_cache.db
+fi
+
+# set virtualhosts array
+virtualhosts=(`ls -1 /srv/www|grep -v ^html$`)
+
+# only proceed if there are one or more virtualhosts
+if [ ${#virtualhosts[@]} -gt 0 ]; then
+ for virtualhost in "${virtualhosts[@]}"
+ do
+ if [[ -f /var/spool/apache2/$virtualhost.log ]]; then
+ user=$(stat -c '%U' /srv/www/$virtualhost)
+ if [[ ! -d /srv/www/$virtualhost/stats ]]; then
+ install --owner=$user --group=$user --mode=755 --directory /srv/www/$virtualhost/stats
+ fi
+ /usr/bin/webazolver -Q -N 20 -D /var/lib/webalizer_dns_cache.db -o /srv/www/$virtualhost/stats /var/spool/apache2/$virtualhost.log
+ /usr/bin/logger Running Webalizer for $virtualhost as user $user
+ su --shell=/bin/bash -c "/usr/bin/webalizer -Q -D /var/lib/webalizer_dns_cache.db -N 0 -p -f -n $virtualhost -o /srv/www/$virtualhost/stats /var/spool/apache2/$virtualhost.log" $user
+ /usr/bin/rm /var/spool/apache2/$virtualhost.log
+ fi
+ done
+fi
diff --git a/etc/logrotate.d/apache2 b/etc/logrotate.d/apache2
new file mode 100644
index 0000000..1008679
--- /dev/null
+++ b/etc/logrotate.d/apache2
@@ -0,0 +1,23 @@
+/var/log/apache2/*.log {
+ daily
+ missingok
+ rotate 8
+ compress
+ delaycompress
+ ifempty
+ create 640 root adm
+ sharedscripts
+ postrotate
+ if invoke-rc.d apache2 status > /dev/null 2>&1; then \
+ invoke-rc.d apache2 reload > /dev/null 2>&1; \
+ fi;
+ if [ -f /var/log/apache2/access.log.1 ]; then
+ /usr/local/sbin/split-apache-logfile.pl < /var/log/apache2/access.log.1
+ fi
+ endscript
+ prerotate
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+ run-parts /etc/logrotate.d/httpd-prerotate; \
+ fi; \
+ endscript
+}
diff --git a/install.sh b/install.sh
index 3ecd68c..950cdee 100755
--- a/install.sh
+++ b/install.sh
@@ -127,11 +127,36 @@ else
install --owner=vhost --group=vhost --mode=755 --directory /srv/www/html
fi
+# Webalizer
+apt -y install webalizer
+cp etc/logrotate.d/apache2 /etc/logrotate.d/apache2
+chmod 644 /etc/logrotate.d/apache2
+cp etc/cron.daily/webalizer /etc/cron.daily/webalizer
+chmod 755 /etc/cron.daily/webalizer
+rmdir /srv/www/webalizer
+
# install status.php
cp html/status.php /srv/www/html
chmod 644 /srv/www/html/status.php
chown vhost:vhost /srv/www/html/status.php
+# phpMyAdmin
+apt -y install php-bz2 php-tcpdf
+cd /usr/local/src
+wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.tar.gz
+tar zxf phpMyAdmin-5.1.1-all-languages.tar.gz
+rm -r phpMyAdmin-5.1.1-all-languages/setup/
+if [ -d "phpMyAdmin-5.1.1-all-languages/test/" ]; then
+ rm -r phpMyAdmin-5.1.1-all-languages/test/
+fi
+mv phpMyAdmin-5.1.1-all-languages /srv/www/html/phpMyAdmin
+cp html/phpMyAdmin/config.inc.php /srv/www/html/phpMyAdmin/config.inc.php
+blowfish_secret=`pwgen 32 -1`
+sed -i "s|changeme|$blowfish_secret|g" /srv/www/html/phpMyAdmin/config.inc.php
+find /srv/www/html/phpMyAdmin -type d -exec chmod 755 {} +
+find /srv/www/html/phpMyAdmin -type f -exec chmod 644 {} +
+chown -R vhost:vhost /srv/www/html/phpMyAdmin
+
# jailkit
apt -y install jailkit
# bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated
@@ -156,6 +181,16 @@ echo "[ruby]" >> /etc/jailkit/jk_init.ini
echo "comment = the ruby interpreter and libraries" >> /etc/jailkit/jk_init.ini
echo "paths = /usr/bin/erb. /usr/bin/gem, /usr/bin/irb, /usr/bin/rdoc, /usr/bin/ri, /usr/bin/ruby, /usr/share/doc/ruby, /usr/share/man/man1/ruby.1.gz, /usr/lib/ruby/, /usr/lib/x86_64-linux-gnu/ruby/" >> /etc/jailkit/jk_init.ini
+# varnish
+apt -y install varnish
+# systemctl disable varnish
+# service varnish stop
+cp -a etc/varnish/* /etc/varnish/
+find /etc/varnish/ -type d -exec chmod 755 {} +
+find /etc/varnish/ -type f -exec chmod 644 {} +
+chown -R root:root /etc/varnish/
+## /usr/bin/varnishncsa
+
mkdir /usr/jails
if ! [ -d "/usr/local/libexec" ]; then
install --owner=root --group=root --mode=755 --directory /usr/local/libexec
@@ -169,20 +204,6 @@ if ! [ -f "/etc/fstab.jails" ]; then
echo "# /etc/fstab.jails: jail bind mounts information." > /etc/fstab.jails
fi
-# varnish
-apt -y install varnish
-# systemctl disable varnish
-# service varnish stop
-cp -a etc/varnish/* /etc/varnish/
-find /etc/varnish/ -type d -exec chmod 755 {} +
-find /etc/varnish/ -type f -exec chmod 644 {} +
-chown -R root:root /etc/varnish/
-## /usr/bin/varnishncsa
-
-# install vhost scripts
-chmod 755 bin/*
-cp bin/* /usr/local/bin/
-
# mini_sendmail so users can send out of jails
cd /usr/local/src
wget http://www.acme.com/software/mini_sendmail/mini_sendmail-1.3.9.tar.gz
@@ -193,19 +214,7 @@ cp mini_sendmail /usr/local/sbin
gzip mini_sendmail.8
cp mini_sendmail.8.gz /usr/local/share/man/man8
-# phpMyAdmin
-apt -y install php-bz2 php-tcpdf
-cd /usr/local/src
-wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.tar.gz
-tar zxf phpMyAdmin-5.1.1-all-languages.tar.gz
-rm -r phpMyAdmin-5.1.1-all-languages/setup/
-if [ -d "phpMyAdmin-5.1.1-all-languages/test/" ]; then
- rm -r phpMyAdmin-5.1.1-all-languages/test/
-fi
-mv phpMyAdmin-5.1.1-all-languages /srv/www/html/phpMyAdmin
-cp html/phpMyAdmin/config.inc.php /srv/www/html/phpMyAdmin/config.inc.php
-blowfish_secret=`pwgen 32 -1`
-sed -i "s|changeme|$blowfish_secret|g" /srv/www/html/phpMyAdmin/config.inc.php
-find /srv/www/html/phpMyAdmin -type d -exec chmod 755 {} +
-find /srv/www/html/phpMyAdmin -type f -exec chmod 644 {} +
-chown -R vhost:vhost /srv/www/html/phpMyAdmin
+# install vhost scripts
+chmod 755 bin/*
+cp bin/* /usr/local/bin/
+
diff --git a/sbin/split-apache-logfile.pl b/sbin/split-apache-logfile.pl
new file mode 100755
index 0000000..4568a8d
--- /dev/null
+++ b/sbin/split-apache-logfile.pl
@@ -0,0 +1,103 @@
+#!/usr/bin/perl
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Modified 2022 by Matthew Saunders Brown
+# to work with vhost-stack https://git.stack-source.com/msb/vhost-stack
+#
+#
+# This script will take a combined Web server access
+# log file and break its contents into separate files.
+# It assumes that the first field of each line is the
+# virtual host identity (put there by "%v"), and that
+# the logfiles should be named that+".log" in the current
+# directory.
+#
+# The combined log file is read from stdin. Records read
+# will be appended to any existing log files.
+#
+# use strict;
+use warnings;
+
+my %log_file = ();
+
+# read all files from /srv/www
+opendir(DIR, "/srv/www") or die "couldn't open /srv/www/ to get list of virtualhosts: $!\n";
+my @dir = readdir DIR;
+closedir DIR;
+
+# create virtualhosts array from /srv/www listing
+my %virtualhosts = ();
+foreach $virtualhost (@dir) {
+ if ($virtualhost ne "." && $virtualhost ne ".." && $virtualhost ne "html") {
+ if (-d "/srv/www/$virtualhost") {
+ $virtualhosts{ $virtualhost } = $virtualhost;
+ }
+ }
+}
+
+# set spool dir for temporary apache files
+$spool_dir="/var/spool/apache2";
+
+# remove any previous files from spool dir
+system("/usr/bin/find $spool_dir -type f -name '*.log' -exec rm {} +");
+
+while (my $log_line = ) {
+ #
+ # Get the first token from the log record; it's the
+ # identity of the virtual host to which the record
+ # applies.
+ #
+ my ($vhost) = split (/\s/, $log_line);
+ #
+ # Normalize the virtual host name to all lowercase.
+ # If it's blank, the request was handled by the default
+ # server, so supply a default name. This shouldn't
+ # happen, but caution rocks.
+ #
+ $vhost = lc ($vhost) || "access";
+ #
+ # Strip of leading www.
+ #
+ $vhost =~ s/^www\.//;
+ #
+ # Strip of the trailing port number
+ #
+ $vhost =~ s/\:.*//;
+ #
+ # if the vhost contains a "/" or "\", it is illegal so just use
+ # the default log to avoid any security issues due if it is interprted
+ # as a directory separator.
+ if ($vhost =~ m#[/\\]#) { $vhost = "access" }
+ #
+ # If the log file for this virtual host isn't opened
+ # yet, do it now.
+ #
+ if (exists($virtualhosts{$vhost})) {
+ if (! $log_file{$vhost}) {
+ open $log_file{$vhost}, ">>$spool_dir/${vhost}.log"
+ or die ("Can't open $spool_dir/${vhost}.log");
+ }
+ #
+ # Strip off the first token (which may be null in the
+ # case of the default server), and write the edited
+ # record to the current log file.
+ #
+ $log_line =~ s/^\S*\s+//;
+ print {$log_file{$vhost}} $log_line;
+ }
+}
+exit 0;