From dc8abe95f071cbcc80145912f9caf795b328b48b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Jun 2023 18:58:52 +0200 Subject: [PATCH 001/304] Update list_user.html - coffee typo --- web/templates/admin/list_user.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/templates/admin/list_user.html b/web/templates/admin/list_user.html index 066513ee..0bcbddd7 100644 --- a/web/templates/admin/list_user.html +++ b/web/templates/admin/list_user.html @@ -81,7 +81,7 @@
Donate - Buy us a coffe + Buy us a coffee
Wiki From ef5ef951940ed7bcf3f47f02e2695104b7f23c6b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 28 Jun 2023 15:22:05 +0200 Subject: [PATCH 002/304] get deb12 exim conf --- bin/v-make-separated-ip-for-email | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index a26c68e3..a25fc6dd 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -138,7 +138,7 @@ check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template) if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup - cp /usr/local/vesta/install/debian/11/exim/exim4.conf.template-RC /etc/exim4/exim4.conf.template + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template From 7ee011a9d3b6c72183a455fe9d68c2ed9ea35c1a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Jul 2023 14:41:38 +0200 Subject: [PATCH 003/304] Update v-import-cpanel-backup --- bin/v-import-cpanel-backup | 45 +++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index 02383018..4faad31e 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -269,28 +269,29 @@ cd $sk_mdir for sk_maild in $(ls -1) do if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp" ]]; then - if [ -d "$sk_maild" ]; then - for sk_mail_account in $(ls $sk_maild/) - do - - echo "Create and restore mail account: $sk_mail_account@$sk_maild" - sk_mail_pass1=$(generate_password) - /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 - mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} - chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} - find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete - # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} - echo "Set password for ${sk_mail_account}@${sk_maild}" - pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') - newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" - newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" - # echo $newline - escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') - escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') - sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd - sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf - done - fi + if [ -d "$sk_maild" ]; then + for sk_mail_account in $(ls $sk_maild/) + do + echo "Create and restore mail account: $sk_mail_account@$sk_maild" + sk_mail_pass1=$(generate_password) + /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 + mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} + chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} + find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete + # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} + if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then + echo "Set password for ${sk_mail_account}@${sk_maild}" + pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') + newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" + newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" + # echo $newline + escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') + escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') + sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd + sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf + fi + done + fi #else # this only detect default dirs account new, cur, tmp etc # maybe can do something with this, but on most cpanel default account have only spam. From 12d6e59a7ec278e34117f674739988db20eca0d1 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Jul 2023 14:50:16 +0200 Subject: [PATCH 004/304] Update v-import-cpanel-backup --- bin/v-import-cpanel-backup | 44 ++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index 4faad31e..f92ae5af 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -271,25 +271,25 @@ do if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp" ]]; then if [ -d "$sk_maild" ]; then for sk_mail_account in $(ls $sk_maild/) - do - echo "Create and restore mail account: $sk_mail_account@$sk_maild" - sk_mail_pass1=$(generate_password) - /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 - mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} - chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} - find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete - # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} - if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then - echo "Set password for ${sk_mail_account}@${sk_maild}" - pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') - newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" - newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" - # echo $newline - escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') - escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') - sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd - sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf - fi + do + echo "Create and restore mail account: $sk_mail_account@$sk_maild" + sk_mail_pass1=$(generate_password) + /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 + mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} + chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} + find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete + if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then + echo "Set password for ${sk_mail_account}@${sk_maild}" + pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') + newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" + newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" + escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') + escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') + sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd + sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf + else + echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} + fi done fi #else @@ -368,7 +368,9 @@ tput setaf 4 echo "##############################" echo "cPanel Backup restored" echo "Review your content and report any fail" -# echo "I reset mail password not posible restore it yet." -# echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +if [ -f "/root/sk_mail_password_${sk_cp_user}-${sk_cod}" ]; then + echo "I reset mail password not posible restore it yet." + echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +fi echo "##############################" tput sgr0 From 5d2f0d68e0a707f3a1db593a755bc3e86a0a5dad Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 29 Jul 2023 14:40:19 +0200 Subject: [PATCH 005/304] Removing sury repo from multi-php-install.sh for Debian 8 and 9 --- src/deb/for-download/tools/multi-php-install.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 88528e92..4d86050d 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -95,12 +95,8 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - if [ $debian_version -eq 8 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ jessie main" > /etc/apt/sources.list.d/php.list' - fi - if [ $debian_version -eq 9 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/php.list' + if [ $debian_version -ge 10 ]; then + wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi if [ $debian_version -eq 10 ]; then sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' From 843d4a94e2ae6df08654090f95fd19d3c3914ac3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 8 Aug 2023 15:41:25 +0200 Subject: [PATCH 006/304] Update install_rate_limit_tpl.sh --- .../for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 8710008c..3cae3526 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -54,4 +54,4 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-burst wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl -service nginx restart +systemctl restart nginx From e82378c9358ae98ec0b4c50722890b9fd9f7c33f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 15:45:37 +0200 Subject: [PATCH 007/304] v-grep LF ending --- bin/v-grep | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/bin/v-grep b/bin/v-grep index 3e467129..045751a5 100644 --- a/bin/v-grep +++ b/bin/v-grep @@ -1,21 +1,21 @@ -#!/bin/bash -# info: calling myvesta_grep PHP function -# options: PARAMETERS -# -# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression) - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - - -if [ -p /dev/stdin ]; then - STDIN=$(cat -) - if [ ! -z "$STDIN" ]; then - echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" - exit $? - fi -fi - -php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" -exit $? +#!/bin/bash +# info: calling myvesta_grep PHP function +# options: PARAMETERS +# +# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression) + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +if [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" + exit $? + fi +fi + +php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" +exit $? From 4d7ce60f39e675982bfdaf443e88be9b7e206787 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 20:11:40 +0200 Subject: [PATCH 008/304] deb12 fixes in postinst --- src/deb/vesta/postinst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 09195d4c..9b074aaf 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -26,7 +26,7 @@ fi # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Patching exim4.conf for: smtputf8_advertise_hosts -if [ "$release" -gt 10 ]; then +if [ "$release" -ge 11 ]; then if [ -f "/etc/exim4/exim4.conf.template" ]; then if ! grep -q 'smtputf8_advertise_hosts' /etc/exim4/exim4.conf.template; then echo 'Patching exim4.conf for: smtputf8_advertise_hosts' @@ -47,7 +47,7 @@ if [ -f "/etc/exim4/exim4.conf.template" ]; then fi # Making sure yescrypt is disabled -if [ "$release" -eq 11 ]; then +if [ "$release" -ge 11 ]; then sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password fi @@ -66,13 +66,18 @@ if [ "$release" -eq 11 ]; then ADD=" hosts_try_fastopen = \!\*.l.google.com" sed -i "s#$FIND#$FIND\n$ADD#g" /etc/exim4/exim4.conf.template systemctl restart exim4 - - sed -i "s/net.ipv4.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf - echo 1 > /proc/sys/net/ipv4/tcp_window_scaling fi fi fi +if [ "$release" -ge 11 ]; then + check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) + if [ "$check_grep" -gt 0 ]; then + echo "=== Removing net.ipv4.tcp_window_scaling" + sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv4/tcp_window_scaling + fi +fi # Adding Barracuda RBL to SpamAssassin if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then From cb52ef65b41ca1da71114cb6ba0e5249a0ae8166 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 20:14:34 +0200 Subject: [PATCH 009/304] postinst removing tabs indent --- src/deb/vesta/postinst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 9b074aaf..d1c92a8c 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -71,12 +71,12 @@ if [ "$release" -eq 11 ]; then fi if [ "$release" -ge 11 ]; then - check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) - if [ "$check_grep" -gt 0 ]; then - echo "=== Removing net.ipv4.tcp_window_scaling" - sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf - echo 1 > /proc/sys/net/ipv4/tcp_window_scaling - fi + check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) + if [ "$check_grep" -gt 0 ]; then + echo "=== Removing net.ipv4.tcp_window_scaling" + sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv4/tcp_window_scaling + fi fi # Adding Barracuda RBL to SpamAssassin From 0213d749eeebd6a46477afd9c554206741054763 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:03:16 +0200 Subject: [PATCH 010/304] Update exim_forwarding.patch --- src/deb/for-download/tools/patches/exim_forwarding.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/patches/exim_forwarding.patch b/src/deb/for-download/tools/patches/exim_forwarding.patch index 1fa6d408..dcefe327 100644 --- a/src/deb/for-download/tools/patches/exim_forwarding.patch +++ b/src/deb/for-download/tools/patches/exim_forwarding.patch @@ -6,7 +6,7 @@ + warn !authenticated = * + hosts = !+relay_from_hosts -+ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} ++ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + deny message = Restricted characters in address From bb79f9f8c01b49c10c862f09e5e263927c78d323 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Aug 2023 20:50:20 +0200 Subject: [PATCH 011/304] deb12 nginx http2 on; --- install/debian/12/nginx/nginx.conf | 2 +- install/debian/12/templates/web/nginx/force-https-legacy.stpl | 3 ++- install/debian/12/templates/web/nginx/force-https-public.stpl | 3 ++- .../12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl | 3 ++- install/debian/12/templates/web/nginx/force-https.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting-legacy.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting-public.stpl | 3 ++- .../12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting.stpl | 3 ++- install/debian/12/templates/web/nginx/private-force-https.stpl | 3 ++- install/debian/12/templates/web/nginx/private-hosting.stpl | 3 ++- 11 files changed, 21 insertions(+), 11 deletions(-) diff --git a/install/debian/12/nginx/nginx.conf b/install/debian/12/nginx/nginx.conf index 6d5e36ba..6efe2337 100644 --- a/install/debian/12/nginx/nginx.conf +++ b/install/debian/12/nginx/nginx.conf @@ -100,7 +100,7 @@ http { # SSL PCI Compliance ssl_session_cache shared:SSL:10m; - ssl_protocols TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl index 79e55a26..bea7d86c 100644 --- a/install/debian/12/templates/web/nginx/force-https-legacy.stpl +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssll + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https-public.stpl b/install/debian/12/templates/web/nginx/force-https-public.stpl index ac422df6..a7609b13 100644 --- a/install/debian/12/templates/web/nginx/force-https-public.stpl +++ b/install/debian/12/templates/web/nginx/force-https-public.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl index 7e0e71d1..2db9a06e 100644 --- a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl +++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https.stpl b/install/debian/12/templates/web/nginx/force-https.stpl index 33fab443..55f41002 100644 --- a/install/debian/12/templates/web/nginx/force-https.stpl +++ b/install/debian/12/templates/web/nginx/force-https.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.stpl b/install/debian/12/templates/web/nginx/hosting-legacy.stpl index a34b4bf1..efdd3b87 100644 --- a/install/debian/12/templates/web/nginx/hosting-legacy.stpl +++ b/install/debian/12/templates/web/nginx/hosting-legacy.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-public.stpl b/install/debian/12/templates/web/nginx/hosting-public.stpl index ac422df6..a7609b13 100644 --- a/install/debian/12/templates/web/nginx/hosting-public.stpl +++ b/install/debian/12/templates/web/nginx/hosting-public.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl index 7e0e71d1..2db9a06e 100644 --- a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl +++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting.stpl b/install/debian/12/templates/web/nginx/hosting.stpl index 755caadf..5745311e 100644 --- a/install/debian/12/templates/web/nginx/hosting.stpl +++ b/install/debian/12/templates/web/nginx/hosting.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/private-force-https.stpl b/install/debian/12/templates/web/nginx/private-force-https.stpl index 64094fb8..bf805683 100644 --- a/install/debian/12/templates/web/nginx/private-force-https.stpl +++ b/install/debian/12/templates/web/nginx/private-force-https.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/private-hosting.stpl b/install/debian/12/templates/web/nginx/private-hosting.stpl index fd9471bd..8e5b3f7b 100644 --- a/install/debian/12/templates/web/nginx/private-hosting.stpl +++ b/install/debian/12/templates/web/nginx/private-hosting.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; From 658680095bae44d5495219282f4e752ef5403ee0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Aug 2023 20:52:13 +0200 Subject: [PATCH 012/304] http2 typo --- install/debian/12/templates/web/nginx/force-https-legacy.stpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl index bea7d86c..8e636db3 100644 --- a/install/debian/12/templates/web/nginx/force-https-legacy.stpl +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%proxy_ssl_port% ssll + listen %ip%:%proxy_ssl_port% ssl; http2 on; server_name %domain_idn% %alias_idn%; From c32036e53181d11e9b693ead4651d2973413d572 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 11:23:57 +0200 Subject: [PATCH 013/304] Handling tailf watcher processes in v-clean-garbage --- bin/v-clean-garbage | 19 +++++++++++++++++++ bin/v-commander | 19 ------------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 72e8560e..6dc006ae 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -21,6 +21,14 @@ source /usr/local/vesta/func/main.sh # Action # #----------------------------------------------------------# +# turn off tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') +fi + rm /var/backups/* > /dev/null 2>&1 rm /var/cache/apt/archives/* > /dev/null 2>&1 cd /var/log @@ -41,6 +49,9 @@ find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete find /var/log/exim4/ -type f -exec truncate -s 0 {} \; +truncate -s 0 /*.log +rm /panic-*.log +rm /var/log/panic-*.log clean_home() { nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete @@ -74,6 +85,14 @@ if [ $fail2ban_running -eq 1 ]; then systemctl start fail2ban fi +# turn on tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & +fi + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-commander b/bin/v-commander index 06a5f737..e0850737 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -354,32 +354,13 @@ do echo "=============================" echo "== cleaning trash" df -m - ps -Af | grep tailf | grep -v "grep tailf" - if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') - fi - if [ -f "/usr/local/bin/tailf_exim.php" ]; then - kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') - fi echo "------" ps -Af | grep tailf | grep -v "grep tailf" echo "------" - sleep 2 - truncate -s 0 /*.log - rm /panic-*.log - rm /var/log/panic-*.log /usr/local/vesta/bin/v-clean-garbage - sleep 2 - if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & - fi - if [ -f "/usr/local/bin/tailf_exim.php" ]; then - nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & - fi echo "--------------" df -m echo "--------------" - sleep 2 ps -Af | grep tailf | grep -v "grep tailf" fi From b80a9756213305c30f5cfc86fb71cfee65aa076d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 11:37:04 +0200 Subject: [PATCH 014/304] Muting some unnecessary cleaning errors --- bin/v-clean-garbage | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 6dc006ae..a53cace8 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -49,9 +49,9 @@ find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete find /var/log/exim4/ -type f -exec truncate -s 0 {} \; -truncate -s 0 /*.log -rm /panic-*.log -rm /var/log/panic-*.log +truncate -s 0 /*.log > /dev/null 2>&1 +rm /panic-*.log > /dev/null 2>&1 +rm /var/log/panic-*.log > /dev/null 2>&1 clean_home() { nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete From 34c0588b76c31bdee93c679bbb1407dafd186c3c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:05:26 +0200 Subject: [PATCH 015/304] ignoring nohup messages --- bin/v-clean-garbage | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index a53cace8..323ee80d 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -87,10 +87,10 @@ fi # turn on tailf watcher process if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 & fi if [ -f "/usr/local/bin/tailf_exim.php" ]; then - nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & + nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & fi #----------------------------------------------------------# From 8d467b98abcd44ec7561c86af8149a9d987b150b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:39:44 +0200 Subject: [PATCH 016/304] Muting some unnecessary cleaning errors --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 323ee80d..e588904c 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -54,7 +54,7 @@ rm /panic-*.log > /dev/null 2>&1 rm /var/log/panic-*.log > /dev/null 2>&1 clean_home() { - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1 find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 From 022f3078f51df8000f99312beffb1c091366183b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 6 Sep 2023 14:45:40 +0200 Subject: [PATCH 017/304] Fixing 'dh key too small' in dovecot --- src/deb/vesta/postinst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index d1c92a8c..3f237f10 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,17 @@ fi # echo "1" > /usr/local/vesta/data/upgrades/show_changelog # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Fixing 'dh key too small' in dovecot +if [ -f "/var/log/dovecot.log" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then + if grep -q 'dh key too small' /var/log/dovecot.log; then + if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then + echo "== Fixing 'dh key too small' in dovecot" + echo "ssl_dh=> /etc/dovecot/conf.d/10-ssl.conf + systemctl restart dovecot + fi + fi +fi + # Patching exim4.conf for: smtputf8_advertise_hosts if [ "$release" -ge 11 ]; then if [ -f "/etc/exim4/exim4.conf.template" ]; then From 06527b4d49be97366926173bfd90a4b566a773a7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Sep 2023 01:12:08 +0200 Subject: [PATCH 018/304] Update postinst --- src/deb/vesta/postinst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 3f237f10..e53fee72 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -26,8 +26,8 @@ fi # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Fixing 'dh key too small' in dovecot -if [ -f "/var/log/dovecot.log" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then - if grep -q 'dh key too small' /var/log/dovecot.log; then +if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then + if grep -q 'dh key too small' /var/log/dovecot.log.1; then if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then echo "== Fixing 'dh key too small' in dovecot" echo "ssl_dh=> /etc/dovecot/conf.d/10-ssl.conf From c43b3b09766e2d09033e9a4ab7faf34f3893de60 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 16 Sep 2023 01:11:30 +0200 Subject: [PATCH 019/304] Check if source user is suspended --- bin/v-move-domain-and-database-to-account | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index d055e361..7524d229 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -40,6 +40,10 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user + USER_TO=$user #----------------------------------------------------------# From 39a4dffbcece94e04f626b6ac6f1274aadb7876e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 16 Sep 2023 01:20:19 +0200 Subject: [PATCH 020/304] Check if source user is suspended --- bin/v-change-domain-owner | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 8f267307..c3f8bcfa 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user #----------------------------------------------------------# # Action # From 1709e9ae3d2ffa3c8ae8f748fba6b53833250c58 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 24 Sep 2023 16:58:29 +0200 Subject: [PATCH 021/304] Disabling SpamAssassin on Deb12 --- bin/v-commander | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index e0850737..073c6d72 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -241,8 +241,13 @@ do if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then echo "=============================" echo "== disabling SpamAssassin" - systemctl stop spamassassin.service - systemctl disable spamassassin.service + if [ "$release" -lt 12 ]; then + systemctl stop spamassassin.service + systemctl disable spamassassin.service + else + systemctl stop spamd.service + systemctl disable spamd.service + fi sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template From 98d8ab7f29b3e00208ecb50f203b45859fbd8019 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 27 Sep 2023 09:32:23 +0200 Subject: [PATCH 022/304] v-list-sys-services: detection for official mariadb repo installation --- bin/v-list-sys-services | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/v-list-sys-services b/bin/v-list-sys-services index 3d876101..d23a92a7 100755 --- a/bin/v-list-sys-services +++ b/bin/v-list-sys-services @@ -301,6 +301,10 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then service='mariadb' proc_name='mariadbd' fi + if [ -f "/etc/apt/sources.list.d/mariadb.list" ]; then + service='mariadb' + proc_name='mariadbd' + fi if [ -d "/etc/sysconfig" ]; then service='mysqld' proc_name='mysqld' From c8fcc089a7e861931eda36e7b5f29b755b57e07d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 30 Sep 2023 15:20:47 +0200 Subject: [PATCH 023/304] Clean /home/*/tmp/ in v-clean-garbage --- bin/v-clean-garbage | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index e588904c..55dc98c3 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,6 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -exec rm {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 8a323f6447eda009cd2eaabee120a9ea3add653e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 30 Sep 2023 15:23:27 +0200 Subject: [PATCH 024/304] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 55dc98c3..d987a6c2 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,7 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -exec rm {} \; + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 33e6263e3d2f0d8198400d971bd7e8459ef51c7a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 00:32:27 +0200 Subject: [PATCH 025/304] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index d987a6c2..c46a2b55 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,7 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 3d503f4e1410271c276517c8ebb3fb0623d95dd9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 14:19:41 +0200 Subject: [PATCH 026/304] Update v-clean-garbage --- bin/v-clean-garbage | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index c46a2b55..80d7f165 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -29,6 +29,7 @@ if [ -f "/usr/local/bin/tailf_exim.php" ]; then kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') fi +find /tmp/ -type f -mtime +7 -delete rm /var/backups/* > /dev/null 2>&1 rm /var/cache/apt/archives/* > /dev/null 2>&1 cd /var/log @@ -45,6 +46,8 @@ find /var/log/ -type f -name "*.4" -delete find /var/log/ -type f -name "*.5" -delete find /var/log/ -type f -name "*.6" -delete find /var/log/ -type f -name "*.7" -delete +find /var/log/ -type f -name "*.8" -delete +find /var/log/ -type f -name "*.9" -delete find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete From 85bbc56cbdae66b44a8d65b9607b54d90b6f342d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 14:55:49 +0200 Subject: [PATCH 027/304] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index a25fc6dd..49d31f45 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -148,6 +148,8 @@ if [ "$check_grep" -eq 0 ]; then sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template + /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template' + /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template' touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour touch /etc/exim4/limit_per_email_account_max_recipients touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour From e1fe2ba0944829a08d42702f2f7dbc07f8a91fde Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 15:07:43 +0200 Subject: [PATCH 028/304] Patching exim4.conf for: Helo name contains a ip address --- install/debian/12/exim/exim4.conf.template | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index e6abbe8e..9c670fed 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -109,16 +109,19 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept From 64fa7d9e5865398e8c4c97a2cf115635d532576c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 15:12:40 +0200 Subject: [PATCH 029/304] Update exim4.conf.template --- install/debian/12/exim/exim4.conf.template | 1 - 1 file changed, 1 deletion(-) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 9c670fed..27fca98a 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -112,7 +112,6 @@ acl_check_mail: drop !authenticated = * message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s From b5d57baa294a4382bcec456dbc58ae78ed6df16f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Oct 2023 10:47:40 +0200 Subject: [PATCH 030/304] Update vst-install-debian.sh --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index e7c9a0a9..47e8ede0 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -286,7 +286,7 @@ set_default_value 'postgresql' 'no' set_default_value 'mongodb' 'no' set_default_value 'exim' 'yes' set_default_value 'dovecot' 'yes' -if [ $memory -lt 1500000 ]; then +if [ $memory -lt 2500000 ]; then set_default_value 'clamd' 'no' set_default_value 'spamd' 'no' else From 1099b0c2672eb124c2c47698271d9a8c178a9fef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 4 Oct 2023 11:34:09 +0200 Subject: [PATCH 031/304] Update install_rate_limit_tpl.sh --- .../tools/rate-limit-tpl/install_rate_limit_tpl.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 3cae3526..1d128f7a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -12,7 +12,7 @@ grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then - sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf + sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf echo "=== Added rate_limit to nginx.conf" fi @@ -22,6 +22,12 @@ if [ "$grepc" -eq 1 ]; then echo "=== Decrease addr zone to 1mb to nginx.conf" fi +grepc=$(grep -c 'zone=zone_site:1m' /etc/nginx/nginx.conf) +if [ "$grepc" -eq 0 ]; then + sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;|g' /etc/nginx/nginx.conf + echo "=== Added rate_limit 'zone_site' to nginx.conf" +fi + grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf) if [ "$grepc" -eq 1 ]; then sed -i 's|zone=one:10m|zone=one:1m|g' /etc/nginx/nginx.conf From 5fb32ef55f265a43cf7a8b8a8e5ea93b609ca76a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 4 Oct 2023 14:56:19 +0200 Subject: [PATCH 032/304] Delete pool.d conf file for all PHP versions --- bin/v-delete-web-domain | 48 ++++++++++++++++------------------------- 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 75399766..43362e34 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -62,36 +62,24 @@ if [ -f "$fpmconf" ]; then rm $fpmconf echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log fi -fpmconf="/etc/php/5.6/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.0/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.1/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.2/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.3/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.4/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi + +for PHPV in /etc/php/*; do + if [ -d "${PHPV}" ]; then + # PHPVER=$(basename ${PHPV}) + POOLD="${PHPV}/fpm/pool.d" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + POOLD="${PHPV}/fpm/pool.d-ioncube" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + fi +done # Deleting domain from web.conf sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf From baa93199e86851718feb5ec3fdf7418aa4c460f3 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Fri, 6 Oct 2023 11:35:11 +0200 Subject: [PATCH 033/304] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 71d9f5a9..a2e7a3de 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@

Features of myVesta

From 2aca86432fd8534df9fcb3387b748de3a4219cfe Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 8 Feb 2024 21:26:03 +0100 Subject: [PATCH 092/304] imapsync tools --- .../tools/imapsync/create-mail-sync.sh | 38 +++++++++---- .../tools/imapsync/import-from-file.sh | 56 +++++++++++++++++++ 2 files changed, 83 insertions(+), 11 deletions(-) create mode 100644 src/deb/for-download/tools/imapsync/import-from-file.sh diff --git a/src/deb/for-download/tools/imapsync/create-mail-sync.sh b/src/deb/for-download/tools/imapsync/create-mail-sync.sh index e325754e..94762505 100644 --- a/src/deb/for-download/tools/imapsync/create-mail-sync.sh +++ b/src/deb/for-download/tools/imapsync/create-mail-sync.sh @@ -35,18 +35,35 @@ fi TESTOPT="" if [[ $TEST -eq 1 ]]; then - TESTOPT="--justlogin" + TESTOPT="--justlogin" fi if [ ! -d "accounts" ]; then mkdir accounts fi if [ -f "accounts/$EMAIL" ]; then - echo "********* $EMAIL ALREADY EXISTS !!! ************" + echo "********* EMAIL $EMAIL ALREADY EXISTS !!! ************" exit 1; exit fi +euser=$(echo $EMAIL | cut -d '@' -f 1) +domain=$(echo $EMAIL | cut -d '@' -f 2) +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +if [ "$user" != "" ]; then + echo "=== Email '$EMAIL' has username email part '$euser', domain is '$domain', and belongs to myVesta account: $user" + if [ ! -d "/home/$user/mail/$domain" ]; then + echo "======= Creating '$domail' in MAIL section" + /usr/local/vesta/bin/v-add-mail-domain "$user" "$domain" + fi + if [ ! -d "/home/$user/mail/$domain/$euser" ]; then + echo "======= Creating '$euser' mail account for domain '$domain'" + /usr/local/vesta/bin/v-add-mail-account "$user" "$domain" "$euser" "$PASS2" + echo "" + fi +fi + + echo "Writing to: accounts/$EMAIL" echo "#!/bin/bash @@ -67,21 +84,20 @@ exit; chmod a=rwx accounts/$EMAIL if [[ $TEST -eq 0 ]]; then - exit 0; + exit 0; fi accounts/$EMAIL RET=$? if [ $RET -eq 0 ]; then - # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" - sed -i "s/--justlogin//g" accounts/$EMAIL - echo "--- OK! ---" - echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log + # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" + sed -i "s/--justlogin//g" accounts/$EMAIL + echo "--- OK! ---" + echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log else - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - rm accounts/$EMAIL + echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" + rm accounts/$EMAIL + read -p "=== Press ENTER to continue ===" entered fi exit $RET; diff --git a/src/deb/for-download/tools/imapsync/import-from-file.sh b/src/deb/for-download/tools/imapsync/import-from-file.sh new file mode 100644 index 00000000..ac0c42f4 --- /dev/null +++ b/src/deb/for-download/tools/imapsync/import-from-file.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# +# This script reads email and password=s in following format: +# email1 pass +# email2 pass +# email3 pass + +# The first parameter is the text file from which we read emails and passwords +# The second parameter is SMTP Hostname +# The third parameter is domain if lines contains only username part + + +host='' +if [ $# -gt 1 ]; then + host=$2 +else + echo "Usage: ./import-from-file.sh 'FILE' 'SMTPHOST' ['DOMAIN']" + exit 1; +fi + +domain='' +if [ $# -gt 2 ]; then + domain=$3 +fi + +end_of_file=0 +while [[ $end_of_file == 0 ]]; do + + read -r line + end_of_file=$? + + if [ "$line" == "" ]; then + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + continue + fi + + email=$(echo "$line" | awk '{print $1}') + pass=$(echo "$line" | awk '{print $2}') + + if [[ $email != *"@"* ]]; then + email="$email@$domain" + fi + + echo "Extracted: '$email' = '$pass'" + + ./create-mail-sync.sh "$host" "$email" "$pass" + + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + +done < $1 From 7e209c543d408ab5f23be0b18988ce84042e0273 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:05:59 +0100 Subject: [PATCH 093/304] Update v-backup-users Prevent removing valid licenses when vestacp.com is offline. Licences are free now - https://forum.myvestacp.com/viewtopic.php?t=949 --- bin/v-backup-users | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-backup-users b/bin/v-backup-users index 16a93d6d..05550ded 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -37,7 +37,7 @@ fi log=$VESTA/log/backup.log -$BIN/v-check-vesta-license >/dev/null +# $BIN/v-check-vesta-license >/dev/null touch $log if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then From a7def7b190a88dacdd82704295e872a04e5d604b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:10:58 +0100 Subject: [PATCH 094/304] Changelog --- Changelog.md | 4 ++++ src/deb/latest.txt | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 6908b0e2..d0df650b 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +Version 0.9.9-0-7 [27-Feb-2024] +================================================== +* Few bugs fixed + Version 0.9.9-0-6 [22-Jan-2024] ================================================== * Few bugs fixed diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 0f8dc00c..8170ab75 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-6 +vesta-0.9.9-0-7 \ No newline at end of file From 6819f21c3e7eca1be628f600945725c542ec0c85 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 15:49:33 +0100 Subject: [PATCH 095/304] Update v-commander --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 2bf2242d..8a68cd38 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -274,6 +274,7 @@ do if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then echo "=============================" echo "== disabling SpamAssassin" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) if [ "$release" -lt 12 ]; then systemctl stop spamassassin.service systemctl disable spamassassin.service From 138a30755f226bc2d3ef77d30e7d183466538211 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 16:43:05 +0100 Subject: [PATCH 096/304] Update v-commander --- bin/v-commander | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 8a68cd38..e1f209b1 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -18,6 +18,7 @@ echo "======================= mvVesta-commander ================================ if [ -f /root/kernelupdate ]; then rm /root/kernelupdate fi +apt_updated=0 apt_upgraded=0 quit_on_empty=0 @@ -88,8 +89,8 @@ myhelp() { echo "inst nginx-rate-limit = install nginx-rate-limit templates" echo "dis fb = stop and disable fail2ban" echo "dis dove = stop and disable dovecot" - echo "dis spam = stop and disable spam" - echo "dis clam = stop and disable clamav" + echo "dis spam = stop and disable spamassassin" + echo "dis clam = stop and disable ClamAV" echo "p 7.0 = set default php 7.0" echo "p 7.3 = set default php 7.3" echo "p 7.4 = set default php 7.4" @@ -99,9 +100,22 @@ myhelp() { echo "check fc = check if FreshClam is up" echo "-----------------------------" echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" + echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" echo "-----------------------------" } +apt_update() { + echo "=============================" + echo "== running: apt-get update" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 10 ]; then + apt-get update + else + apt-get update --allow-releaseinfo-change + fi + apt_updated=1 +} + COUNTER=0 while true @@ -162,14 +176,7 @@ do if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then - echo "=============================" - echo "== running: apt-get update" - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -lt 10 ]; then - apt-get update - else - apt-get update --allow-releaseinfo-change - fi + apt_update fi if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then @@ -584,4 +591,17 @@ do /root/install-new-roundcube.sh fi + if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then + if [ ! -f "/root/.ssh/id_rsa.pub" ]; then + ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + fi + echo "=== YOUR id_rsa.pub IS BELOW ===" + cat /root/.ssh/id_rsa.pub + echo "======" + fi + + if [ $numargs -eq 1 ]; then + exit; + fi + done From e6bf09c6085d697fea8fe181e4703c896346be3e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 16:48:48 +0100 Subject: [PATCH 097/304] Update v-commander --- bin/v-commander | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index e1f209b1..824a4377 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -13,7 +13,9 @@ fi source /etc/profile PATH=$PATH:/usr/local/vesta/bin && export PATH -echo "======================= mvVesta-commander ================================" +if [ $SHOWHEADER -eq 1 ]; then + echo "======================= mvVesta-commander ================================" +fi if [ -f /root/kernelupdate ]; then rm /root/kernelupdate @@ -600,7 +602,7 @@ do echo "======" fi - if [ $numargs -eq 1 ]; then + if [ $numargs -gt 0 ]; then exit; fi From 0ae1ea6adcb48f9a7fe9dd4331c9094a9ca4a137 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 17:22:18 +0100 Subject: [PATCH 098/304] Update v-commander --- bin/v-commander | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-commander b/bin/v-commander index 824a4377..3d495476 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -595,7 +595,7 @@ do if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then if [ ! -f "/root/.ssh/id_rsa.pub" ]; then - ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null fi echo "=== YOUR id_rsa.pub IS BELOW ===" cat /root/.ssh/id_rsa.pub From fa165a00206ac67d6a8a768f8c9b0ca462ac4885 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 14 Mar 2024 20:24:47 +0100 Subject: [PATCH 099/304] Update v-fix-user-permissions --- bin/v-fix-user-permissions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index ae798992..e55b5e0f 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -44,7 +44,7 @@ find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \; find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \; find /home/$user/mail/*/ -type f -exec chmod u+rw {} \; find /home/$user/mail/*/ -type f -exec chmod g+rw {} \; - +find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; find /home/$user/conf/ -type d -exec chown root:root {} \; From dd18d6dd6dda04b9a0b0e7c5bb9a22eb84cefaf8 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 29 Mar 2024 14:51:56 +0100 Subject: [PATCH 100/304] Blocking xmlrpc.php and wp-config.php in nginx-rate-limit templatre for WP --- .../tools/rate-limit-tpl/force-https-firewall-wordpress.stpl | 2 ++ .../tools/rate-limit-tpl/hosting-firewall-wordpress.stpl | 2 ++ .../tools/rate-limit-tpl/hosting-firewall-wordpress.tpl | 2 ++ 3 files changed, 6 insertions(+) diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl index e8b5b228..b263d6b5 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl @@ -79,6 +79,8 @@ server { proxy_pass https://%ip%:%web_ssl_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl index e8b5b228..b263d6b5 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl @@ -79,6 +79,8 @@ server { proxy_pass https://%ip%:%web_ssl_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl index 49da9387..7203b88c 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl @@ -76,6 +76,8 @@ server { proxy_pass http://%ip%:%web_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} From 20695198f4acddcaa5d7bd98ebdecd6a1f63ca1c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 29 Mar 2024 17:17:22 +0100 Subject: [PATCH 101/304] tpl CRLF to LF --- .../force-https-firewall-wordpress.tpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl index c9cf1189..5a463370 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl @@ -1,8 +1,8 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From 55e0fcb5dee50afe68a0e829ab1333483e6c231f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:48:56 +0200 Subject: [PATCH 102/304] Update v-clean-garbage: restart exim4 --- bin/v-clean-garbage | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 80d7f165..4cfc1f33 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -97,6 +97,12 @@ if [ -f "/usr/local/bin/tailf_exim.php" ]; then nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & fi +exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim') +if [ $exim_installed -gt 0 ]; then + systemctl restart exim4 +fi + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# From dd825b96cb2a14b1f624a96eaaaf2bfc86cb0bd7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:55:48 +0200 Subject: [PATCH 103/304] Update latest.txt - 0.9.9-0-8 --- src/deb/latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 8170ab75..9bd24024 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-7 \ No newline at end of file +vesta-0.9.9-0-8 From 8cc35b43eb4dfde3abc8ff5c71783345a53bcfc6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 15:08:14 +0200 Subject: [PATCH 104/304] Update header.html --- web/templates/header.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/templates/header.html b/web/templates/header.html index 7f317f94..37905032 100644 --- a/web/templates/header.html +++ b/web/templates/header.html @@ -4,7 +4,7 @@ myVesta - <?=__($TAB)?> - + From 63c4826ac0ea031245b1ff1429852c85694bc7cd Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 15:22:20 +0200 Subject: [PATCH 105/304] Update v-commander --- bin/v-commander | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 3d495476..1747a5ec 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -119,15 +119,20 @@ apt_update() { } COUNTER=0 +HAS_PARAMETERS=0 while true do COUNTER=$((COUNTER + 1)) if [ $COUNTER -le $numargs ]; then + HAS_PARAMETERS=1 answer=$1 shift else + if [ $HAS_PARAMETERS -eq 1 ]; then + exit; + fi read -p 'What to do: ' answer fi @@ -602,8 +607,4 @@ do echo "======" fi - if [ $numargs -gt 0 ]; then - exit; - fi - done From 583a1e5cc7ed3e9657730f55c148df46922a2264 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 19:56:50 +0200 Subject: [PATCH 106/304] Update v-commander --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 1747a5ec..f6a9cf7d 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -149,6 +149,7 @@ do if [ "$answer" = 'quit-on-empty' ]; then echo "== the script will quit on next enter" quit_on_empty=1 + HAS_PARAMETERS=0 fi From 929241c5f787f301da3a6ace160d979729e98d11 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 20:10:05 +0200 Subject: [PATCH 107/304] Version 0.9.9-0-9 --- Changelog.md | 9 +++------ src/deb/latest.txt | 2 +- src/deb/vesta/postinst | 4 ++-- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/Changelog.md b/Changelog.md index d0df650b..f9d95b6c 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,15 +1,12 @@ -Version 0.9.9-0-7 [27-Feb-2024] +Version 0.9.9-0-9 [05-Apr-2024] ================================================== +* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) * Few bugs fixed -Version 0.9.9-0-6 [22-Jan-2024] +Version 0.9.9-0-5 to 0.9.9-0-8 ================================================== * Few bugs fixed -Version 0.9.9-0-5 [08-Oct-2023] -================================================== -* Many bugfixes - Version 0.9.9-0-4 [27-Jun-2023] ================================================== * Support for Debian 12 ( in mutual cooperation with @HestiaCP ) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 9bd24024..df77dd74 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-8 +vesta-0.9.9-0-9 \ No newline at end of file diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index e53fee72..4d414655 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -22,8 +22,8 @@ if [ ! -d "/usr/local/vesta/data/upgrades" ]; then fi # show changelog after update -# echo "1" > /usr/local/vesta/data/upgrades/show_changelog -# chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +echo "1" > /usr/local/vesta/data/upgrades/show_changelog +chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Fixing 'dh key too small' in dovecot if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then From 40afd5b5c84719eeff4f2ce34bba5051ee631e10 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 9 Apr 2024 16:44:05 +0200 Subject: [PATCH 108/304] Create v-edit-domain-php-ini --- bin/v-edit-domain-php-ini | 80 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 bin/v-edit-domain-php-ini diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini new file mode 100644 index 00000000..027547fe --- /dev/null +++ b/bin/v-edit-domain-php-ini @@ -0,0 +1,80 @@ +#!/bin/bash +# info: Edit php.ini for certain domain +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain) + +if [ -z "$fpm_ver" ]; then + echo "PHP version for domain $domain could not be determined." + exit 1 +fi + +config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf" + +if command -v mcedit >/dev/null; then + mcedit "$config_file" +else + nano "$config_file" +fi + +echo "Restarting PHP-FPM service for PHP version $fpm_ver..." +echo "" +systemctl restart php${fpm_ver}-fpm + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 1; From f540cf9f2ab872e1fff74246723c68678b4c1f26 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 11 Apr 2024 12:18:39 +0200 Subject: [PATCH 109/304] Update v-edit-domain-php-ini --- bin/v-edit-domain-php-ini | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 027547fe..83d52613 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -70,8 +70,9 @@ else fi echo "Restarting PHP-FPM service for PHP version $fpm_ver..." -echo "" systemctl restart php${fpm_ver}-fpm +echo "The PHP-FPM service for PHP version 7.0 has been restarted successfully." +echo "" #----------------------------------------------------------# # Vesta # From 6514ea1d388dfcc5a5707c8a57cbc93d502c9073 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 11 Apr 2024 15:43:41 +0200 Subject: [PATCH 110/304] Create v-edit-php-ini --- bin/v-edit-php-ini | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 bin/v-edit-php-ini diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini new file mode 100644 index 00000000..4806a48f --- /dev/null +++ b/bin/v-edit-php-ini @@ -0,0 +1,62 @@ +#!/bin/bash +# info: Edit php.ini for a specific PHP version + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# List available PHP versions and store them into an array +mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php) + +echo "Available PHP versions:" +PS3="Please select the PHP version you want to edit php.ini for: " + +select php_version in "${php_versions[@]}"; do + if [[ -n $php_version ]]; then + break + else + echo "Invalid choice. Please try again." + fi +done + +# Define path to the php.ini file +php_ini_path="/etc/php/${php_version}/fpm/php.ini" + +# Check if php.ini exists for the selected version +if [[ ! -f "$php_ini_path" ]]; then + echo "The php.ini file for the selected PHP version ($php_version) does not exist." + exit 1 +fi + +# Determine the text editor to use +if command -v mcedit >/dev/null 2>&1; then + editor_cmd="mcedit" +elif command -v nano >/dev/null 2>&1; then + editor_cmd="nano" +else + echo "No supported text editor found. Please install 'mcedit' or 'nano'." + exit 1 +fi + +# Open php.ini for the chosen PHP version in the selected editor +echo "Opening $php_ini_path in editor $editor_cmd..." +$editor_cmd "$php_ini_path" + +# Restart the PHP-FPM service for the selected version +echo "Restarting the PHP-FPM service for PHP version $php_version..." +systemctl restart php${php_version}-fpm + +echo "The PHP-FPM service for PHP version $php_version has been restarted successfully." + +#----------------------------------------------------------# +# Exit # +#----------------------------------------------------------# + +exit From 9d6582460684939c414321c2f608dcef094e6f76 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:41:56 +0200 Subject: [PATCH 111/304] v-edit-php tuning --- bin/v-edit-domain-php-ini | 11 ++++++++--- bin/v-edit-php-ini | 10 +++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 83d52613..351f34bc 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -69,13 +69,18 @@ else nano "$config_file" fi -echo "Restarting PHP-FPM service for PHP version $fpm_ver..." +echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" systemctl restart php${fpm_ver}-fpm -echo "The PHP-FPM service for PHP version 7.0 has been restarted successfully." +if [ $? -ne 0 ]; then + systemctl status php${fpm_ver}-fpm + check_result $E_RESTART "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" +else + echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." +fi echo "" #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# -exit 1; +exit 0; diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 4806a48f..696b60ec 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -52,11 +52,15 @@ $editor_cmd "$php_ini_path" # Restart the PHP-FPM service for the selected version echo "Restarting the PHP-FPM service for PHP version $php_version..." systemctl restart php${php_version}-fpm - -echo "The PHP-FPM service for PHP version $php_version has been restarted successfully." +if [ $? -ne 0 ]; then + systemctl status php${php_version}-fpm + check_result $E_RESTART "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" +else + echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." +fi #----------------------------------------------------------# # Exit # #----------------------------------------------------------# -exit +exit 0; From cc3437c287cf5ae1bbdb769fdd910b0db19411ef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:50:26 +0200 Subject: [PATCH 112/304] v-edit-php return fix --- bin/v-edit-domain-php-ini | 5 ++++- bin/v-edit-php-ini | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 351f34bc..890ce047 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -73,7 +73,10 @@ echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" systemctl restart php${fpm_ver}-fpm if [ $? -ne 0 ]; then systemctl status php${fpm_ver}-fpm - check_result $E_RESTART "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "=========================" + echo "" + echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." fi diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 696b60ec..4874b8a0 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -54,7 +54,10 @@ echo "Restarting the PHP-FPM service for PHP version $php_version..." systemctl restart php${php_version}-fpm if [ $? -ne 0 ]; then systemctl status php${php_version}-fpm - check_result $E_RESTART "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "=========================" + echo "" + echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." fi From 9b0f9e5876b7cf6d38cc69e158a55cb4f8888b58 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:55:41 +0200 Subject: [PATCH 113/304] Version 0.9.9-0-10 --- Changelog.md | 5 +++++ bin/v-edit-domain-php-ini | 1 + bin/v-edit-php-ini | 1 + src/deb/latest.txt | 2 +- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index f9d95b6c..b13f0080 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,8 @@ +Version 0.9.9-0-10 [11-Apr-2024] +================================================== +* Introducing v-edit-php-ini command +* Introducing v-edit-domain-php-ini command + Version 0.9.9-0-9 [05-Apr-2024] ================================================== * Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 890ce047..9eadfcee 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -76,6 +76,7 @@ if [ $? -ne 0 ]; then echo "=========================" echo "" echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 4874b8a0..0155e6bb 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -57,6 +57,7 @@ if [ $? -ne 0 ]; then echo "=========================" echo "" echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." diff --git a/src/deb/latest.txt b/src/deb/latest.txt index df77dd74..bc58cb6b 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-9 \ No newline at end of file +vesta-0.9.9-0-10 \ No newline at end of file From 65d4f0e65ee2d4442551b93dd19e55135ff4641b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 19 Apr 2024 09:12:57 +0200 Subject: [PATCH 114/304] deb12 exim4: message_linelength_limit = 1G Preventing exim4 error: message has lines too long for transport --- install/debian/12/exim/exim4.conf.template | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 81746a7a..aeb83726 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -355,6 +355,7 @@ remote_smtp: dkim_strict = 0 hosts_try_fastopen = hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G procmail: driver = pipe From 05f5288d9b7dc2014e4fb624077a3476fbe1c8d9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 24 Apr 2024 13:14:36 +0200 Subject: [PATCH 115/304] Update v-clone-website: --skip-plugins --skip-themes --- bin/v-clone-website | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 0daf403c..049b0cf4 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -421,10 +421,10 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid + sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid + sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi sudo -H -u$TO_USER wp cache flush sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force From dcd0bf2d64dcfe8e24a32f6ab8271a0724fc1de0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 24 Apr 2024 13:56:28 +0200 Subject: [PATCH 116/304] Update v-clone-website: wp-cli to use proper php version --- bin/v-clone-website | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 049b0cf4..44252313 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -419,16 +419,17 @@ if [ $IT_IS_WP -eq 0 ]; then php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi - sudo -H -u$TO_USER wp cache flush - sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force - sudo -H -u$TO_USER wp config shuffle-salts + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- From 66ae5580cdeb7d4c188c97a5aa22cf25f0c89910 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 20:28:05 +0200 Subject: [PATCH 117/304] Fix mailadress and subject --- func/db.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/func/db.sh b/func/db.sh index 20230fec..58a339ee 100644 --- a/func/db.sh +++ b/func/db.sh @@ -29,6 +29,9 @@ mysql_connect() { mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1 if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\ $SENDMAIL -s "$subj" $email fi @@ -59,6 +62,9 @@ mysql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat $err)" |\ $SENDMAIL -s "$subj" $email fi @@ -82,6 +88,9 @@ psql_connect() { psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi @@ -103,6 +112,9 @@ psql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi From 4acfa26de55171931d3a9fe6764f46e46e0a082e Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 20:28:31 +0200 Subject: [PATCH 118/304] Fix emailadres and subject --- func/rebuild.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/func/rebuild.sh b/func/rebuild.sh index b4a5f73d..ae267e8b 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -610,6 +610,9 @@ rebuild_pgsql_database() { if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then echo "Error: postgresql config parsing failed" if [ ! -z "$SENDMAIL" ]; then + subj="Error: postgresql config parsing failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email fi log_event "$E_PARSING" "$ARGUMENTS" @@ -621,6 +624,9 @@ rebuild_pgsql_database() { if [ '0' -ne "$?" ]; then echo "Error: Connection failed" if [ ! -z "$SENDMAIL" ]; then + subj="Error: Connection failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo "Database connection to PostgreSQL host $HOST failed" |\ $SENDMAIL -s "$subj" $email fi From 806ebf1db6e45b9fa481b0a16b1bf47e2a991017 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 21:21:32 +0200 Subject: [PATCH 119/304] disable root login phpmyadmin --- install/vst-install-debian.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 9ba1a2ec..e85517d8 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1364,6 +1364,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi if [ "$release" -gt 10 ]; then echo "=== Configure phpMyAdmin (Debian11 custom part)" @@ -1381,6 +1384,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi fi From 763eea5c5873962f8a07391b65934888f265afbf Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 15 May 2024 19:42:42 +0200 Subject: [PATCH 120/304] Update install-new-roundcube.sh - version 1.6.6 --- src/deb/for-download/tools/install-new-roundcube.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh index 8838e0ab..0f6a343a 100644 --- a/src/deb/for-download/tools/install-new-roundcube.sh +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -3,7 +3,7 @@ USER='webmail' DOMAIN='' # enter domain or subdomain -VERSION='1.6.1' +VERSION='1.6.6' DOWNLOAD="https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz" LOGINMESSAGE1='Click here for NEW Webmail' From 81f507b3c4cb9fd22168b7cce4bf99a2043f4e2a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 16 May 2024 12:15:20 +0200 Subject: [PATCH 121/304] nodejs templates ssl fix --- .../node-app-3000-no-https-force.stpl | 7 ++++--- .../node-app-3000-pass-to-https.stpl | 5 +++-- .../tools/nodejs-nginx-templates/node-app-3000.stpl | 7 ++++--- .../node-app-4000-and-websocket-6001.stpl | 5 +++-- .../node-app-also-handle-static-files-3000.stpl | 5 +++-- 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index d66f80be..f0814ded 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -41,7 +42,7 @@ server { } - location ~ /\.ht {return 404;} + location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl index 27dd354b..dc18c496 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index d66f80be..f0814ded 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -41,7 +42,7 @@ server { } - location ~ /\.ht {return 404;} + location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl index d8a23009..c58ef84a 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl index a6a0b744..39e58f1f 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; From 491ac6255c38c202baf2d2eaedfc081c1572a592 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:49:06 +0200 Subject: [PATCH 122/304] Create v-run-wpcli --- bin/v-run-wpcli | 77 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 bin/v-run-wpcli diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli new file mode 100644 index 00000000..3504ebe1 --- /dev/null +++ b/bin/v-run-wpcli @@ -0,0 +1,77 @@ +#!/bin/bash +# info: Run WP CLI command for a specific domain +# options: DOMAIN WP_CLI_COMMAND + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +wp_command=${@:2} # Sve nakon prvog argumenta smatra se delom WP CLI komande + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + +if ! command -v wp &> /dev/null; then + echo "WP CLI is not installed. Installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + echo "WP CLI installed successfully." +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html +sudo -u $USER wp $wp_command + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From 9cf91d5535c8888b84e8b86cefe1204431f156c5 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:49:54 +0200 Subject: [PATCH 123/304] Create v-add-wordpress-admin --- bin/v-add-wordpress-admin | 75 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 bin/v-add-wordpress-admin diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin new file mode 100644 index 00000000..a5fb98a6 --- /dev/null +++ b/bin/v-add-wordpress-admin @@ -0,0 +1,75 @@ +#!/bin/bash +# info: Add a WordPress admin user to a specific domain +# options: DOMAIN USERNAME PASSWORD EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +username=$2 +password=$3 +email=$4 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +# Check if WP CLI is installed and install it if not +if ! command -v wp &> /dev/null; then + echo "WP CLI is not installed. Installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + echo "WP CLI installed successfully." +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html +sudo -u $USER wp user create $username $email --role=administrator --user_pass="$password" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From abc2377dade85b108dad0d3521c9d41214e6723a Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:50:50 +0200 Subject: [PATCH 124/304] Update v-run-wpcli --- bin/v-run-wpcli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli index 3504ebe1..8937642a 100644 --- a/bin/v-run-wpcli +++ b/bin/v-run-wpcli @@ -19,7 +19,7 @@ SILENT_MODE=1 # Argument definition domain=$1 -wp_command=${@:2} # Sve nakon prvog argumenta smatra se delom WP CLI komande +wp_command=${@:2} user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) USER=$user From e51cd34f77125494963aea14ae887380b9bb03b9 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:51:42 +0200 Subject: [PATCH 125/304] Update v-add-wordpress-admin --- bin/v-add-wordpress-admin | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index a5fb98a6..4fc71c05 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -53,7 +53,11 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi -# Check if WP CLI is installed and install it if not +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + if ! command -v wp &> /dev/null; then echo "WP CLI is not installed. Installing..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp From 75ffd02ff9d1e605be1f5c9fecd0eb92e440c910 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 14:16:53 +0200 Subject: [PATCH 126/304] nodejs tpl fix --- .../nodejs-nginx-templates/node-app-3000-no-https-force.stpl | 2 +- .../nodejs-nginx-templates/node-app-3000-pass-to-https.stpl | 2 +- .../tools/nodejs-nginx-templates/node-app-3000.stpl | 2 +- .../node-app-4000-and-websocket-6001.stpl | 2 +- .../node-app-also-handle-static-files-3000.stpl | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index f0814ded..30ceab98 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl index dc18c496..1387a879 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index f0814ded..30ceab98 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl index c58ef84a..70fa2866 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl index 39e58f1f..415b6f9c 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; From 21f7a509cb33ab2be181acdbb0dca19e42fee663 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 14:38:21 +0200 Subject: [PATCH 127/304] nginx nodejs tpl CRLF to LF --- .../node-app-3000-no-https-force.stpl | 106 +++++++++--------- .../nodejs-nginx-templates/node-app-3000.stpl | 106 +++++++++--------- 2 files changed, 106 insertions(+), 106 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index 30ceab98..f49e99dc 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -1,54 +1,54 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index 30ceab98..f49e99dc 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -1,54 +1,54 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file From c3985ba95e468d038d2a7e2e67b9e6ca0006d32d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 15:26:39 +0200 Subject: [PATCH 128/304] Create v-backup-user-now --- bin/v-backup-user-now | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 bin/v-backup-user-now diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now new file mode 100644 index 00000000..3a20b4ce --- /dev/null +++ b/bin/v-backup-user-now @@ -0,0 +1,5 @@ +#!/bin/bash + +export ALLOW_BACKUP_ANYTIME='yes' + +nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 From f99bcf874630e6591917db8ef6a8615ba21352bd Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 09:19:22 +0200 Subject: [PATCH 129/304] Update v-migrate-site-to-https --- bin/v-migrate-site-to-https | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 6c6c8653..de3a068c 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -102,13 +102,13 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN" TO_REPLACE2="https://www.$FROM_DOMAIN" if [ $IT_IS_WP -eq 0 ]; then - if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then - echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/" - exit 7 - fi - if [ ! -f "/usr/bin/php7.0" ]; then - echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0" - exit 8 + if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then + if [ ! -f "/usr/bin/git" ]; then + apt-get update > /dev/null 2>&1 + apt-get -y install git > /dev/null 2>&1 + fi + cd /root + git clone https://github.com/interconnectit/Search-Replace-DB.git fi else if [ ! -f "/usr/local/bin/wp" ]; then @@ -164,9 +164,9 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC if [ $IT_IS_WP -eq 0 ]; then echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" From a8435cab14187fc5ecc42798a3cc3dea17c5b35f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 12:37:26 +0200 Subject: [PATCH 130/304] hosting-firewall-wordpress-2 --- .../force-https-firewall-wordpress-2.stpl | 95 +++++++++++++++++++ .../force-https-firewall-wordpress-2.tpl | 8 ++ .../hosting-firewall-wordpress-2.stpl | 95 +++++++++++++++++++ .../hosting-firewall-wordpress-2.tpl | 92 ++++++++++++++++++ .../rate-limit-tpl/install_rate_limit_tpl.sh | 5 + 5 files changed, 295 insertions(+) create mode 100644 src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl new file mode 100644 index 00000000..44f6162c --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl @@ -0,0 +1,92 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 4a910d0f..8f4d4e88 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -71,4 +71,9 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordp wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl + systemctl restart nginx From 7a13c03e9a91cd40934519e91138223f4d8b89ac Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:48:11 +0200 Subject: [PATCH 131/304] Update v-migrate-site-to-https to use $phpver --- bin/v-migrate-site-to-https | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index de3a068c..6f28e2f7 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -94,6 +94,8 @@ if [ "$DB_EXISTS" = "no" ]; then exit 6 fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN") + # ----------- CHECK ------------- FROM_REPLACE1="http://$FROM_DOMAIN" @@ -170,9 +172,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi echo "===== DONE ====" From 8a8422539c71f8104d645b5b4f43396c69f04ab5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:52:46 +0200 Subject: [PATCH 132/304] Update v-migrate-site-to-https to use $phpver --- bin/v-migrate-site-to-https | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 6f28e2f7..b6f4295b 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -172,9 +172,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi echo "===== DONE ====" From 6a72798abae0065e7f1535e6fd7947ecee871823 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:55:10 +0200 Subject: [PATCH 133/304] Update v-clone-website to use $phpver --- bin/v-clone-website | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 44252313..f0db7246 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -422,14 +422,14 @@ else phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- From 67b8376608ad35bc4b9e1ce7baa3627889a23d8a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 14:02:52 +0200 Subject: [PATCH 134/304] Update v-add-wordpress-admin to use $phpver --- bin/v-add-wordpress-admin | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 4fc71c05..3814e51a 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -65,12 +65,14 @@ if ! command -v wp &> /dev/null; then echo "WP CLI installed successfully." fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") + #----------------------------------------------------------# # Action # #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER wp user create $username $email --role=administrator --user_pass="$password" +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; #----------------------------------------------------------# # Vesta # From d59c4fafe270856fd3468b563c7e990d5b576915 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 14:11:17 +0200 Subject: [PATCH 135/304] Update v-run-wpcli to use $phpver --- bin/v-run-wpcli | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli index 8937642a..3ab4b4e5 100644 --- a/bin/v-run-wpcli +++ b/bin/v-run-wpcli @@ -63,12 +63,14 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") + #----------------------------------------------------------# # Action # #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER wp $wp_command +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; #----------------------------------------------------------# # Vesta # From 30fb3d6a6c8bd88acb59fc0a85430c2e5b76df0a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 15:05:43 +0200 Subject: [PATCH 136/304] Update v-delete-user: rm -rf /hdd/home/$user --- bin/v-delete-user | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-delete-user b/bin/v-delete-user index c452f0a0..120b1f72 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,6 +94,9 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user +if [ -f "/hdd/home/$user" ]; then + rm -rf /hdd/home/$user +fi rm -f /var/spool/mail/$user rm -f /var/spool/cron/$user rm -f /var/spool/cron/crontabs/$user From 357b20cc52bebfc8910c67688489218c642c5c9d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 30 May 2024 17:01:39 +0200 Subject: [PATCH 137/304] Rename v-run-wpcli to v-run-wp-cli --- bin/{v-run-wpcli => v-run-wp-cli} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename bin/{v-run-wpcli => v-run-wp-cli} (100%) diff --git a/bin/v-run-wpcli b/bin/v-run-wp-cli similarity index 100% rename from bin/v-run-wpcli rename to bin/v-run-wp-cli From edf1f616b249009af6d03a29e6ea3f04fa46e9eb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 17:23:43 +0200 Subject: [PATCH 138/304] Update v-run-wp-cli: removing --skip-plugins and --skip-themes --- bin/v-run-wp-cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 3ab4b4e5..672832ab 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -70,7 +70,7 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command #----------------------------------------------------------# # Vesta # From 72baf4c702d7c34f2b83d47e19a8ed27c65a4200 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 17:29:18 +0200 Subject: [PATCH 139/304] Version 0.9.9-0-11 --- Changelog.md | 6 ++++++ src/deb/latest.txt | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index b13f0080..9c679c51 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,9 @@ +Version 0.9.9-0-11 [30-May-2024] +================================================== +* Introducing v-run-wp-cli command +* Introducing v-add-wordpress-admin command +* Few bugs fixed + Version 0.9.9-0-10 [11-Apr-2024] ================================================== * Introducing v-edit-php-ini command diff --git a/src/deb/latest.txt b/src/deb/latest.txt index bc58cb6b..4b6e56b5 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-10 \ No newline at end of file +vesta-0.9.9-0-11 \ No newline at end of file From 7fa725b893d9d476e621d10a529de90c0f219b90 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 19:35:12 +0200 Subject: [PATCH 140/304] Update Changelog.md --- Changelog.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Changelog.md b/Changelog.md index 9c679c51..7d22747a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,13 +1,13 @@ Version 0.9.9-0-11 [30-May-2024] ================================================== -* Introducing v-run-wp-cli command -* Introducing v-add-wordpress-admin command +* Introducing v-run-wp-cli command ( @isscbta ) +* Introducing v-add-wordpress-admin command ( @isscbta ) * Few bugs fixed Version 0.9.9-0-10 [11-Apr-2024] ================================================== -* Introducing v-edit-php-ini command -* Introducing v-edit-domain-php-ini command +* Introducing v-edit-php-ini command ( @isscbta ) +* Introducing v-edit-domain-php-ini command ( @isscbta ) Version 0.9.9-0-9 [05-Apr-2024] ================================================== From c1f7c91953f0c06d2d6d5984c98ddc14574975ba Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:55:33 +0200 Subject: [PATCH 141/304] Added support for PHP 8.3 --- bin/v-activate-rocket-nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx index bd4145cc..de8f6c5f 100644 --- a/bin/v-activate-rocket-nginx +++ b/bin/v-activate-rocket-nginx @@ -126,7 +126,7 @@ else chown $user:$user /home/$user/web/$domain/cron.log case $fpm_ver in - 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2) + 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1" ;; esac From 7ff828bf1444d5f36899b328675e757e6fe98bfe Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 12 Aug 2024 12:45:58 +0200 Subject: [PATCH 142/304] Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */ --- bin/v-import-cpanel-backup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index f92ae5af..a70213dd 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -157,9 +157,11 @@ for sk_dbr in $sk_db_list echo " Create and restore ${sk_dbr} " sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" From 574fff064249b5acc3c67009e6a5d249027a609d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:44:30 +0200 Subject: [PATCH 143/304] Update multi-php-install.sh - removing buster sury repo --- src/deb/for-download/tools/multi-php-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index bea7774f..bf5da7b7 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -103,9 +103,9 @@ if [ "$inst_repo" -eq 1 ]; then if [ $debian_version -ge 10 ]; then wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi - if [ $debian_version -eq 10 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' - fi + # if [ $debian_version -eq 10 ]; then + # sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' + # fi if [ $debian_version -eq 11 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' fi From 1ee49205769ac2ef2957f089839c2d647940bb8c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:49:46 +0200 Subject: [PATCH 144/304] Update multi-php-install.sh --- src/deb/for-download/tools/multi-php-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index bf5da7b7..6a65a888 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -100,7 +100,7 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - if [ $debian_version -ge 10 ]; then + if [ $debian_version -ge 11 ]; then wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi # if [ $debian_version -eq 10 ]; then From 6e7954db5522f247e4431bbd25df2b8ef7246695 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 15 Aug 2024 10:19:34 +0200 Subject: [PATCH 145/304] Fixing Issue #185 --- install/debian/10/templates/web/awstats/awstats.tpl | 2 +- install/debian/11/templates/web/awstats/awstats.tpl | 2 +- install/debian/12/templates/web/awstats/awstats.tpl | 2 +- install/debian/8/templates/web/awstats/awstats.tpl | 2 +- install/debian/9/templates/web/awstats/awstats.tpl | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/install/debian/10/templates/web/awstats/awstats.tpl b/install/debian/10/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/10/templates/web/awstats/awstats.tpl +++ b/install/debian/10/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/11/templates/web/awstats/awstats.tpl b/install/debian/11/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/11/templates/web/awstats/awstats.tpl +++ b/install/debian/11/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/12/templates/web/awstats/awstats.tpl b/install/debian/12/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/12/templates/web/awstats/awstats.tpl +++ b/install/debian/12/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/8/templates/web/awstats/awstats.tpl b/install/debian/8/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/8/templates/web/awstats/awstats.tpl +++ b/install/debian/8/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/9/templates/web/awstats/awstats.tpl b/install/debian/9/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/9/templates/web/awstats/awstats.tpl +++ b/install/debian/9/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" From b9f89d0416f326d1a4a902bc332288a41d56b815 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 23 Aug 2024 15:54:57 +0200 Subject: [PATCH 146/304] Update v-make-separated-ip-for-email - fix for deb 10 and 11 --- bin/v-make-separated-ip-for-email | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 49d31f45..17a0d0ca 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -139,6 +139,15 @@ if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template + + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 11 ]; then + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template + fi + if [ "$release" -lt 12 ]; then + sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template + fi + sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template @@ -168,9 +177,10 @@ if [ "$check_grep" -eq 0 ]; then fi systemctl restart exim4 if [ $? -ne 0 ]; then + systemctl status exim4 cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template systemctl restart exim4 - echo "=== Patching failed, aborting" + echo "=== Patching failed, old exim conf returned, exim4 restarted again." exit 1 fi echo "=== Patching successful" From a99ae91c21758075726433f8449c035b78480bce Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Sep 2024 20:22:56 +0200 Subject: [PATCH 147/304] Update v-update-firewall: $FIREWALL_STATEFUL conf variable --- bin/v-update-firewall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-update-firewall b/bin/v-update-firewall index d3a46686..142cb39b 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp echo "$iptables -F INPUT" >> $tmp # Enabling stateful support -if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then +if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then str="$iptables -A INPUT -m state" str="$str --state ESTABLISHED,RELATED -j ACCEPT" echo "$str" >> $tmp From 3ed2cfa07b25f71a71fcf9ba266ce615328339d6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:37:34 +0300 Subject: [PATCH 148/304] Removing whitespace in php patch --- src/deb/for-download/tools/patches/php8.2.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/patches/php8.2.patch b/src/deb/for-download/tools/patches/php8.2.patch index 1083a720..ed127499 100644 --- a/src/deb/for-download/tools/patches/php8.2.patch +++ b/src/deb/for-download/tools/patches/php8.2.patch @@ -5,7 +5,7 @@ ; It receives a comma-delimited list of function names. ; https://php.net/disable-functions -disable_functions = -+ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ; This directive allows you to disable certain classes. ; It receives a comma-delimited list of class names. From c32bd2c7098d9b1a70dda272b90dcabfa00e3c28 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 19 Sep 2024 17:32:22 +0200 Subject: [PATCH 149/304] Generate random root password instead of using admin password --- bin/v-commander | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index f6a9cf7d..834fb38b 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -535,11 +535,11 @@ do echo "--- New settings ---" grep '^PermitRoot' /etc/ssh/sshd_config echo "--------------------" - adminline=$(grep '^admin:' /etc/shadow) - adminline=${adminline:6} - adminline="root:$adminline" - sed -i "s#^root:.*#$adminline#" /etc/shadow - echo "root password is now the same as admin password." + root_password=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32) + hashed_root_password=$(openssl passwd -6 "$root_password") + sed -i "s#^root:.*#root:$hashed_root_password#" /etc/shadow + echo "Root password is now a new random password." + echo "New root password: $root_password" echo "--------------------" grep '^root:' /etc/shadow grep '^admin:' /etc/shadow @@ -549,7 +549,6 @@ do echo "--------------------" fi - if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then echo "=============================" echo "== Rebooting the server" From c148a1ed79d6a46f18270137f6d2d24693432d00 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 19 Sep 2024 19:01:21 +0200 Subject: [PATCH 150/304] Create v-get-dns-config --- bin/v-get-dns-config | 70 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 bin/v-get-dns-config diff --git a/bin/v-get-dns-config b/bin/v-get-dns-config new file mode 100644 index 00000000..d759c489 --- /dev/null +++ b/bin/v-get-dns-config @@ -0,0 +1,70 @@ +#!/bin/bash +# info: Get domain DNS config.db file content +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DNS_FILE="/home/$user/conf/dns/$domain.db" + +if [ -f "$DNS_FILE" ]; then + cat "$DNS_FILE" +else + echo "DNS configuration file for $domain does not exist." + exit 1 +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From 76ad95da649ae2c2f9219d15e9c6b6dd8edff1ca Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 26 Sep 2024 20:00:41 +0200 Subject: [PATCH 151/304] Update vst-install-debian.sh - removing phppgadmin --- install/vst-install-debian.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index e85517d8..75dfd1d7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -27,7 +27,7 @@ if [ "$release" -eq 12 ]; then vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core roundcube-mysql roundcube-plugins mariadb-server mariadb-common - mariadb-client postgresql postgresql-contrib phppgadmin phpmyadmin mc + mariadb-client postgresql postgresql-contrib phpmyadmin mc flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl @@ -1118,7 +1118,9 @@ if [ "$nginx" = 'yes' ]; then cp -f $vestacp/nginx/nginx.conf /etc/nginx/ cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ - cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + if [ "$release" -lt 12 ]; then + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + fi cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ @@ -1404,10 +1406,12 @@ if [ "$postgresql" = 'yes' ]; then sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin - if [ "$apache" = 'yes' ]; then - cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + if [ "$release" -lt 12 ]; then + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + fi + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi - cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi From e79acf1828ba57df6da5454eaf3191113f828ecb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 7 Oct 2024 20:04:46 +0200 Subject: [PATCH 152/304] v-make-main-apache-log --- bin/v-make-main-apache-log | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 bin/v-make-main-apache-log diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log new file mode 100644 index 00000000..dc124064 --- /dev/null +++ b/bin/v-make-main-apache-log @@ -0,0 +1,20 @@ +#!/bin/bash + +touch /var/log/apache2/time.log +# truncate -s 0 /var/log/apache2/time.log +chmod 0640 /var/log/apache2/time.log +chown root:adm /var/log/apache2/time.log +find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then + sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\"" time|g' /etc/apache2/apache2.conf +fi +systemctl restart apache2 + +if [ ! -f "/root/analyze-traffic-per-time.php" ]; then + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-time.php -O /root/analyze-traffic-per-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-time.php -O /root/analyze-traffic-per-site-sort-by-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-hits.php -O /root/analyze-traffic-per-site-sort-by-hits.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-time.php -O /root/analyze-traffic-per-ip-sort-by-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-hits.php -O /root/analyze-traffic-per-ip-sort-by-hits.php +fi From acfc563a6c8f469cb8e98c7b681fb9cf821fd476 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 14 Oct 2024 17:51:26 +0200 Subject: [PATCH 153/304] Logging apache pid in v-make-main-apache-log --- bin/v-make-main-apache-log | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log index dc124064..96e91877 100644 --- a/bin/v-make-main-apache-log +++ b/bin/v-make-main-apache-log @@ -7,7 +7,7 @@ chown root:adm /var/log/apache2/time.log find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then - sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\"" time|g' /etc/apache2/apache2.conf + sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf fi systemctl restart apache2 From 24371b8bbfa16ee3e9137f29b0f37420cb9afabc Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Oct 2024 22:12:23 +0200 Subject: [PATCH 154/304] Update v-clone-website: adding --EXCLUDE_UPLOADS parameter --- bin/v-clone-website | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index f0db7246..8670ee3a 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -313,6 +313,7 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL" echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT" echo "SEARCH_FOR_CONFIGS_DATABASE_NAME = $SEARCH_FOR_CONFIGS_DATABASE_NAME" echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME" +echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS" echo "===============================================================================" read -p "=== Press Enter to continue ===" @@ -373,14 +374,22 @@ cd /root/temp mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql +rm $FROM_DATABASE_NAME.sql + +EXCLUDE='' +if [ ! -z "$EXCLUDE_UPLOADS" ]; then + EXCLUDE="--exclude '/wp-content/uploads/*'" +fi echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER" if [ "$SITE_SUBFOLDER" != ".." ]; then - echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/" - rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/ + run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run else - echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" - rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/ + run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run fi echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER" chown -R $TO_USER:$TO_USER $TO_FOLDER From da84a0b9131ddbc42d0e7fc3f6311181b9fbeb54 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Oct 2024 18:08:09 +0200 Subject: [PATCH 155/304] v-fix-php-ini-disable-functions --- bin/v-fix-php-ini-disable-functions | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 bin/v-fix-php-ini-disable-functions diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions new file mode 100644 index 00000000..1324bfa2 --- /dev/null +++ b/bin/v-fix-php-ini-disable-functions @@ -0,0 +1,28 @@ +#!/bin/bash + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +echo "=== Fixing php.ini files to have the correct disable_functions line" + +export NOTFOUNDVAL="exec,system,passthru,shell_exec" +export LINEBEGINSWITH="disable_functions =" +export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" + +echo "== Fixing existing lines" +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; done' _ + +export NOTFOUNDVAL2="^$LINEBEGINSWITH" +export REMOVELINETHATCONTAINS=$LINEBEGINSWITH + +echo "== Adding missing lines" +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; done' _ + +echo "== Restarting all PHP-FPM services" +systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart + +echo "=== Everything done." +exit 0 From afc6b62d5cd927377d5a435232bbdd21078996f8 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Oct 2024 20:57:20 +0200 Subject: [PATCH 156/304] v-fix-php-ini-disable-dunctions exclude patching --- bin/v-fix-php-ini-disable-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions index 1324bfa2..a9d572f6 100644 --- a/bin/v-fix-php-ini-disable-functions +++ b/bin/v-fix-php-ini-disable-functions @@ -13,13 +13,13 @@ export LINEBEGINSWITH="disable_functions =" export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" echo "== Fixing existing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ export NOTFOUNDVAL2="^$LINEBEGINSWITH" export REMOVELINETHATCONTAINS=$LINEBEGINSWITH echo "== Adding missing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ echo "== Restarting all PHP-FPM services" systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart From 89fc5a1ebd94be9ab0588a2386f81ee6739ed44f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:07:38 +0100 Subject: [PATCH 157/304] SRS support for Exim4 --- bin/v-add-srs-support-to-exim | 65 ++++++++++++++++++++++ install/debian/12/exim/exim4.conf.template | 40 ++++++++++++- install/vst-install-debian.sh | 12 +++- 3 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 bin/v-add-srs-support-to-exim diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim new file mode 100644 index 00000000..39d92e63 --- /dev/null +++ b/bin/v-add-srs-support-to-exim @@ -0,0 +1,65 @@ +#!/bin/bash + +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + +echo "=== Addind SRS support to Exim4 ===" +# SRS support is taken from HestiaCP + +if [ ! -f "/etc/exim4/srs.conf" ]; then + echo "= Generating SRS KEY" + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf +fi + +if [ -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then + echo "= Backing up /etc/exim4/exim4.conf.template" + cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs +fi + +if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf" + v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Patching \"dnslookup:\" block" + /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' ' no_more' 'dnslookup:\n driver = dnslookup\n # if outbound, and forwarding has been done, use an alternate transport\n domains = ! +local_domains\n transport = ${if eq {$local_part@$domain} \\n {$original_local_part@$original_domain} \\n {remote_smtp} {remote_forwarded_smtp}}\n no_more' +fi + +if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks" + v-sed 'aliases:' 'inbound_srs:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which are converted to SRS, and decode them\n condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n data = $srs_recipient\n\ninbound_srs_failure:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which look converted to SRS but are invalid\n condition = ${if inbound_srs {$local_part} {}}\n allow_fail\n data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"remote_forwarded_smtp:\" block" + v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' +fi + +echo "= Restarting exim4 service" +systemctl restart exim4 + +if [ $? -ne 0 ]; then + systemctl status exim4 + cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template + systemctl restart exim4 + echo "=== Patching failed, old exim conf returned, exim4 restarted again." + exit 1 +fi +echo "=== SRS support was added successfully. ===" + +exit 0 diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index aeb83726..ff0d7ab3 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -13,6 +13,8 @@ add_environment=<; PATH=/bin:/usr/bin keep_environment= smtputf8_advertise_hosts = +SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} + #local_interfaces = 0.0.0.0 #smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} #smtp_banner = "$smtp_active_hostname ESMTP $tod_full" @@ -267,8 +269,11 @@ begin routers dnslookup: driver = dnslookup - domains = !+local_domains - transport = remote_smtp + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} no_more localuser_spam: @@ -305,6 +310,23 @@ autoreplay: transport = userautoreply unseen +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are converted to SRS, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look converted to SRS but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + aliases: driver = redirect headers_add = X-redirected: yes @@ -357,6 +379,20 @@ remote_smtp: hosts_try_chunking = !93.188.3.0/24 message_linelength_limit = 1G +remote_forwarded_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + procmail: driver = pipe command = "/usr/bin/procmail -d $local_part" diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 75dfd1d7..62277e06 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -131,7 +131,11 @@ help() { # Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - LENGTH=32 + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi while [ ${n:=1} -le $LENGTH ]; do PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" let n+=1 @@ -1465,6 +1469,12 @@ if [ "$exim" = 'yes' ]; then sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template fi + # Generating SRS KEY - the code is taken from HestiaCP + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf + chmod 640 /etc/exim4/exim4.conf.template rm -rf /etc/exim4/domains mkdir -p /etc/exim4/domains From 24d84de6d282d9a5fd2e40531fe180fb9597b495 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Nov 2024 23:58:05 +0100 Subject: [PATCH 158/304] Update v-fix-php-ini-disable-functions --- bin/v-fix-php-ini-disable-functions | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions index a9d572f6..3bce868f 100644 --- a/bin/v-fix-php-ini-disable-functions +++ b/bin/v-fix-php-ini-disable-functions @@ -3,26 +3,33 @@ whoami=$(whoami) if [ "$whoami" != "root" ]; then echo "You must be root to execute this script" - exit 1 + exit 1; fi +if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi; + echo "=== Fixing php.ini files to have the correct disable_functions line" export NOTFOUNDVAL="exec,system,passthru,shell_exec" export LINEBEGINSWITH="disable_functions =" export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" -echo "== Fixing existing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ export NOTFOUNDVAL2="^$LINEBEGINSWITH" export REMOVELINETHATCONTAINS=$LINEBEGINSWITH -echo "== Adding missing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ -echo "== Restarting all PHP-FPM services" -systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart +if [ -f "/tmp/patched" ]; then + rm /tmp/patched -echo "=== Everything done." -exit 0 + echo "== Restarting all PHP-FPM services" + systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart + + echo "=== Everything done." +else + echo "=== Everything is already correct." +fi + +exit 0; From 46d2a729a1a1e1bdfd9e8b9196a513df576f15ad Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 17:22:47 +0100 Subject: [PATCH 159/304] Update v-clean-garbage --- bin/v-clean-garbage | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 4cfc1f33..a3dfecbc 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -14,6 +14,10 @@ if [ "$whoami" != "root" ]; then exit 1 fi +echo "===== Before cleaning =====" +df -h +echo "===========================" + # Includes source /usr/local/vesta/func/main.sh @@ -107,7 +111,13 @@ fi # Vesta # #----------------------------------------------------------# -echo "=== Garbage cleaned ===" +echo "" +echo "***** Garbage cleaned *****" +echo "" +echo "===== After cleaning ======" +df -h +echo "===========================" + log_event "$OK" "$ARGUMENTS" From f5027aff5de0ad022dce6ec094af6c0f7fd673b6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 18:03:09 +0100 Subject: [PATCH 160/304] Update v-clean-garbage --- bin/v-clean-garbage | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index a3dfecbc..64484db1 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -69,6 +69,8 @@ clean_home() { find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name "*.php" -not -name ".htaccess" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; From 5eb06073199717272bb5be3ce35b6fa364db28d0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 18:23:52 +0100 Subject: [PATCH 161/304] Update exim4.conf.template - avoid ACL error failed to expand ACL string "${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}": failed to open /etc/exim4/domains//aliases for linear search: No such file or directory --- install/debian/12/exim/exim4.conf.template | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index ff0d7ab3..15264797 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -147,6 +147,7 @@ acl_check_rcpt: warn !authenticated = * hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} set acl_m3 = yes From 60ce986ece4739f3e3d76e2b69e1b6dc7885004e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 18:11:14 +0100 Subject: [PATCH 162/304] Update v-add-srs-support-to-exim --- bin/v-add-srs-support-to-exim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 39d92e63..5113c693 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -25,7 +25,7 @@ if [ ! -f "/etc/exim4/srs.conf" ]; then chown root:Debian-exim /etc/exim4/srs.conf fi -if [ -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then +if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then echo "= Backing up /etc/exim4/exim4.conf.template" cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs fi From de2305b3ffe31da361f3f8be906693e53a165b8d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 18:36:32 +0100 Subject: [PATCH 163/304] Update vst-install-debian.sh --- install/vst-install-debian.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 62277e06..625278bc 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1436,7 +1436,7 @@ if [ "$named" = 'yes' ]; then sed -i "s#/etc/bind/\*\* r,#/etc/bind/\*\* rw,\n /home/\*\* rwm,#g" /etc/apparmor.d/usr.sbin.named # service apparmor status >/dev/null 2>&1 # if [ $? -ne 0 ]; then - service apparmor restart + systemctl restart apparmor # fi fi # update-rc.d bind9 defaults @@ -1489,7 +1489,8 @@ if [ "$exim" = 'yes' ]; then #update-rc.d exim4 defaults currentservice='exim4' ensure_startup $currentservice - ensure_start $currentservice + systemctl restart $currentservice + # ensure_start $currentservice fi From 5e9cf711e61fae62fdb4f8e09fa5faec73708a19 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 19:43:49 +0100 Subject: [PATCH 164/304] Add some loops due to 403 errors durring LE request in some random cases Credits to HestiaCP - https://github.com/hestiacp/hestiacp/pull/4622 --- bin/v-add-letsencrypt-domain | 51 +++++++++++++++++++++++++++--------- 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 1f1f5a6e..97e555fa 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -154,6 +154,11 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do done payload=$(echo "$payload"|sed "s/,$//") payload=$payload']}' +# validation='pending' +# # Start counter to avoid infinite loop +# i=0 +# while [ "$validation" = 'pending' ]; do +# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$url" "$payload" "$nonce") @@ -168,10 +173,19 @@ order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n') echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log +validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"') +echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 201 ]]; then echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt new auth status $status" fi +# # Exit the loop after 5 attempts +# i=$((i + 1)) +# if [ $i -gt 5 ]; then +# break +# fi +# sleep 2 +# done # Requesting authorization token / STEP 3 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log @@ -276,19 +290,30 @@ for auth in $authz; do # Doing pol check on status i=1 while [ "$validation" = 'pending' ]; do - echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log - payload='{}' - echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log - answer=$(query_le_v2 "$url" "$payload" "$nonce") - echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log - url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") - echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log - validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") - echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log - nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') - echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log - status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') - echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + i=0 + while true; do + echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log + payload='{}' + echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log + answer=$(query_le_v2 "$url" "$payload" "$nonce") + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log + url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log + validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") + echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log + nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log + status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then + break + fi + i=$((i + 1)) + if ((i > 30)); then + break + fi + sleep 2 + done if [[ "$status" -ne 200 ]]; then echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt validation status $status" From e8c912513d89d426691e40c3d79d39db834f0be9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:19:52 +0100 Subject: [PATCH 165/304] Support for PHP 8.4 --- .../tools/apache-fpm-tpl/PHP-FPM-84-public.sh | 133 ++++++++++++++++++ .../apache-fpm-tpl/PHP-FPM-84-public.stpl | 36 +++++ .../apache-fpm-tpl/PHP-FPM-84-public.tpl | 30 ++++ .../tools/apache-fpm-tpl/PHP-FPM-84.sh | 133 ++++++++++++++++++ .../tools/apache-fpm-tpl/PHP-FPM-84.stpl | 36 +++++ .../tools/apache-fpm-tpl/PHP-FPM-84.tpl | 30 ++++ .../for-download/tools/multi-php-install.sh | 35 ++++- 7 files changed, 432 insertions(+), 1 deletion(-) create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl new file mode 100644 index 00000000..91e05b17 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl new file mode 100644 index 00000000..94acbf15 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl new file mode 100644 index 00000000..848abf7c --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl new file mode 100644 index 00000000..065c1f89 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 6a65a888..cc024202 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -14,6 +14,7 @@ inst_80=0 inst_81=0 inst_82=0 inst_83=0 +inst_84=0 ####################################################################### @@ -60,8 +61,11 @@ fi if [ $# -gt 10 ]; then inst_83=${11} fi +if [ $# -gt 11 ]; then + inst_84=${12} +fi -if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ]; then +if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ] || [ $inst_84 -eq 1 ]; then inst_repo=1 fi @@ -92,6 +96,7 @@ echo "inst_80=$inst_80" echo "inst_81=$inst_81" echo "inst_82=$inst_82" echo "inst_83=$inst_83" +echo "inst_84=$inst_84" echo "wait_to_press_enter=$wait_to_press_enter" press_enter "=== Press enter to continue ===============================================================================" @@ -372,6 +377,33 @@ if [ "$inst_83" -eq 1 ]; then press_enter "=== PHP 8.3 installed, press enter to continue ===============================================================================" fi +if [ "$inst_84" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.4 ===============================================================================" + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick + update-rc.d php8.4-fpm defaults + a2enconf php8.4-fpm + a2dismod php8.4 + apt-get -y remove libapache2-mod-php8.4 + systemctl restart apache2 + cp -r /etc/php/8.4/ /root/vst_install_backups/php8.4/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + echo "=== Patching php.ini for php8.4" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.4.patch + patch /etc/php/8.4/fpm/php.ini < /root/php8.4.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.4/fpm/php.ini + fi + service php8.4-fpm restart + press_enter "=== PHP 8.4 installed, press enter to continue ===============================================================================" +fi + apt update > /dev/null 2>&1 apt upgrade -y > /dev/null 2>&1 @@ -389,6 +421,7 @@ if [ $debian_version -ge 10 ]; then a2dismod php8.1 > /dev/null 2>&1 a2dismod php8.2 > /dev/null 2>&1 a2dismod php8.3 > /dev/null 2>&1 + a2dismod php8.4 > /dev/null 2>&1 a2dismod mpm_prefork > /dev/null 2>&1 a2enmod mpm_event > /dev/null 2>&1 apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 From 2cbf37e4d121328035b603d796a71ffd445bb4f5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:40:57 +0100 Subject: [PATCH 166/304] Temporarily disabling php8.4-memcache, memcached, imagick --- src/deb/for-download/tools/multi-php-install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index cc024202..b3e3afc4 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -379,7 +379,8 @@ fi if [ "$inst_84" -eq 1 ]; then press_enter "=== Press enter to install PHP 8.4 ===============================================================================" - apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip + # php8.4-memcache php8.4-memcached php8.4-imagick update-rc.d php8.4-fpm defaults a2enconf php8.4-fpm a2dismod php8.4 From a7d7c3686c00ed816a6455b7f94f7725e73ffe39 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 14:26:36 +0100 Subject: [PATCH 167/304] Update v-add-srs-support-to-exim: compatibility for Debian < 12 --- bin/v-add-srs-support-to-exim | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 5113c693..b31be1e8 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -50,6 +50,16 @@ if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' fi +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 11 ]; then + echo "= Removing \"smtputf8_advertise_hosts\" line for Debian < 11" + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template +fi +if [ "$release" -lt 12 ]; then + echo "= Removing \"message_linelength_limit\" line for Debian < 12" + sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template +fi + echo "= Restarting exim4 service" systemctl restart exim4 From 8c477c39bf4571f68973c5797f140c6b2ae1e063 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:49:14 +0100 Subject: [PATCH 168/304] Update v-add-srs-support-to-exim: Block execution in Exim < 4.96 --- bin/v-add-srs-support-to-exim | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index b31be1e8..85f1f908 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -14,6 +14,14 @@ gen_pass() { echo "$PASS" } +eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') +eximversioni="${eximversion%%[^0-9]+([0-9])}" +eximversionf="${eximversion##+([0-9])[^0-9]}" +if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." + exit 1; +fi + echo "=== Addind SRS support to Exim4 ===" # SRS support is taken from HestiaCP @@ -50,15 +58,10 @@ if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' fi -release=$(cat /etc/debian_version | tr "." "\n" | head -n1) -if [ "$release" -lt 11 ]; then - echo "= Removing \"smtputf8_advertise_hosts\" line for Debian < 11" - sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template -fi -if [ "$release" -lt 12 ]; then - echo "= Removing \"message_linelength_limit\" line for Debian < 12" - sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template -fi +touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_email_account_max_recipients +touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_hosting_account_max_recipients echo "= Restarting exim4 service" systemctl restart exim4 From 15b5996e4f8aad15e770d1400ae23d5dbff0cf2a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:56:10 +0100 Subject: [PATCH 169/304] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 17a0d0ca..35799b26 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -1,4 +1,4 @@ -#!/bin/bash + #!/bin/bash # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users # options: MAIL_HOSTNAME MAIL_IP @@ -45,7 +45,7 @@ is_domain_format_valid "$MAIL_HOSTNAME" is_ip_format_valid "$MAIL_IP" HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME") -if [ -z "$HOST_USER" ]; then +if [ -z "$HOST_USER" ]; then echo "Error: hostname $HOSTNAME is not created as web domain" exit 4 fi @@ -140,14 +140,18 @@ if [ "$check_grep" -eq 0 ]; then mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -lt 11 ]; then - sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template - fi - if [ "$release" -lt 12 ]; then + eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') + eximversioni="${eximversion%%[^0-9]+([0-9])}" + eximversionf="${eximversion##+([0-9])[^0-9]}" + if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template fi + if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 94 ]; then + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template + fi + sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template From 0f71df9a951f3b49c9d30bb97b87bea11b3e5dc3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:59:43 +0100 Subject: [PATCH 170/304] Create exim4.conf.template.without-srs --- .../12/exim/exim4.conf.template.without-srs | 451 ++++++++++++++++++ 1 file changed, 451 insertions(+) create mode 100644 install/debian/12/exim/exim4.conf.template.without-srs diff --git a/install/debian/12/exim/exim4.conf.template.without-srs b/install/debian/12/exim/exim4.conf.template.without-srs new file mode 100644 index 00000000..78eda468 --- /dev/null +++ b/install/debian/12/exim/exim4.conf.template.without-srs @@ -0,0 +1,451 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### From 74fecc45d36c4f0b802cefa874d3d298b2cf4f2c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:02:05 +0100 Subject: [PATCH 171/304] Update v-add-srs-support-to-exim --- bin/v-add-srs-support-to-exim | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 85f1f908..4b7789ea 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -15,10 +15,9 @@ gen_pass() { } eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') -eximversioni="${eximversion%%[^0-9]+([0-9])}" -eximversionf="${eximversion##+([0-9])[^0-9]}" -if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then +if (( $(echo "$eximversion < 4.96" | bc -l) )); then echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." + echo "You have Exim $eximversion" exit 1; fi From a2ed0dbf7ac43dc37d3c57987cee3ab2e71edf04 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:03:53 +0100 Subject: [PATCH 172/304] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 35799b26..15e42c05 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -141,14 +141,12 @@ if [ "$check_grep" -eq 0 ]; then cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') - eximversioni="${eximversion%%[^0-9]+([0-9])}" - eximversionf="${eximversion##+([0-9])[^0-9]}" - if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + if (( $(echo "$eximversion < 4.96" | bc -l) )); then cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template fi - if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 94 ]; then + if (( $(echo "$eximversion < 4.94" | bc -l) )); then sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template fi From 015b3c4571d3972cd3c2fb072e9f2fa921944ac5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:17:29 +0100 Subject: [PATCH 173/304] nginx deny rules conf --- bin/v-add-firewall-ban | 5 +++++ bin/v-delete-firewall-ban | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index a1eed13e..3bdc8170 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -72,6 +72,11 @@ $iptables -I fail2ban-$chain 1 -s $ip \ # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + echo "deny $ip;" >> /etc/nginx/conf.d/block.conf + systemctl reload nginx +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-ban b/bin/v-delete-firewall-ban index 52f3403d..cb5b352c 100755 --- a/bin/v-delete-firewall-ban +++ b/bin/v-delete-firewall-ban @@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf + systemctl reload nginx +fi #----------------------------------------------------------# # Vesta # From 6a35d14f0cdb122cb217d2177f9f157182a843c6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 19 Nov 2024 21:59:09 +0100 Subject: [PATCH 174/304] Update v-add-firewall-ban: nginx deny rules conf --- bin/v-add-firewall-ban | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index 3bdc8170..80143132 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -74,8 +74,10 @@ chmod 660 $conf # nginx deny rules conf if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then - echo "deny $ip;" >> /etc/nginx/conf.d/block.conf - systemctl reload nginx + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block.conf + systemctl reload nginx + fi fi #----------------------------------------------------------# From af8c07194454a50c7bc44ae79bdb64973b9aa6e4 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 25 Nov 2024 11:25:22 +0100 Subject: [PATCH 175/304] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 64484db1..36b50830 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -70,7 +70,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 - find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name "*.php" -not -name ".htaccess" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; From 00ef25524d815242290beeaca19e35277742a599 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:04:37 +0100 Subject: [PATCH 176/304] Create v-blacklist-email-domain --- bin/v-blacklist-email-domain | 133 +++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 bin/v-blacklist-email-domain diff --git a/bin/v-blacklist-email-domain b/bin/v-blacklist-email-domain new file mode 100644 index 00000000..a72a17a9 --- /dev/null +++ b/bin/v-blacklist-email-domain @@ -0,0 +1,133 @@ +#!/bin/bash +# info: Add a domain to exim4 and spamassassin blacklist +# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a domain already exists in a file +check_domain_exists() { + local domain=$1 + local file=$2 + grep -qE "^${domain}$" "$file" +} + +# Function to check if a SpamAssassin entry already exists +check_spamassassin_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add domain to file +add_domain_to_file() { + local domain=$1 + local file=$2 + echo "$domain" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for Exim4 +EXIM_ENTRY_MAIN="$DOMAIN" +EXIM_ENTRY_SUB="*.$DOMAIN" + +# Prepare entries for SpamAssassin +SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}" +SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE." + else + echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE." + fi +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From aa92b6a2706def542eafdfc34c3ec6f35ab1ce35 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:07 +0100 Subject: [PATCH 177/304] Create v-blacklist-email-account --- bin/v-blacklist-email-account | 102 ++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 bin/v-blacklist-email-account diff --git a/bin/v-blacklist-email-account b/bin/v-blacklist-email-account new file mode 100644 index 00000000..59ec9cf8 --- /dev/null +++ b/bin/v-blacklist-email-account @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Add a specific email address to exim4 and spamassassin blacklist +# usage: v-blacklist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-blacklist-email EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Prepare entries for Exim4 and SpamAssassin +EXIM_ENTRY="$EMAIL" +SPAMASSASSIN_ENTRY="blacklist_from $EMAIL" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then + add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE." +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 92ddd343a2706620e297decddfcc97c2c38cdce5 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:30 +0100 Subject: [PATCH 178/304] Create v-whitelist-email-domain --- bin/v-whitelist-email-domain | 119 +++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 bin/v-whitelist-email-domain diff --git a/bin/v-whitelist-email-domain b/bin/v-whitelist-email-domain new file mode 100644 index 00000000..9d877ad4 --- /dev/null +++ b/bin/v-whitelist-email-domain @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a domain to SpamAssassin whitelist +# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a SpamAssassin whitelist entry already exists +check_whitelist_exists() { + local entry=$1 + local file=$2 + grep -qF "whitelist_from $entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklist_exists() { + local domain=$1 + local file=$2 + grep -qE "blacklist_from.*${domain}$" "$file" +} + +# Function to add whitelist entry to file +add_whitelist_to_file() { + local entry=$1 + local file=$2 + echo "whitelist_from $entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY_MAIN="*@${DOMAIN}" +WHITELIST_ENTRY_SUB="*.$DOMAIN" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the domain is already blacklisted +if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $DOMAIN. It is already blacklisted." + exit 1 +fi + +# Add the main entry +if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +# Add the subdomain entry if needed +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 62b0e672a66211c3ec0c5f57d1687f4b015a9e63 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:50 +0100 Subject: [PATCH 179/304] Create v-whitelist-email-account --- bin/v-whitelist-email-account | 119 ++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 bin/v-whitelist-email-account diff --git a/bin/v-whitelist-email-account b/bin/v-whitelist-email-account new file mode 100644 index 00000000..4a6e6329 --- /dev/null +++ b/bin/v-whitelist-email-account @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a specific email address to SpamAssassin whitelist +# usage: v-whitelist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklisted() { + local pattern=$1 + local file=$2 + grep -qE "blacklist_from.*${pattern}" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-whitelist-email-account EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Extract the domain from the email address +DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}') + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY="whitelist_from $EMAIL" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the email address or its domain is already blacklisted +if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. It is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted." + exit 1 +fi + +# Add the email to whitelist if not already present +if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 2e66899997a4ea3c1326b436eb88871e303c9f4d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:06:50 +0100 Subject: [PATCH 180/304] Create v-cd-www --- bin/v-cd-www | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 bin/v-cd-www diff --git a/bin/v-cd-www b/bin/v-cd-www new file mode 100644 index 00000000..449b5fa2 --- /dev/null +++ b/bin/v-cd-www @@ -0,0 +1,69 @@ +#!/bin/bash +# info: Change directory to the public_html folder of a domain +# usage: v-cd-www DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + echo "This script must be sourced to change the current directory." + echo "Usage: source v-cd-www DOMAIN" + exit 1 +fi + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + return 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "Domain $domain doesn't exist" + return 1 +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User $user doesn't exist" + return 1 +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain $domain doesn't have a public_html directory" + return 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "/home/$user/web/$domain/public_html" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +return 0 From 82803093d6836274fb971df28a6b189087e13c91 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:07:40 +0100 Subject: [PATCH 181/304] Update v-cd-www --- bin/v-cd-www | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-cd-www b/bin/v-cd-www index 449b5fa2..01e9c221 100644 --- a/bin/v-cd-www +++ b/bin/v-cd-www @@ -1,6 +1,6 @@ #!/bin/bash # info: Change directory to the public_html folder of a domain -# usage: v-cd-www DOMAIN +# usage: source v-cd-www DOMAIN #----------------------------------------------------------# # Variable&Function # From 33377836662a2ebfe87cfee7370355de9c406c26 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Dec 2024 18:35:57 +0100 Subject: [PATCH 182/304] v-cd-www alias --- bin/{v-cd-www => v-change-dir-www} | 0 install/vst-install-debian.sh | 2 ++ 2 files changed, 2 insertions(+) rename bin/{v-cd-www => v-change-dir-www} (100%) diff --git a/bin/v-cd-www b/bin/v-change-dir-www similarity index 100% rename from bin/v-cd-www rename to bin/v-change-dir-www diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 625278bc..cb6ee921 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2064,6 +2064,8 @@ echo "================================================================" # Removing old PHP sessions files crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - +echo "alias v-cd-www='source /usr/local/vesta/bin/change-dir-www'" >> /root/.bash_profile + #----------------------------------------------------------# # myVesta Access Info # #----------------------------------------------------------# From 0639e7765f9452cadfa260183546aff5686953e9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Dec 2024 18:52:53 +0100 Subject: [PATCH 183/304] Update vst-install-debian.sh --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index cb6ee921..47153ade 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2064,7 +2064,7 @@ echo "================================================================" # Removing old PHP sessions files crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - -echo "alias v-cd-www='source /usr/local/vesta/bin/change-dir-www'" >> /root/.bash_profile +echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile #----------------------------------------------------------# # myVesta Access Info # From 2daa635cdef0618ddb9543963ff2a0ffd47e593d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:47:21 +0100 Subject: [PATCH 184/304] Update v-change-dir-www --- bin/v-change-dir-www | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www index 01e9c221..4a44eac2 100644 --- a/bin/v-change-dir-www +++ b/bin/v-change-dir-www @@ -20,6 +20,7 @@ fi # Importing system environment source /etc/profile +PATH=$PATH:/usr/local/vesta/bin && export PATH SILENT_MODE=1 From 9fdfe2760a31df12ba56e9c1692ee14c207b63db Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Dec 2024 15:50:07 +0100 Subject: [PATCH 185/304] Update v-change-dir-www --- bin/v-change-dir-www | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www index 4a44eac2..1f230099 100644 --- a/bin/v-change-dir-www +++ b/bin/v-change-dir-www @@ -28,17 +28,18 @@ SILENT_MODE=1 domain=$1 user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) + +if [ -z "$user" ]; then + echo "Domain $domain doesn't exist" + return 1 +fi + USER=$user # Includes source /usr/local/vesta/func/main.sh source /usr/local/vesta/func/domain.sh -if [ -z "$user" ]; then - check_result $E_NOTEXIST "Domain $domain doesn't exist" - return 1 -fi - #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# From 0e881c911b9713e7e11cf255cbd59c7512229eef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:46:47 +0100 Subject: [PATCH 186/304] Update v-update-firewall - skip CentOS block --- bin/v-update-firewall | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bin/v-update-firewall b/bin/v-update-firewall index 142cb39b..6d359f07 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then fi # Saving rules to the master iptables file -if [ -d "/etc/sysconfig" ]; then - /sbin/iptables-save > /etc/sysconfig/iptables - if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then - /sbin/chkconfig iptables on - fi -else +# if [ -d "/etc/sysconfig" ]; then +# /sbin/iptables-save > /etc/sysconfig/iptables +# if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then +# /sbin/chkconfig iptables on +# fi +# else /sbin/iptables-save > /etc/iptables.rules preup="/etc/network/if-pre-up.d/iptables" if [ ! -e "$preup" ]; then @@ -178,7 +178,7 @@ else echo "exit 0" >> $preup chmod +x $preup fi -fi +# fi # Worarkound for OpenVZ if [ -e "/proc/vz/veinfo" ]; then From c1072ec9e40368f7454e7b5e94a512d1a0df87ed Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 13 Dec 2024 11:34:12 +0100 Subject: [PATCH 187/304] Update v-clone-website --- bin/v-clone-website | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-clone-website b/bin/v-clone-website index 8670ee3a..0a25f6a7 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -20,6 +20,7 @@ if [ $# -lt 2 ]; then echo "--TO_DATABASE_USERNAME=..." echo "--TO_DATABASE_PASSWORD=..." echo "--SITE_SUBFOLDER=..." + echo "--EXCLUDE_UPLOADS=1 (or do not set it)" exit 1 fi From c5e54643734df52da4d43d6bcae50a9a0016507f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 3 Jan 2025 17:16:07 +0100 Subject: [PATCH 188/304] Update v-restore-user: permissions fix --- bin/v-restore-user | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-restore-user b/bin/v-restore-user index af451d88..a2dab574 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -417,6 +417,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then # Restoring web domain data chown $user $tmpdir chmod u+w $HOMEDIR/$user/web/$domain + chmod 0755 $tmpdir/web/$domain sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \ 2> $HOMEDIR/$user/web/$domain/restore_errors.log @@ -618,6 +619,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then chown $user $tmpdir chmod u+w $HOMEDIR/$user/mail/$domain_idn + chmod 0755 $tmpdir/mail/$domain sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ -C $HOMEDIR/$user/mail/$domain_idn/ if [ "$?" -ne 0 ]; then From 7937088e9cc219a635b15712d04facdd85658558 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 3 Jan 2025 18:09:06 +0100 Subject: [PATCH 189/304] Update index.php: Prevent recreation of token by shitty browser add-ons --- web/login/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/login/index.php b/web/login/index.php index 18841344..5de05451 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -1,5 +1,7 @@ Date: Mon, 10 Feb 2025 15:51:42 +0100 Subject: [PATCH 190/304] Update v-clone-website: mysqldump --max_allowed_packet=1024M --- bin/v-clone-website | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 0a25f6a7..0258e39a 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -372,7 +372,7 @@ if [ -d "/root/temp" ]; then fi mkdir -p /root/temp cd /root/temp -mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql +mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql rm $FROM_DATABASE_NAME.sql From 32aae7dbff1794f969a4f8726ddb425e90661d43 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 20 Feb 2025 14:02:27 +0100 Subject: [PATCH 191/304] Update multi-php-install.sh: bringing back php8.4-memcached & imagick --- src/deb/for-download/tools/multi-php-install.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index b3e3afc4..70d589cc 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -118,7 +118,7 @@ if [ "$inst_repo" -eq 1 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php.list' fi apt update - apt upgrade -y + # apt upgrade -y press_enter "=== Press enter to continue ===============================================================================" fi @@ -379,8 +379,7 @@ fi if [ "$inst_84" -eq 1 ]; then press_enter "=== Press enter to install PHP 8.4 ===============================================================================" - apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip - # php8.4-memcache php8.4-memcached php8.4-imagick + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick update-rc.d php8.4-fpm defaults a2enconf php8.4-fpm a2dismod php8.4 From 039dc4a561bc803c966094b6fd1720414c9a7dfa Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Feb 2025 22:51:44 +0100 Subject: [PATCH 192/304] SpamHaus DNSBL removed from exim4 --- Changelog.md | 5 +++++ install/debian/10/exim/dnsbl.conf | 1 - install/debian/11/exim/dnsbl.conf | 1 - install/debian/12/exim/dnsbl.conf | 1 - install/debian/8/exim/dnsbl.conf | 1 - install/debian/9/exim/dnsbl.conf | 1 - install/vst-install-debian.sh | 1 + src/deb/latest.txt | 2 +- src/deb/vesta/postinst | 6 ++++++ 9 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Changelog.md b/Changelog.md index 7d22747a..36478469 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,8 @@ +Version 0.9.9-0-12 [28-Feb-2025] +================================================== +* SpamHaus DNSBL removed from exim4 +* A lot of small bugs fixed + Version 0.9.9-0-11 [30-May-2024] ================================================== * Introducing v-run-wp-cli command ( @isscbta ) diff --git a/install/debian/10/exim/dnsbl.conf b/install/debian/10/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/10/exim/dnsbl.conf +++ b/install/debian/10/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/11/exim/dnsbl.conf b/install/debian/11/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/11/exim/dnsbl.conf +++ b/install/debian/11/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/12/exim/dnsbl.conf b/install/debian/12/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/12/exim/dnsbl.conf +++ b/install/debian/12/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/8/exim/dnsbl.conf b/install/debian/8/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/8/exim/dnsbl.conf +++ b/install/debian/8/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/9/exim/dnsbl.conf b/install/debian/9/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/9/exim/dnsbl.conf +++ b/install/debian/9/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 47153ade..850b91f7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2037,6 +2037,7 @@ touch /usr/local/vesta/data/upgrades/enable_cookie_httponly touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply touch /usr/local/vesta/data/upgrades/freshclam_start touch /usr/local/vesta/data/upgrades/barracuda_rbl +touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed # Secret URL secretquery='' diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 4b6e56b5..c1732bff 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-11 \ No newline at end of file +vesta-0.9.9-0-12 \ No newline at end of file diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 4d414655..9f8ee3e8 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,12 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Removing SpamHaus DNSBL +if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then + sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf + touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed +fi + # Fixing 'dh key too small' in dovecot if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then if grep -q 'dh key too small' /var/log/dovecot.log.1; then From dc1979461e649f330707e1bd782dd28b21150114 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 11 Mar 2025 00:18:05 +0100 Subject: [PATCH 193/304] Update v-make-main-apache-log --- bin/v-make-main-apache-log | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log index 96e91877..6a6dfadd 100644 --- a/bin/v-make-main-apache-log +++ b/bin/v-make-main-apache-log @@ -11,10 +11,4 @@ if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i fi systemctl restart apache2 -if [ ! -f "/root/analyze-traffic-per-time.php" ]; then - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-time.php -O /root/analyze-traffic-per-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-time.php -O /root/analyze-traffic-per-site-sort-by-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-hits.php -O /root/analyze-traffic-per-site-sort-by-hits.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-time.php -O /root/analyze-traffic-per-ip-sort-by-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-hits.php -O /root/analyze-traffic-per-ip-sort-by-hits.php -fi +wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php From 24908aede144d562daaf830b578f7761c55040c3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 19 Mar 2025 16:22:54 +0100 Subject: [PATCH 194/304] Update v-move-folder-and-make-symlink --- bin/v-move-folder-and-make-symlink | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index 81561a97..2ee241fa 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -66,19 +66,20 @@ fi # Action # #----------------------------------------------------------# -rsync -a "$FROMFOLDER/" "$TOFOLDER/" -# with slashes on the end of the path of both folders -if [ "$?" -ne 0 ]; then - echo "Error happened, aborting" - exit 1 -fi - if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1 # with slashes on the end of the path of the folder fi +# rsync -a "$FROMFOLDER/" "$TOFOLDER/" +mv "$FROMFOLDER" "$TOFOLDER" +# with slashes on the end of the path of both folders +if [ "$?" -ne 0 ]; then + echo "Error happened, aborting" + exit 1 +fi + rm -rf "$FROMFOLDER" # without slash on the end of the path of the folder From 4437f6f0dac75831169d291a0ee41cd084340310 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 19 Mar 2025 16:25:04 +0100 Subject: [PATCH 195/304] Update v-move-folder-and-make-symlink --- bin/v-move-folder-and-make-symlink | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index 2ee241fa..c8b54779 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -73,8 +73,9 @@ if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then fi # rsync -a "$FROMFOLDER/" "$TOFOLDER/" -mv "$FROMFOLDER" "$TOFOLDER" # with slashes on the end of the path of both folders + +mv "$FROMFOLDER" "$TOFOLDER" if [ "$?" -ne 0 ]; then echo "Error happened, aborting" exit 1 From 01e4890a97e49b1cc99507794e30aa2f8dd12c9f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 31 Mar 2025 16:41:43 +0200 Subject: [PATCH 196/304] Update multi-php-install.sh: Fixing disable_functions line --- src/deb/for-download/tools/multi-php-install.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 70d589cc..aa1b7353 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -405,8 +405,8 @@ if [ "$inst_84" -eq 1 ]; then fi -apt update > /dev/null 2>&1 -apt upgrade -y > /dev/null 2>&1 +# apt update > /dev/null 2>&1 +# apt upgrade -y > /dev/null 2>&1 if [ $debian_version -ge 10 ]; then a2dismod ruid2 > /dev/null 2>&1 @@ -454,6 +454,10 @@ if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then echo "=== upgrading tailf_apache_error.php done." sleep 3 echo "" - echo "Everything done." - echo "" fi + +# Fixing php.ini files to have the correct disable_functions line +/usr/local/vesta/bin/v-fix-php-ini-disable-functions + +echo "Everything done." +echo "" From 57f179ad05b1ac1cd261d7a0d476f1ff7c8b0b62 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 20:23:46 +0200 Subject: [PATCH 197/304] When deleting a domain, also delete the database if the domain has a database. --- bin/v-delete-database-of-domain | 69 +++++++++++++++++++++++++++++++++ bin/v-delete-domain | 7 ++-- 2 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 bin/v-delete-database-of-domain diff --git a/bin/v-delete-database-of-domain b/bin/v-delete-database-of-domain new file mode 100644 index 00000000..30fd18c0 --- /dev/null +++ b/bin/v-delete-database-of-domain @@ -0,0 +1,69 @@ +#!/bin/bash +# info: delete database if domain has database +# options: DOMAIN +# +# The function for deleting database if domain has database + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +RET=$OK + +# echo "=================================" +r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain) +# echo $r +eval $r +# echo "=================================" + +if [ ! -z "$DATABASE_NAME" ]; then + echo "=== v-delete-database $USER $DATABASE_NAME" + /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME + if [ $? -ne 0 ]; then + echo "=== v-delete-database failed" + RET=$E_NOTEXIST + fi +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +log_event "$RET" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-domain b/bin/v-delete-domain index b6294679..1ca3373b 100755 --- a/bin/v-delete-domain +++ b/bin/v-delete-domain @@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user" if [ ! -z "$WEB_SYSTEM" ]; then str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf) if [ ! -z "$str" ]; then + $BIN/v-delete-database-of-domain $domain domain_found='yes' $BIN/v-delete-web-domain $user $domain 'no' - check_result $? "can't suspend web" > /dev/null + check_result $? "can't delete web" > /dev/null fi fi @@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-dns-domain $user $domain 'no' - check_result $? "can't suspend dns" > /dev/null + check_result $? "can't delete dns" > /dev/null fi fi @@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-mail-domain $user $domain - check_result $? "can't suspend mail" > /dev/null + check_result $? "can't delete mail" > /dev/null fi fi From a86f76de091d904cf7e117a374124285aea78a6e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 23:20:42 +0200 Subject: [PATCH 198/304] Update db.sh - mysqldump --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB --- func/db.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/func/db.sh b/func/db.sh index 58a339ee..7e4f4d97 100644 --- a/func/db.sh +++ b/func/db.sh @@ -58,7 +58,7 @@ mysql_query() { mysql_dump() { err="/tmp/e.mysql" - mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err + mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then From 8bdfade3d4a9a978a94ce741cab7f520b81bfdae Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 23:55:21 +0200 Subject: [PATCH 199/304] Update vst-install-debian.sh --- install/vst-install-debian.sh | 55 +++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 850b91f7..1c1a6da7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -753,31 +753,36 @@ if [ "$mysql" = 'no' ]; then fi if [ "$mysql8" = 'yes' ]; then echo "=== Preparing MySQL 8 apt repo" - software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') - software=$(echo "$software" | sed -e 's/exim4//') - #software="$software php-mysql roundcube-mysql" - echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list - echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list - echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list - echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list - echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - - # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 - key="467B942D3A79BD29" - readonly key - GNUPGHOME="$(mktemp -d)" - export GNUPGHOME - for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) - do - gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break - done - gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg - gpgconf --kill all - rm -rf "${GNUPGHOME}" - unset GNUPGHOME + if [ "$release" -lt 12 ]; then + software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') + software=$(echo "$software" | sed -e 's/exim4//') + #software="$software php-mysql roundcube-mysql" + echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list + echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list + echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list + echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list + echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + + # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 + key="467B942D3A79BD29" + readonly key + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) + do + gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break + done + gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg + gpgconf --kill all + rm -rf "${GNUPGHOME}" + unset GNUPGHOME + else + wget https://dev.mysql.com/get/mysql-apt-config_0.8.30-1_all.deb + dpkg -i mysql-apt-config_0.8.30-1_all.deb + fi mpass=$(gen_pass) debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass" From 0d86e2ca4081e2a83eea05f416d82a0bb7d92fdf Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 24 Apr 2025 22:31:47 +0200 Subject: [PATCH 200/304] Calculate size of directories on /hdd too --- bin/v-update-mail-domain-disk | 3 ++- bin/v-update-mail-domains-disk | 4 ++-- bin/v-update-web-domain-disk | 8 ++++++++ bin/v-update-web-domains-disk | 7 ++++++- func/main.sh | 11 +++++++++++ 5 files changed, 29 insertions(+), 4 deletions(-) diff --git a/bin/v-update-mail-domain-disk b/bin/v-update-mail-domain-disk index 451dbd37..be5502e7 100755 --- a/bin/v-update-mail-domain-disk +++ b/bin/v-update-mail-domain-disk @@ -49,7 +49,8 @@ dom_diks=0 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + cd $home_dir + udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-mail-domains-disk b/bin/v-update-mail-domains-disk index 1dae64cf..807218e3 100755 --- a/bin/v-update-mail-domains-disk +++ b/bin/v-update-mail-domains-disk @@ -35,9 +35,9 @@ fi #----------------------------------------------------------# # Starting loop -for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'mail' 'DOMAIN'); do dom_diks=0 - accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT') + accounts=$(list_objects "mail/$domain" 'ACCOUNT') for account in $accounts; do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then diff --git a/bin/v-update-web-domain-disk b/bin/v-update-web-domain-disk index ac851b92..1bee4685 100755 --- a/bin/v-update-web-domain-disk +++ b/bin/v-update-web-domain-disk @@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi +# Defining hdd home directory +home_dir="/hdd$HOMEDIR/$user/web/$domain/" + +# Checking home directory exist +if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-web-domains-disk b/bin/v-update-web-domains-disk index 5951f289..5ee58abf 100755 --- a/bin/v-update-web-domains-disk +++ b/bin/v-update-web-domains-disk @@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Domain loop -for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'web' 'DOMAIN'); do home_dir="$HOMEDIR/$user/web/$domain/" if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi + home_dir="/hdd$HOMEDIR/$user/web/$domain/" + if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) + fi update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage" done diff --git a/func/main.sh b/func/main.sh index 10de469a..447a6b35 100644 --- a/func/main.sh +++ b/func/main.sh @@ -359,6 +359,17 @@ search_objects() { IFS="$OLD_IFS" } +# List objects +list_objects() { + OLD_IFS="$IFS" + IFS=$'\n' + for line in $(cat $USER_DATA/$1.conf); do + eval $line + eval echo \$$2 + done + IFS="$OLD_IFS" +} + # Get user value get_user_value() { grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}' From 73884322616a5ed7402e005fe9d5754c0da6c394 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Apr 2025 13:52:35 +0200 Subject: [PATCH 201/304] parse_object_kv_list_non_eval() --- func/main.sh | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/func/main.sh b/func/main.sh index 447a6b35..03773920 100644 --- a/func/main.sh +++ b/func/main.sh @@ -1154,3 +1154,82 @@ check_if_service_exists() { echo "0" fi } + +# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl. +# Inspired by HestiaCP function and improved +parse_object_kv_list_non_eval() { + # Let's combine all the parameters into one string, replace the new lines with a space + local str="${*//$'\n'/ }" + str=${str//\\\'/---QUOTE---} + str=${str//\\\"/---DQUOTE---} + local backup_str=$str + + local key val match i length length_val prefix position cut + i=0 + # Searching for key='value' blocks + # Loop until we find the next key='value' + while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do + key="${BASH_REMATCH[1]}" + val="${BASH_REMATCH[2]}" + match="${BASH_REMATCH[0]}" + length=${#match} + length_val=${#match} + + # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) + if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid key format [$key]" + fi + + # Declaring a global variable + val=${val/---QUOTE---/\\\'} + val=${val/---DQUOTE---/\\\"} + declare -g "$key"="$val" + + # Let's remove the processed part from str to continue + prefix=${str%%"$key="*} + position=${#prefix} + cut=$((position + 1 + length_val)) + str=${str:cut} + ((i++)) + if [ $i -eq 100 ]; then + check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" + fi + done + + # Terminate function if we don't expect strings with double apostrophes + if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then + return; + fi + + # Searching for key="value" blocks + str=$backup_str + i=0 + # Loop until we find the next key="value" + while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do + key="${BASH_REMATCH[1]}" + val="${BASH_REMATCH[2]}" + match="${BASH_REMATCH[0]}" + length=${#match} + length_val=${#match} + + # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) + if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid key format [$key]" + fi + + # Declaring a global variable + val=${val/---QUOTE---/\\\'} + val=${val/---DQUOTE---/\\\"} + declare -g "$key"="$val" + + # Let's remove the processed part from str to continue + prefix=${str%%"$key="*} + position=${#prefix} + cut=$((position + 1 + length_val)) + str=${str:cut} + ((i++)) + if [ $i -eq 100 ]; then + check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" + fi + done +} From 6dccbb8276ef0ed6fa2102a83c90675c7520e260 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 7 May 2025 10:37:06 +0200 Subject: [PATCH 202/304] Update vst-install-debian.sh: mysql-apt-config_0.8.34-1_all.deb --- install/vst-install-debian.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 1c1a6da7..3a60c85c 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -780,8 +780,9 @@ if [ "$mysql8" = 'yes' ]; then rm -rf "${GNUPGHOME}" unset GNUPGHOME else - wget https://dev.mysql.com/get/mysql-apt-config_0.8.30-1_all.deb - dpkg -i mysql-apt-config_0.8.30-1_all.deb + # check latest on: https://dev.mysql.com/downloads/repo/apt/ + wget https://dev.mysql.com/get/mysql-apt-config_0.8.34-1_all.deb + dpkg -i mysql-apt-config_0.8.34-1_all.deb fi mpass=$(gen_pass) From 83d12510e32997a0787a3508b08d111e4a7ec4ca Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 12 May 2025 17:27:13 +0200 Subject: [PATCH 203/304] Update v-add-letsencrypt-domain: Detecting valid status on wildcard variant --- bin/v-add-letsencrypt-domain | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 97e555fa..a7c7fbb8 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -308,6 +308,11 @@ for auth in $authz; do if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then break fi + if [ "$wildcard" = 'yes' ]; then + if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then + break + fi + fi i=$((i + 1)) if ((i > 30)); then break From d3fb4e13d593c0c9317afd3add1f3e62bc0a6e7b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 14 May 2025 14:50:22 +0200 Subject: [PATCH 204/304] v-move-domain-and-database-to-account: Update wordfence-waf.php Update v-move-domain-and-database-to-account Update v-delete-web-domain: deleting /hdd/home/$user/web/$domain Update v-delete-user: deleting /hdd/home/$user Update v-delete-mail-domain: removing /hdd/home/$user/mail/$domain_idn Update v-change-domain-owner: moving /hdd/home/$owner/web/$domain Update v-change-domain-owner: moving /hdd/home/$owner/mail/$domain Update v-move-folder-and-make-symlink: debug and additional checking --- bin/v-change-domain-owner | 8 +++++ bin/v-delete-mail-domain | 3 ++ bin/v-delete-user | 2 +- bin/v-delete-web-domain | 3 ++ bin/v-move-domain-and-database-to-account | 44 ++++++++++++++++------- bin/v-move-folder-and-make-symlink | 12 +++++++ 6 files changed, 59 insertions(+), 13 deletions(-) diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 09ae9bcc..ed5fa5a4 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -82,6 +82,10 @@ if [ ! -z "$web_data" ]; then # Move data mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/ + if [ -d "/hdd/home/$owner/web/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain + fi + # Change ownership find $HOMEDIR/$user/web/$domain -user $owner \ -exec chown -h $user:$user {} \; @@ -152,6 +156,10 @@ if [ ! -z "$mail_data" ]; then # Move data mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/ + if [ -d "/hdd/home/$owner/mail/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain + fi + # Change ownership find $HOMEDIR/$user/mail/$domain -user $owner \ -exec chown -h $user {} \; diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain index ee727aa9..9be565bb 100755 --- a/bin/v-delete-mail-domain +++ b/bin/v-delete-mail-domain @@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn rm -rf $HOMEDIR/$user/conf/mail/$domain rm -rf $HOMEDIR/$user/mail/$domain_idn + if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then + rm -rf /hdd/home/$user/mail/$domain_idn + fi fi # Deleting dkim dns record diff --git a/bin/v-delete-user b/bin/v-delete-user index 120b1f72..cdf809eb 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,7 +94,7 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user -if [ -f "/hdd/home/$user" ]; then +if [ -d "/hdd/home/$user" ]; then rm -rf /hdd/home/$user fi rm -f /var/spool/mail/$user diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 43362e34..e64dd9a7 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -130,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error* # Deleting directory rm -rf $HOMEDIR/$user/web/$domain +if [ -d "/hdd/home/$user/web/$domain" ]; then + rm -rf /hdd/home/$user/web/$domain +fi #----------------------------------------------------------# diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index 08180d99..383fd26e 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -92,31 +92,51 @@ fi # Update Wordfence WAF Path # #----------------------------------------------------------# -# Path to .user.ini file -user_ini="$USER_DATA/web/$domain/public_html/.user.ini" +filepath="/home/USER_TO/web/$domain/public_html/.user.ini" +filename=$(basename $filepath) -# Check if .user.ini exists -if [ -f "$user_ini" ]; then - echo "Updating .user.ini with new user path..." +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." # Temporary file for modification tmp_file=$(mktemp) # Change path from old USER to new USER_TO - sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$user_ini" > "$tmp_file" + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" - # Check if replacement was successful and update .user.ini + # Check if replacement was successful and update file if [ $? -eq 0 ]; then - mv "$tmp_file" "$user_ini" - echo ".user.ini updated successfully." + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." else - echo "Failed to update .user.ini file." + echo "Failed to update $filename file." rm "$tmp_file" # Deletes temporary file fi -else - echo ".user.ini does not exist, no changes made." fi +filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php" +filename=$(basename $filepath) + +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" + + # Check if replacement was successful and update file + if [ $? -eq 0 ]; then + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." + else + echo "Failed to update $filename file." + rm "$tmp_file" # Deletes temporary file + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index c8b54779..ccd66b7c 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -19,6 +19,8 @@ fi FROMFOLDER=$1 TOFOLDER=$2 +echo "Executing: v-move-folder-and-make-symlink $1 $2" + # Includes source $VESTA/func/main.sh @@ -26,6 +28,16 @@ source $VESTA/func/main.sh # Verifications # #----------------------------------------------------------# +if [ -z "$FROMFOLDER" ]; then + echo "First parameter is empty, aborting" + exit 1 +fi + +if [ -z "$TOFOLDER" ]; then + echo "Second parameter is empty, aborting" + exit 1 +fi + # Trimming the ending slash, just in case FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::') TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::') From 451b025f1f52641196d71feeec2f835ed6aebadb Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Fri, 23 May 2025 14:04:03 +0200 Subject: [PATCH 205/304] Create v-delete-mails --- bin/v-delete-mails | 127 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 bin/v-delete-mails diff --git a/bin/v-delete-mails b/bin/v-delete-mails new file mode 100644 index 00000000..24ac68e5 --- /dev/null +++ b/bin/v-delete-mails @@ -0,0 +1,127 @@ +#!/bin/bash +# info: delete old emails (by mtime) for user/domain/account, with optional scope +# usage: v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE +# SCOPE: all – clean every Maildir folder (cur, new, tmp, custom subfolders) +# trash – clean only Trash/Junk/Spam folders + +# load Vesta functions & config +source "$VESTA/func/main.sh" +source "$VESTA/conf/vesta.conf" + +# read arguments +user="$1" +domain="$2" +account="$3" +mtime="$4" +scope="$5" + +# verify argument count +check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE' + +# validate scope +if [[ "$scope" != "all" && "$scope" != "trash" ]]; then + echo "ERROR: SCOPE must be 'all' or 'trash'." + exit 1 +fi + +# validate logical combinations +if [[ "$user" == "all" ]]; then + if [[ "$domain" != "all" || "$account" != "all" ]]; then + echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'." + exit 1 + fi +elif [[ "$domain" == "all" && "$account" != "all" ]]; then + echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'." + exit 1 +fi + +# build a detailed summary for the warning +declare -a summary_parts +if [[ "$user" == "all" ]]; then + summary_parts+=("all users") +else + summary_parts+=("user '$user'") +fi + +if [[ "$domain" == "all" ]]; then + summary_parts+=("all domains") +else + summary_parts+=("domain '$domain'") +fi + +if [[ "$account" == "all" ]]; then + summary_parts+=("all accounts") +else + summary_parts+=("account '$account'") +fi + +# join with commas +summary=$(printf ", %s" "${summary_parts[@]}") +summary=${summary:2} + +# only warn if any of them is 'all' or if mtime is 'all' +if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then + echo "WARNING: This will delete emails older than '$mtime' days for ${summary}." + read -p "Are you sure? (yes/no): " confirm + [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; } +fi + +# function to delete emails +delete_emails() { + local u="$1" d="$2" a="$3" + local maildir="/home/$u/mail/$d/$a" + + [[ ! -d "$maildir" ]] && return + + echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime" + + # build find predicates + if [[ "$scope" == "all" ]]; then + folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" ) + else + folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" ) + fi + + # assemble and run find + if [[ "$mtime" == "all" ]]; then + find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null + else + find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null + fi +} + +# collect users +if [[ "$user" == "all" ]]; then + users=$(v-list-users plain | awk '{print $1}') +else + users="$user" +fi + +# iterate through users, domains, accounts +for u in $users; do + if [[ "$domain" == "all" ]]; then + domains=$(v-list-mail-domains "$u" plain | awk '{print $1}') + else + domains="$domain" + fi + + for d in $domains; do + if [[ "$account" == "all" ]]; then + accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}') + else + accounts="$account" + fi + + for a in $accounts; do + delete_emails "$u" "$d" "$a" + done + done +done + +# restart dovecot to refresh mailbox state +systemctl restart dovecot + +# log the action (status first, then message) +log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account" + +exit 0 From cb6e8e4926d264fed06b96b8c34d4dd3a5c48f15 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 24 May 2025 13:31:57 +0200 Subject: [PATCH 206/304] nginx block-firewall.conf when user block 80,443 in Firewall --- bin/v-add-firewall-rule | 10 ++++++++++ bin/v-change-firewall-rule | 10 ++++++++++ bin/v-delete-firewall-rule | 9 +++++++++ 3 files changed, 29 insertions(+) diff --git a/bin/v-add-firewall-rule b/bin/v-add-firewall-rule index 6fb867d3..b815778b 100755 --- a/bin/v-add-firewall-rule +++ b/bin/v-add-firewall-rule @@ -83,6 +83,16 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-firewall-rule b/bin/v-change-firewall-rule index d2502bce..aad2ec38 100755 --- a/bin/v-change-firewall-rule +++ b/bin/v-change-firewall-rule @@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'" str="$str TIME='$time' DATE='$date'" +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting old rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf @@ -74,6 +76,14 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + NEWIP=$ip + parse_object_kv_list_non_eval "$oldvalues" + sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 8f646644..61f7602d 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # From 4c495a1d691bf97042a51f34fc69506cde72e606 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Tue, 15 Oct 2024 17:47:13 +0200 Subject: [PATCH 207/304] Update index.php --- web/edit/server/index.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/web/edit/server/index.php b/web/edit/server/index.php index 49c577d8..eed4baab 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -339,7 +339,8 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); + $v_backup_port = escapeshellarg($_POST['v_backup_port']); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath." ".$v_backup_port, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -347,12 +348,12 @@ if (!empty($_POST['save'])) { if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username']; if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password']; if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath']; + if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port']; $v_backup_new = 'yes'; $v_backup_adv = 'yes'; $v_backup_remote_adv = 'yes'; } } - // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { From ff7bc2baa5e3e2f7b12ebd3f1002e47144ba3f9e Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Tue, 15 Oct 2024 17:50:47 +0200 Subject: [PATCH 208/304] Update edit_server.html --- web/templates/admin/edit_server.html | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html index b5da08de..888b081f 100644 --- a/web/templates/admin/edit_server.html +++ b/web/templates/admin/edit_server.html @@ -641,6 +641,17 @@

+ + + + + + + + "> +

+ + From fa8dd64c5a33fb55e219870a60e424538c31d3ab Mon Sep 17 00:00:00 2001 From: myvesta Date: Sun, 25 May 2025 13:51:13 +0200 Subject: [PATCH 209/304] Adding ProFTPD jail rule to Fail2Ban --- install/vst-install-debian.sh | 14 ++++++++++++++ src/deb/vesta/postinst | 29 ++++++++++++++++++++++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 3a60c85c..ad10b341 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1690,6 +1690,20 @@ if [ "$fail2ban" = 'yes' ]; then chmod 640 /var/log/auth.log chown root:adm /var/log/auth.log fi + if [ "$proftpd" = 'yes' ]; then + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fi + #update-rc.d fail2ban defaults currentservice='fail2ban' ensure_startup $currentservice diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 9f8ee3e8..dc5c64c2 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,29 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Adding ProFTPD to Fail2Ban +if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then + if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then + echo "== Adding ProFTPD to Fail2Ban" + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') + if [ $fail2ban_running -eq 1 ]; then + echo "== Restarting Fail2Ban" + systemctl restart fail2ban + fi + fi +fi + # Removing SpamHaus DNSBL if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf @@ -163,7 +186,11 @@ if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then echo "== Enabling TLS for ProFTPD FTPS" wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf - systemctl restart proftpd + proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running') + if [ $proftpd_running -eq 1 ]; then + echo "== Restarting ProFTPD" + systemctl restart proftpd + fi fi fi fi From de5365280f6778cfa92ab653aa0c8319b9663ed1 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 28 May 2025 17:11:55 +0200 Subject: [PATCH 210/304] Adding myVesta rules to SpamAssassin --- install/vst-install-debian.sh | 9 ++++++++ src/deb/vesta/postinst | 43 +++++++++++++++++++++++++++++++++-- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ad10b341..ff19d1d5 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1581,6 +1581,15 @@ if [ "$spamd" = 'yes' ]; then echo "=== Patching spamassassin dns_server" sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf + echo "== Adding myVesta rules to SpamAssassin" + cat < /etc/spamassassin/myvesta.cf +score RCVD_IN_RP_SAFE 0 +score RCVD_IN_RP_CERTIFIED 0 +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf ensure_startup $currentservice systemctl restart $currentservice diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index dc5c64c2..523678e3 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,41 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Adding myVesta rules to SpamAssassin +if [ -d "/etc/spamassassin" ]; then + spamassassin_modified=0 + if [ ! -f "/etc/spamassassin/myvesta.cf" ]; then + touch /etc/spamassassin/myvesta.cf + fi + if ! grep -q 'RCVD_IN_RP_SAFE' /etc/spamassassin/myvesta.cf; then + echo "== Adding RCVD_IN_RP_ myVesta rules to SpamAssassin" + echo 'score RCVD_IN_RP_SAFE 0' >> /etc/spamassassin/myvesta.cf + echo 'score RCVD_IN_RP_CERTIFIED 0' >> /etc/spamassassin/myvesta.cf + spamassassin_modified=1 + fi + if ! grep -q 'SPF_FAIL' /etc/spamassassin/myvesta.cf; then + echo "== Adding SPF_FAIL myVesta rules to SpamAssassin" + cat <> /etc/spamassassin/myvesta.cf +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + spamassassin_modified=1 + fi + + if [ $spamassassin_modified -eq 1 ]; then + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') + if [ $spamassassin_running -eq 1 ]; then + echo "== Restarting SpamAssassin" + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi + fi + fi +fi + # Adding ProFTPD to Fail2Ban if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then @@ -122,14 +157,18 @@ fi # Adding Barracuda RBL to SpamAssassin if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin') - spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin' | grep -c 'running') + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') if [ $spamassassin_installed -eq 1 ]; then echo "== Adding Barracuda RBL to SpamAssassin" wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf fi if [ $spamassassin_running -eq 1 ]; then echo "== Restarting SpamAssassin" - systemctl restart spamassassin + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi fi touch /usr/local/vesta/data/upgrades/barracuda_rbl fi From 92029a97335afed541fce852d64d1eb577e8c13f Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 30 May 2025 22:08:44 +0200 Subject: [PATCH 211/304] v-import-cpanel-backup: /*!999999\- enable the sandbox mode */ fix --- bin/v-import-cpanel-backup | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index a70213dd..43e8c3bf 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -157,11 +157,15 @@ for sk_dbr in $sk_db_list echo " Create and restore ${sk_dbr} " sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create - v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create + fi mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql - v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql + fi mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" From 5ca293c9b2c61b27e4123e903291064db861bb21 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 31 May 2025 22:01:57 +0200 Subject: [PATCH 212/304] Session DISABLE_IP_CHECK --- bin/v-list-sys-config | 3 ++- web/inc/main.php | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config index 127f2176..a0fdbbbc 100755 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -54,7 +54,8 @@ json_list() { "SOFTACULOUS": "'$SOFTACULOUS'", "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'", "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", - "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'", + "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'" } }' } diff --git a/web/inc/main.php b/web/inc/main.php index 26df863e..f13e4142 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -38,8 +38,13 @@ if(!isset($_SESSION['user_combined_ip'])){ $_SESSION['user_combined_ip'] = $user_combined_ip; } +$SKIP_IP_CHECK = false; +if (isset($_SESSION['DISABLE_IP_CHECK']) && $_SESSION['DISABLE_IP_CHECK'] == 'yes') { + $SKIP_IP_CHECK = true; +} + // Checking user to use session from the same IP he has been logged in -if($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){ +if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $SKIP_IP_CHECK==false) { session_destroy(); session_start(); $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; From 435a3627653dd1a942824a418a91e91da0978dd8 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 1 Jun 2025 14:44:18 +0200 Subject: [PATCH 213/304] Converting CRLF to LF in a few files --- .../10/templates/web/nginx/private-hosting.sh | 22 +- .../11/templates/web/nginx/private-hosting.sh | 22 +- .../12/templates/web/nginx/private-hosting.sh | 22 +- src/deb/ioncube/copyright | 486 +++++++++--------- web/list/firewall/banlist/ip_info.php | 328 ++++++------ 5 files changed, 440 insertions(+), 440 deletions(-) diff --git a/install/debian/10/templates/web/nginx/private-hosting.sh b/install/debian/10/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/10/templates/web/nginx/private-hosting.sh +++ b/install/debian/10/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/11/templates/web/nginx/private-hosting.sh b/install/debian/11/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/11/templates/web/nginx/private-hosting.sh +++ b/install/debian/11/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/private-hosting.sh b/install/debian/12/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/12/templates/web/nginx/private-hosting.sh +++ b/install/debian/12/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/src/deb/ioncube/copyright b/src/deb/ioncube/copyright index bd92bd81..c62257d2 100644 --- a/src/deb/ioncube/copyright +++ b/src/deb/ioncube/copyright @@ -1,243 +1,243 @@ -LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE -OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) - -YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE -LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP -LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU -DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY -AND/OR USE THE LOADER SOFTWARE. - -DEFINITIONS - -The following definitions shall apply in this document: - -LOADER shall mean the ionCube PHP Loader software package or collection -of Loaders, including any modifications or upgrades to the software, used for -executing PHP scripts previously encoded with the ionCube PHP Encoder -software to render them non-humanly readable, and any associated -documentation or electronic or online materials relating to the software. - -ENCODER shall mean any ionCube PHP Encoder software or service used for the -purpose of producing non-humanly readable encoded files from PHP scripts. - -ENCODED FILE shall mean a non-humanly readable file produced by the -Encoder and being derived from humanly readable PHP script source. - -PROVIDER shall mean ionCube Ltd. - -USER/YOU shall mean any entity who has downloaded or obtained through any -other means a version of the Loader software. - - -1 LICENSE ENTITLEMENT - -1.1 The Loader is provided without charge. Title to the Loader does not pass -to the user in any circumstances. The Loader is supplied as object code. - -1.2 The provider grants a personal, non-transferable, non-exclusive licence to -use the Loader in accordance with the terms and conditions of this Licence -Agreement. - -1.3 The installation or downloading and use of the Loader entitles the user -to install and use the Loader for its own internal lawful purposes. - - -2 DISTRIBUTION - -2.1 The Loader may be freely distributed to third parties alone or as -part of a distribution containing other items provided that this license -is also included. - -2.2 The Loader may under no circumstances be branded as another product, -whether distributed or not. - -2.3 Distribution as part of a commercial product is permitted provided such -distribution is in accordance with clauses 2.1 and 2.2 with respect to the -Loader. - - -3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION - -Except insofar as the user is permitted to do so in accordance with applicable -law: - -3.1 Any analysis of the Loader and embedded data by any means and by -any entity whether human or otherwise and including but without limitation to -discover details of internal operation, to reverse engineer, to de-compile -object code, or to modify for the purposes of modifying behaviour is -forbidden. - -3.2 Any analysis of encoded files by any means and by any entity whether human -or otherwise and including but without limitation to discover details of file -format or for the purposes of modifying behaviour or scope of their usage is -forbidden. - - -4 WARRANTY - -THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED -WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE -DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED -OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN -CONJUNCTION WITH ANY OTHER PRODUCT. - - -5 LIMITATION OF LIABILITY - -5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY -PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER -CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE -AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS -EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL -WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING -FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR -OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY -LAW. - -5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT -ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS -A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS -OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE -PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH -DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS -TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. - -5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS -LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE -PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. - -5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY -E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY -THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING -TRANSMISSION. - - -6 BUG FIXING AND PRODUCT SUPPORT - -6.1 The provider will use reasonable endeavours to provide support to users. -The provider will at their discretion only provide support for the latest -release. - -6.2 Support comprises of fault reporting via tickets and fault diagnosis, -recommendations on workarounds, and where reasonably possible a timely -resolution. - -6.3 The user accepts that on occasion the ability of the provider to meet -anticipated or published support schedules may be impaired due to, but without -limitation, Internet service provider failures or software failures that -affect the ability to communicate for an indeterminate period. - -6.4 The provider reserves the right to refuse to provide support at any time. - -6.5 The provider wishes to maintain and offer a product of the highest -possible quality, and accordingly may from time to time and at its discretion -make product changes for the purpose of correcting behaviour in variance to -the published specification or the user's reasonable expectations. - -6.6 The provider reserves the right to charge for support where the user does -not have a valid support plan in place, or where the support offered exceeds -the scope of the active support plan. - - -7 PRODUCT UPGRADES - -7.1 The provider may from time to time release product upgrades. These will -be provided free of charge and attempts made to provide a timely notification -to customers of the existence of any new release. - - -8 ERRORS AND OMISSIONS - -Whilst reasonable endeavours are made to ensure the accuracy of documentation -concerning the details of the Loader, the user accepts the possibility of -inaccuracies in information presented in any format, including email -communications and online services. The provider shall under no circumstances -be liable for any events that arise as a result of unintentional inaccuracies -or omissions. - - -9 USER INDEMNITY - -You agree to fully indemnify, defend and hold the provider harmless -immediately upon demand from and against all actions, liability, claims, -losses, damages, costs and expenses (including legal/attorney fees) incurred -by the provider arising directly or indirectly as a result of your breach of -this Licence Agreement. - - -10 INTELLECTUAL PROPERTY RIGHTS - -10.1 The user acknowledges that the Loader and associated documentation and -materials contain proprietary information of the provider and are and shall -remain the exclusive property of the provider and/or its licensors and all -title, copyright, trade marks, trade names, patents and other intellectual -property rights therein of whatever nature shall remain the sole property of -the provider and/or its licensors. - -10.2 No title to or rights of ownership, copyright or other intellectual -property in the Loader is transferred to the user (other than the licence -rights expressly granted in this Licence Agreement). - - -11 TERMINATION - -11.1 The provider reserves the right to terminate this Licence Agreement -immediately by notice in writing against the user if the user is in breach of -any terms and conditions of this Licence Agreement. - -11.2 Termination of this Licence Agreement for any reason shall be without -prejudice to any other rights or remedies of the provider which may have -arisen on or before the date of termination under this Licence Agreement or in -law. - -11.3 The provisions of the following clauses shall survive any termination of -this agreement; clause 3, 5, 10 and 13. - - -12 GENERAL - -12.1 The provider reserves the right to transfer or assign all or any of its -rights and duties and responsibilities set out in this Licence Agreement to -another party. - -12.2 Headings have been included for convenience only and will not be used in -construing any provision of this Licence Agreement. - -12.3 No delay or failure by the provider to exercise any powers, rights or -remedies under this Licence Agreement will operate as a waiver of them nor -will any single or partial exercise of any such powers, rights or remedies -include any other or further exercise of them. - -12.4 If any part of this Licence Agreement is found by a court of competent -jurisdiction or other competent authority to be invalid, unlawful or -unenforceable then such part shall be severed from the remainder of this -Licence Agreement which will continue to be valid and enforceable to the -fullest extent permitted by applicable law. - -12.5 This Licence Agreement including the documents or other sources referred -to herein supersede all prior representations, understandings and agreements -between the user and the provider relating to the Loader and sets forth the -entire agreement and understanding between the user and the provider relating -to the Loader. - -12.6 Nothing in this Licence Agreement shall be deemed to constitute a -partnership between you and the provider nor constitute either party being an -agent of the other party. - -12.7 This Agreement does not create any rights or benefits enforceable by any -person not a party to it (within the meaning of the U.K.Contracts (Rights of -Third Parties) Act 1999) except that a person who under clause 12.1 is a -permitted successor or assignee of the rights or benefits of the provider may -enforce such rights or benefits. - - -13 GOVERNING LAW AND JURISDICTION - -This License Agreement and any issues relating thereto shall be construed and -interpreted in accordance with the laws of England and subject to the -exclusive jurisdiction of the English courts. - -Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 +LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE +OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) + +YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE +LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP +LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU +DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY +AND/OR USE THE LOADER SOFTWARE. + +DEFINITIONS + +The following definitions shall apply in this document: + +LOADER shall mean the ionCube PHP Loader software package or collection +of Loaders, including any modifications or upgrades to the software, used for +executing PHP scripts previously encoded with the ionCube PHP Encoder +software to render them non-humanly readable, and any associated +documentation or electronic or online materials relating to the software. + +ENCODER shall mean any ionCube PHP Encoder software or service used for the +purpose of producing non-humanly readable encoded files from PHP scripts. + +ENCODED FILE shall mean a non-humanly readable file produced by the +Encoder and being derived from humanly readable PHP script source. + +PROVIDER shall mean ionCube Ltd. + +USER/YOU shall mean any entity who has downloaded or obtained through any +other means a version of the Loader software. + + +1 LICENSE ENTITLEMENT + +1.1 The Loader is provided without charge. Title to the Loader does not pass +to the user in any circumstances. The Loader is supplied as object code. + +1.2 The provider grants a personal, non-transferable, non-exclusive licence to +use the Loader in accordance with the terms and conditions of this Licence +Agreement. + +1.3 The installation or downloading and use of the Loader entitles the user +to install and use the Loader for its own internal lawful purposes. + + +2 DISTRIBUTION + +2.1 The Loader may be freely distributed to third parties alone or as +part of a distribution containing other items provided that this license +is also included. + +2.2 The Loader may under no circumstances be branded as another product, +whether distributed or not. + +2.3 Distribution as part of a commercial product is permitted provided such +distribution is in accordance with clauses 2.1 and 2.2 with respect to the +Loader. + + +3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION + +Except insofar as the user is permitted to do so in accordance with applicable +law: + +3.1 Any analysis of the Loader and embedded data by any means and by +any entity whether human or otherwise and including but without limitation to +discover details of internal operation, to reverse engineer, to de-compile +object code, or to modify for the purposes of modifying behaviour is +forbidden. + +3.2 Any analysis of encoded files by any means and by any entity whether human +or otherwise and including but without limitation to discover details of file +format or for the purposes of modifying behaviour or scope of their usage is +forbidden. + + +4 WARRANTY + +THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED +WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE +DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED +OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN +CONJUNCTION WITH ANY OTHER PRODUCT. + + +5 LIMITATION OF LIABILITY + +5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY +PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER +CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE +AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS +EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL +WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING +FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR +OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY +LAW. + +5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT +ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS +A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS +OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE +PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH +DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS +TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. + +5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS +LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE +PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. + +5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY +E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY +THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING +TRANSMISSION. + + +6 BUG FIXING AND PRODUCT SUPPORT + +6.1 The provider will use reasonable endeavours to provide support to users. +The provider will at their discretion only provide support for the latest +release. + +6.2 Support comprises of fault reporting via tickets and fault diagnosis, +recommendations on workarounds, and where reasonably possible a timely +resolution. + +6.3 The user accepts that on occasion the ability of the provider to meet +anticipated or published support schedules may be impaired due to, but without +limitation, Internet service provider failures or software failures that +affect the ability to communicate for an indeterminate period. + +6.4 The provider reserves the right to refuse to provide support at any time. + +6.5 The provider wishes to maintain and offer a product of the highest +possible quality, and accordingly may from time to time and at its discretion +make product changes for the purpose of correcting behaviour in variance to +the published specification or the user's reasonable expectations. + +6.6 The provider reserves the right to charge for support where the user does +not have a valid support plan in place, or where the support offered exceeds +the scope of the active support plan. + + +7 PRODUCT UPGRADES + +7.1 The provider may from time to time release product upgrades. These will +be provided free of charge and attempts made to provide a timely notification +to customers of the existence of any new release. + + +8 ERRORS AND OMISSIONS + +Whilst reasonable endeavours are made to ensure the accuracy of documentation +concerning the details of the Loader, the user accepts the possibility of +inaccuracies in information presented in any format, including email +communications and online services. The provider shall under no circumstances +be liable for any events that arise as a result of unintentional inaccuracies +or omissions. + + +9 USER INDEMNITY + +You agree to fully indemnify, defend and hold the provider harmless +immediately upon demand from and against all actions, liability, claims, +losses, damages, costs and expenses (including legal/attorney fees) incurred +by the provider arising directly or indirectly as a result of your breach of +this Licence Agreement. + + +10 INTELLECTUAL PROPERTY RIGHTS + +10.1 The user acknowledges that the Loader and associated documentation and +materials contain proprietary information of the provider and are and shall +remain the exclusive property of the provider and/or its licensors and all +title, copyright, trade marks, trade names, patents and other intellectual +property rights therein of whatever nature shall remain the sole property of +the provider and/or its licensors. + +10.2 No title to or rights of ownership, copyright or other intellectual +property in the Loader is transferred to the user (other than the licence +rights expressly granted in this Licence Agreement). + + +11 TERMINATION + +11.1 The provider reserves the right to terminate this Licence Agreement +immediately by notice in writing against the user if the user is in breach of +any terms and conditions of this Licence Agreement. + +11.2 Termination of this Licence Agreement for any reason shall be without +prejudice to any other rights or remedies of the provider which may have +arisen on or before the date of termination under this Licence Agreement or in +law. + +11.3 The provisions of the following clauses shall survive any termination of +this agreement; clause 3, 5, 10 and 13. + + +12 GENERAL + +12.1 The provider reserves the right to transfer or assign all or any of its +rights and duties and responsibilities set out in this Licence Agreement to +another party. + +12.2 Headings have been included for convenience only and will not be used in +construing any provision of this Licence Agreement. + +12.3 No delay or failure by the provider to exercise any powers, rights or +remedies under this Licence Agreement will operate as a waiver of them nor +will any single or partial exercise of any such powers, rights or remedies +include any other or further exercise of them. + +12.4 If any part of this Licence Agreement is found by a court of competent +jurisdiction or other competent authority to be invalid, unlawful or +unenforceable then such part shall be severed from the remainder of this +Licence Agreement which will continue to be valid and enforceable to the +fullest extent permitted by applicable law. + +12.5 This Licence Agreement including the documents or other sources referred +to herein supersede all prior representations, understandings and agreements +between the user and the provider relating to the Loader and sets forth the +entire agreement and understanding between the user and the provider relating +to the Loader. + +12.6 Nothing in this Licence Agreement shall be deemed to constitute a +partnership between you and the provider nor constitute either party being an +agent of the other party. + +12.7 This Agreement does not create any rights or benefits enforceable by any +person not a party to it (within the meaning of the U.K.Contracts (Rights of +Third Parties) Act 1999) except that a person who under clause 12.1 is a +permitted successor or assignee of the rights or benefits of the provider may +enforce such rights or benefits. + + +13 GOVERNING LAW AND JURISDICTION + +This License Agreement and any issues relating thereto shall be construed and +interpreted in accordance with the laws of England and subject to the +exclusive jurisdiction of the English courts. + +Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 diff --git a/web/list/firewall/banlist/ip_info.php b/web/list/firewall/banlist/ip_info.php index cf7607bf..e7888a75 100644 --- a/web/list/firewall/banlist/ip_info.php +++ b/web/list/firewall/banlist/ip_info.php @@ -1,164 +1,164 @@ - 'http://lists.blocklist.de/lists/all.txt', - 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', - 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', - 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', - 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', - 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', - 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', - ]; - $today = date('Y-m-d'); - - foreach ($lists as $code => $url) { - $cache_tag = 'ip-blacklist-' . $code . '-cache'; - - // init cache - if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; - - // invalidate cache if clear_cache parameter is 1 - if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; - - // if cache is not updated, fetch new data and save to cache - if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { - $new_cache_data = fetchURL($url, $url_result); - if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); - $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; - } - - // check ip - $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { - if (str_contains($item, '/')) return cidrMatch($ip, $item); - if ($ip == $item) return true; - return false; - }); - - $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; - $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; - $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; - } - - return $check_results; -} - -// Check token -if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { - die("Wrong token"); -} - -$ip = $_REQUEST['ip']; - -// Validate IP format -if (filter_var($ip, FILTER_VALIDATE_IP) === false) { - die('GENERAL ERROR
BAD_IP_FORMAT'); -} - -// Query host -$host = gethostbyaddr($ip); - -// Query blocklists -$result_blocklists = ''; -$ip_check = checkIP($ip); -if ($ip_check) { - foreach ($ip_check as $list_code => $list_results) { - $result_blocklists .= '
'; - $result_blocklists .= $list_results['found'] ? '' : ''; - $result_blocklists .= ' '.$list_code.' '; - $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; - $result_blocklists .= '
'; - } -} - -// Query location -$url = 'https://api.db-ip.com/v2/free/'.$ip; -$result = fetchURL($url); -$result_array = json_decode($result, true); -if (!is_array($result_array)) { - die('GENERAL ERROR
BAD_JSON'); -} -if (!empty($result_array['errorCode'])) { - die('GENERAL ERROR
'.$result_array['errorCode']); -} - -// Output -echo " -
-
".__('Host')."
-
".$host."
-
".__('Banlist')."
-
".$result_blocklists."
-
".__('Continent')."
-
".$result_array['continentName']." [".$result_array['continentCode']."]
-
".__('Country')."
-
".$result_array['countryName']." [".$result_array['countryCode']."]
-
".__('State / Province')."
-
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
-
".__('City / Locality')."
-
".$result_array['city']."
-
-"; + 'http://lists.blocklist.de/lists/all.txt', + 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', + 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', + 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', + 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', + 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', + 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', + ]; + $today = date('Y-m-d'); + + foreach ($lists as $code => $url) { + $cache_tag = 'ip-blacklist-' . $code . '-cache'; + + // init cache + if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; + + // invalidate cache if clear_cache parameter is 1 + if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; + + // if cache is not updated, fetch new data and save to cache + if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { + $new_cache_data = fetchURL($url, $url_result); + if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); + $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; + } + + // check ip + $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { + if (str_contains($item, '/')) return cidrMatch($ip, $item); + if ($ip == $item) return true; + return false; + }); + + $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; + $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; + $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; + } + + return $check_results; +} + +// Check token +if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token"); +} + +$ip = $_REQUEST['ip']; + +// Validate IP format +if (filter_var($ip, FILTER_VALIDATE_IP) === false) { + die('GENERAL ERROR
BAD_IP_FORMAT'); +} + +// Query host +$host = gethostbyaddr($ip); + +// Query blocklists +$result_blocklists = ''; +$ip_check = checkIP($ip); +if ($ip_check) { + foreach ($ip_check as $list_code => $list_results) { + $result_blocklists .= '
'; + $result_blocklists .= $list_results['found'] ? '' : ''; + $result_blocklists .= ' '.$list_code.' '; + $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; + $result_blocklists .= '
'; + } +} + +// Query location +$url = 'https://api.db-ip.com/v2/free/'.$ip; +$result = fetchURL($url); +$result_array = json_decode($result, true); +if (!is_array($result_array)) { + die('GENERAL ERROR
BAD_JSON'); +} +if (!empty($result_array['errorCode'])) { + die('GENERAL ERROR
'.$result_array['errorCode']); +} + +// Output +echo " +
+
".__('Host')."
+
".$host."
+
".__('Banlist')."
+
".$result_blocklists."
+
".__('Continent')."
+
".$result_array['continentName']." [".$result_array['continentCode']."]
+
".__('Country')."
+
".$result_array['countryName']." [".$result_array['countryCode']."]
+
".__('State / Province')."
+
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
+
".__('City / Locality')."
+
".$result_array['city']."
+
+"; From 72252c561e8447b55d107a9d7be73baeb410363d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 1 Jun 2025 20:25:23 +0200 Subject: [PATCH 214/304] Small bug fix in main.php --- func/main.php | 1 + 1 file changed, 1 insertion(+) diff --git a/func/main.php b/func/main.php index 22834d42..4628c92a 100644 --- a/func/main.php +++ b/func/main.php @@ -53,6 +53,7 @@ function myvesta_check_args ($requried_arguments, $arguments) { $argument_counter=count($argv); $argument_counter--; $argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]); + $command=$argv[0]; // myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n"); if ($argument_counter<$requried_arguments) { $arguments=str_replace(" ", "' '", $arguments); From a3895aea0dd63526630cc44adbe5ed6234e3ba8d Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 2 Jun 2025 14:58:54 +0200 Subject: [PATCH 215/304] v-clear-fail2ban --- bin/v-clean-garbage | 7 ++++++ bin/v-clear-fail2ban | 59 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 bin/v-clear-fail2ban diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 36b50830..11e29122 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -90,6 +90,13 @@ if [ $fail2ban_running -eq 1 ]; then fi if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + systemctl restart nginx + fi + fi fi if [ $fail2ban_running -eq 1 ]; then systemctl start fail2ban diff --git a/bin/v-clear-fail2ban b/bin/v-clear-fail2ban new file mode 100644 index 00000000..ab3ab30c --- /dev/null +++ b/bin/v-clear-fail2ban @@ -0,0 +1,59 @@ +#!/bin/bash +# info: Clean fail2ban database +# options: NONE +# +# The function is cleaning fail2ban database + +#----------------------------------------------------------# +# Verifications & Variable & Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# check if fail2ban is installed +fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban') +if [ $fail2ban_installed -eq 0 ]; then + echo "Fail2ban is not installed" + exit 1 +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Cleaning fail2ban database +fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') +if [ $fail2ban_running -eq 1 ]; then + echo "== Stopping fail2ban" + systemctl stop fail2ban +fi +if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then + echo "== Cleaning fail2ban database" + rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + echo "== Cleaning nginx block.conf" + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting nginx" + systemctl restart nginx + fi + fi +fi +if [ $fail2ban_running -eq 1 ]; then + echo "== Starting fail2ban" + systemctl start fail2ban +fi + +echo "== Done, fail2ban database cleaned" + +log_event "$OK" "$ARGUMENTS" + +exit From 213ccd47df509c0bddc3554d8aa149adbbe076a2 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 3 Jun 2025 21:22:38 +0200 Subject: [PATCH 216/304] v-install-wordpress: Almost always use https --- bin/v-install-wordpress | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 5758e358..202919d0 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -95,19 +95,22 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1) # Action # #----------------------------------------------------------# -PROTOCOL='http' -if [ -z "$SKIP_LE" ]; then - if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then - /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" - fi -else - PROTOCOL='https' +PROTOCOL='https' + +if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then + echo "== Trying to install LetsEncrypt for domain $domain" + /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" +fi + +if [ ! -z "$FORCE_HTTP" ]; then + # Switch to http:// only if --FORCE_HTTP parameter is set + echo "== Force http://" + PROTOCOL='http' fi TPL_CHANGED=0; -if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then - PROTOCOL='https' +if [ "$PROTOCOL" = "https" ]; then if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" @@ -116,7 +119,8 @@ if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" fi -else +fi +if [ "$PROTOCOL" = "http" ]; then if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" @@ -147,11 +151,11 @@ sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user=" mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" echo "=================================================================" -echo "Installation is complete. Your username/password is listed below." +echo "Your WordPress installation is complete." echo "" -echo "Site: $PROTOCOL://$domain/" +echo "Website URL: $PROTOCOL://$domain/" echo "" -echo "Login: $PROTOCOL://$domain/wp-admin/" +echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/" echo "Username: $wpadmin" echo "Password: $password" echo "" From 4932dd3bb4908e8e3439497b456719fc7260a7e3 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 14:53:49 +0200 Subject: [PATCH 217/304] Fix dkim record deletion command in v-delete-mail-domain-dkim script --- bin/v-delete-mail-domain-dkim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-delete-mail-domain-dkim b/bin/v-delete-mail-domain-dkim index f11e48d4..7cfbab58 100755 --- a/bin/v-delete-mail-domain-dkim +++ b/bin/v-delete-mail-domain-dkim @@ -48,7 +48,7 @@ fi # Deleting dns record if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then records=$($BIN/v-list-dns-records $user $domain plain) - dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') + dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}') for id in $dkim_records; do $BIN/v-delete-dns-record $user $domain $id done From 8d9a3e1ca0f6c570f87daefce71b4d0a12b4b763 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 16:23:42 +0200 Subject: [PATCH 218/304] v-change-user-package switched to parse_object_kv_list_non_eval --- bin/v-change-user-package | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-change-user-package b/bin/v-change-user-package index d0de98db..012d2f1f 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -23,7 +23,7 @@ is_package_avalable() { usr_data=$(cat $USER_DATA/user.conf) IFS=$'\n' for key in $usr_data; do - eval ${key%%=*}=${key#*=} + parse_object_kv_list_non_eval $key done WEB_DOMAINS='0' @@ -76,8 +76,8 @@ is_package_avalable() { } change_user_package() { - eval $(cat $USER_DATA/user.conf) - eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") + parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf) + parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") echo "FNAME='$FNAME' LNAME='$LNAME' PACKAGE='$package' From 89b7538fadfcc7d32f970c3cae5b650ee82bd7c4 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 17:08:08 +0200 Subject: [PATCH 219/304] Enhance package validation --- bin/v-add-user-package | 5 ++++- bin/v-change-user-package | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/bin/v-add-user-package b/bin/v-add-user-package index 0cab1a3d..e9fe210a 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -28,7 +28,7 @@ is_package_new() { } is_package_consistent() { - source $pkg_dir/$package.pkg + parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg) if [ "$WEB_DOMAINS" != 'unlimited' ]; then is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi @@ -63,6 +63,9 @@ is_package_consistent() { is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } diff --git a/bin/v-change-user-package b/bin/v-change-user-package index 012d2f1f..1e088bcc 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -16,6 +16,7 @@ force=$3 # Includes source $VESTA/func/main.sh +source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf is_package_avalable() { @@ -35,7 +36,7 @@ is_package_avalable() { pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\ grep -v DATE) - eval $pkg_data + parse_object_kv_list_non_eval $pkg_data # Checking usage agains package limits if [ "$WEB_DOMAINS" != 'unlimited' ]; then @@ -73,6 +74,10 @@ is_package_avalable() { check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage" fi fi + + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } change_user_package() { From 0fd5be1d28557267490d911d64b3e26bb5baa060 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 20:36:05 +0200 Subject: [PATCH 220/304] Activating FileManager licence for all users --- install/vst-install-debian.sh | 3 ++- src/deb/vesta/postinst | 5 +++++ web/templates/file_manager/main.php | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ff19d1d5..ef4bc374 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2089,10 +2089,11 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf +echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf echo "================================================================" # Removing old PHP sessions files -crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - +cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 523678e3..107bd6f6 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,11 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then + echo "== Adding FileManager license to vesta.conf" + echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf +fi + # Adding myVesta rules to SpamAssassin if [ -d "/etc/spamassassin" ]; then spamassassin_modified=0 diff --git a/web/templates/file_manager/main.php b/web/templates/file_manager/main.php index 2e82f811..dd9095f7 100644 --- a/web/templates/file_manager/main.php +++ b/web/templates/file_manager/main.php @@ -19,6 +19,7 @@ +
©
From 85f39364a435c2834220b61ab9c06dd01c7ddc62 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 20:47:57 +0200 Subject: [PATCH 221/304] v-commander: stop setting a root password --- bin/v-commander | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 834fb38b..f04b3a17 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -101,7 +101,7 @@ myhelp() { echo "m def = install php-memcached if needed" echo "check fc = check if FreshClam is up" echo "-----------------------------" - echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" + echo "enable-ssh-root-password-login = Allow root password authentication via SSH" echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" echo "-----------------------------" } @@ -535,18 +535,11 @@ do echo "--- New settings ---" grep '^PermitRoot' /etc/ssh/sshd_config echo "--------------------" - root_password=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32) - hashed_root_password=$(openssl passwd -6 "$root_password") - sed -i "s#^root:.*#root:$hashed_root_password#" /etc/shadow - echo "Root password is now a new random password." - echo "New root password: $root_password" - echo "--------------------" - grep '^root:' /etc/shadow - grep '^admin:' /etc/shadow - echo "--------------------" echo "Port 22 opened in Firewall for all IP addresses." /usr/local/vesta/bin/v-unsuspend-firewall-rule "11" echo "--------------------" + echo "Type 'passwd' in the terminal to set the root password." + echo "--------------------" fi if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then From 6d752d93f589a0d357a130f4eab2b3de7956fa26 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 07:53:20 +0200 Subject: [PATCH 222/304] Adding v-cd-www alias to root bash profile --- install/vst-install-debian.sh | 6 +++++- src/deb/vesta/postinst | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ef4bc374..18a25f10 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2089,13 +2089,17 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf +echo "== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf echo "================================================================" # Removing old PHP sessions files cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) -echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile +if [ -f "/root/.bash_profile" ]; then + echo "== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile +fi #----------------------------------------------------------# # myVesta Access Info # diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 107bd6f6..68252789 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -30,6 +30,13 @@ if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf fi +if [ -f "/root/.bash_profile" ]; then + if ! grep -q "v-cd-www" /root/.bash_profile; then + echo "== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile + fi +fi + # Adding myVesta rules to SpamAssassin if [ -d "/etc/spamassassin" ]; then spamassassin_modified=0 From 413787070aec1eff85ad198c2a5aa0dad9dbaddb Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 08:08:27 +0200 Subject: [PATCH 223/304] Skip prompt to continue in vst-install-debian.sh if all required variables are set --- install/vst-install-debian.sh | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 18a25f10..f6de9e70 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -491,10 +491,16 @@ echo -e "\n\n" # Asking for confirmation to proceed if [ "$interactive" = 'yes' ]; then - read -p 'Would you like to continue [y/n]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 + prompt_to_continue=1; + if [ ! -z "$email" ] && [ ! -z "$secret_url" ] && [ ! -z "$port" ] && [ ! -z "$servername" ]; then + prompt_to_continue=0; + fi + if [ $prompt_to_continue -eq 1 ]; then + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi fi # Asking for contact email @@ -2081,7 +2087,6 @@ if [ "$port" != "8083" ]; then $VESTA/bin/v-change-vesta-port $port fi -echo "=== Set URL for phpmyadmin" echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf if [ "$release" -gt 9 ]; then echo "=== Set max_length_of_MySQL_username=80" @@ -2089,15 +2094,15 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf -echo "== Adding FileManager license to vesta.conf" +echo "=== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf -echo "================================================================" # Removing old PHP sessions files -cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) +touch /var/spool/cron/crontabs/root +echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;" >> /var/spool/cron/crontabs/root if [ -f "/root/.bash_profile" ]; then - echo "== Adding v-cd-www alias to root bash profile" + echo "=== Adding v-cd-www alias to root bash profile" echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile fi From c5d0619a6b2f8ff2fadfc92be5a6d7ed8dbb35b1 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 14:46:58 +0200 Subject: [PATCH 224/304] Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl --- bin/v-install-unsigned-ssl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index 8df023c9..9ac2f188 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,7 +52,9 @@ fi # Action # #----------------------------------------------------------# -/usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" +if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then + /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" +fi release=$(cat /etc/debian_version | tr "." "\n" | head -n1) From 2fe4ce2ae4535ffb0bbd673294bed67b04b4c05c Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 16 Jun 2025 15:49:34 +0200 Subject: [PATCH 225/304] v-change-db-password-to-wordpress --- bin/v-change-db-password-to-all-wordpress | 43 ++++++++++ bin/v-change-db-password-to-wordpress | 100 ++++++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 bin/v-change-db-password-to-all-wordpress create mode 100644 bin/v-change-db-password-to-wordpress diff --git a/bin/v-change-db-password-to-all-wordpress b/bin/v-change-db-password-to-all-wordpress new file mode 100644 index 00000000..b31edb80 --- /dev/null +++ b/bin/v-change-db-password-to-all-wordpress @@ -0,0 +1,43 @@ +#!/bin/bash +# info: change db password to all wordpress databases +# options: +# +# The command is used for changing db password to all wordpress databases on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + /usr/local/vesta/bin/v-change-db-password-to-wordpress $domain + echo "--------------------------------" + fi + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-db-password-to-wordpress b/bin/v-change-db-password-to-wordpress new file mode 100644 index 00000000..d7ce1782 --- /dev/null +++ b/bin/v-change-db-password-to-wordpress @@ -0,0 +1,100 @@ +#!/bin/bash +# info: change db password to wordpress database +# options: +# +# The command is used for changing db password to wordpress database. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +if [ -z "$user" ]; then + echo "ERROR: Domain $domain not found" + exit 1; +fi + +if [ ! -d "/home/$user" ]; then + echo "ERROR: User $user doesn't exist"; + exit 1; +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "ERROR: Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo "=== Domain: $domain" + wp_config_path="/home/$user/web/$domain/public_html/wp-config.php" + if grep -q $'\r' $wp_config_path; then + echo "=== removing CRLF from wp-config.php" + tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path + chown $user:$user $wp_config_path + fi + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") + new_password=$(generate_password) + echo "DB name: $db_name" + echo "New DB password: $new_password" + # echo "executing: /usr/local/vesta/bin/v-change-database-password \"$user\" \"$db_name\" \"$new_password\"" + /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" + if [ $? -ne 0 ]; then + echo "*************** ERROR: Failed to change database password ***************" + exit 1; + fi + line="define('DB_PASSWORD', '$new_password');" + chattr -i $wp_config_path + sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path + new_password_line=$(grep "DB_PASSWORD" $wp_config_path) + echo "New DB password line: $new_password_line" + if [ "$new_password_line" != "$line" ]; then + echo "*************** ERROR: line in wp-config.php is not what we expected ***************" + echo "Expected: $line" + echo "Actual : $new_password_line" + echo "*************** ERROR: Please check wp-config.php manually ***************" + exit 1; + fi +else + echo "ERROR: WP-config.php not found" + exit 1; +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit From 819450ca5c1de0646037f8734a103a1870ea39ea Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Mon, 16 Jun 2025 17:23:28 +0200 Subject: [PATCH 226/304] Create v-fix-wp-core --- bin/v-fix-wp-core | 90 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 bin/v-fix-wp-core diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core new file mode 100644 index 00000000..5bef3232 --- /dev/null +++ b/bin/v-fix-wp-core @@ -0,0 +1,90 @@ +#!/bin/bash +# info: fix compromised wp-admin and wp-includes +# options: DOMAIN [CACHE_DIR] +# +# Replaces wp-admin and wp-includes with clean copies that match +# the WordPress core version detected on the site. +# +# Example: +# v-fix-wp-core example.com +# v-fix-wp-core example.com /srv/wp-cache + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Arguments +DOMAIN="$1" +CACHE_DIR="${2-/srv/wp-cache}" # default cache location + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# +check_args '1' "$#" 'DOMAIN [CACHE_DIR]' +is_format_valid 'domain' + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace +trap 'rm -rf "$TMP_DIR"' EXIT + +# 1etermine WP version +WP_VERSION="$(v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +check_result $? "cannot detect WP version" > /dev/null +if [ -z "$WP_VERSION" ]; then + check_result 1 "empty WP version string" +fi +echo "Detected WordPress version $WP_VERSION" + +# 2ind site owner and path +USER="$(v-search-domain-owner "$DOMAIN")" +check_result $? "cannot find domain owner" > /dev/null +SITE_PATH="/home/$USER/web/$DOMAIN/public_html" +if [ ! -d "$SITE_PATH" ]; then + check_result 1 "site path $SITE_PATH does not exist" +fi + +# ensure cached core is present +CACHE_PATH="$CACHE_DIR/$WP_VERSION" +if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then + echo "Cache for $WP_VERSION missing, downloading ZIP..." + + mkdir -p "$CACHE_PATH" + ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip" + ZIP_FILE="$TMP_DIR/wp.zip" + + curl -fSL "$ZIP_URL" -o "$ZIP_FILE" + check_result $? "download failed" > /dev/null + + unzip -q "$ZIP_FILE" -d "$TMP_DIR" + check_result $? "unzip failed" > /dev/null + + mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" + mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" +fi + +# backup current core folders +TIMESTAMP="$(date +%Y%m%d%H%M%S)" +BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" +mkdir -p "$BACKUP_DIR" +mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" +mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" +check_result $? "backup failed" > /dev/null +echo "Old core folders moved to $BACKUP_DIR" + +# deploy clean core +rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" +rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" +check_result $? "rsync failed" > /dev/null + +# fix permissions +v-fix-website-permissions $DOMAIN + +echo "Done, wp-admin and wp-includes replaced for $DOMAIN" +exit From 4f871db1fc52dd1e357ddb2d7e5566c2f916072c Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Mon, 16 Jun 2025 17:28:34 +0200 Subject: [PATCH 227/304] Update v-fix-wp-core --- bin/v-fix-wp-core | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 5bef3232..67d91f40 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -75,6 +75,7 @@ BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" +chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -85,6 +86,7 @@ check_result $? "rsync failed" > /dev/null # fix permissions v-fix-website-permissions $DOMAIN +chown -R www-data:www-data "$BACKUP_DIR" echo "Done, wp-admin and wp-includes replaced for $DOMAIN" exit From 59053e2ffd745754350609d4eb797cd8ea6121ca Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:07:17 +0200 Subject: [PATCH 228/304] Update v-fix-wp-core --- bin/v-fix-wp-core | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 67d91f40..e852da4d 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -67,6 +67,7 @@ if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" + cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/" fi # backup current core folders @@ -75,6 +76,12 @@ BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" + +for f in "$SITE_PATH"/*.php; do + [[ $(basename "$f") == "wp-config.php" ]] && continue + mv "$f" "$BACKUP_DIR/" +done + chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -84,6 +91,12 @@ rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" check_result $? "rsync failed" > /dev/null +for corephp in "$CACHE_PATH"/*.php; do + base=$(basename "$corephp") + [ "$base" = "wp-config.php" ] && continue + rsync -a "$corephp" "$SITE_PATH/$base" +done + # fix permissions v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" From e8cbaa742f454bdc0e1b2552100e9e43098d8fec Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:23:04 +0200 Subject: [PATCH 229/304] Create v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 115 ++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 bin/v-change-wp-admins-pass diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass new file mode 100644 index 00000000..0b55082d --- /dev/null +++ b/bin/v-change-wp-admins-pass @@ -0,0 +1,115 @@ +#!/bin/bash +# info: interactively change WordPress admin passwords for a given domain +# options: DOMAIN + +# -------------------------------------------------------- # +# variables and checks # +# -------------------------------------------------------- # + +if [ "$(whoami)" != "root" ]; then + echo "You must be root to run this command." + exit 1 +fi + +source /etc/profile + +domain="$1" +if [ -z "$domain" ]; then + echo "Usage: v-change-wp-admin-pass DOMAIN" + exit 1 +fi + +user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") +if [ -z "$user" ]; then + echo "Domain $domain does not exist." + exit 1 +fi + +wp_path="/home/$user/web/$domain/public_html" +if [ ! -f "$wp_path/wp-config.php" ]; then + echo "WordPress is not installed on this domain." + exit 1 +fi + +# make sure WP-CLI exists +if ! command -v wp >/dev/null 2>&1; then + echo "WP-CLI is not installed, installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp +fi + +# detect PHP for this domain +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +if command -v "php$phpver" >/dev/null 2>&1; then + php_bin=$(command -v "php$phpver") +else + php_bin=$(command -v php) +fi +[ -z "$php_bin" ] && { echo "Could not find a PHP binary."; exit 1; } + +# WP-CLI wrapper (array keeps spaces intact) +wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) + +# simple random 10-char generator (letters and digits) +gen_pass() { + tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) + +if [ -z "$admin_list" ]; then + echo "No administrator accounts found." + exit 0 +fi + +printf "%-6s %-20s %s\n" "ID" "Username" "Email" +echo "$admin_list" | while IFS=',' read -r id login email; do + printf "%-6s %-20s %s\n" "$id" "$login" "$email" +done + +echo +echo "You will be asked for each admin whether you want to change the password." + +# interactive loop +while IFS=',' read -r id login email; do + [ -n "$email" ] && prompt_target="$login <$email>" || prompt_target="$login" + + while true; do + read -r -p "Change the password for $prompt_target? (y/n) " yn < /dev/tty + case "$yn" in + [Yy]* ) + new_pass=$(gen_pass) + if "${wp_run[@]}" user update "$id" --user_pass="$new_pass" --quiet; then + echo "Password for $prompt_target has been changed to: $new_pass" + else + echo "Failed to change password for $prompt_target." + fi + break + ;; + [Nn]* ) + echo "Skipping $prompt_target." + break + ;; + * ) + echo "Please answer y or n." + ;; + esac + done +done <<< "$admin_list" + +echo +echo "Done." +exit 0 From aa2f5e4fbb59a7f0c19ae3c50b7856cc3ff2ac4d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:40:10 +0200 Subject: [PATCH 230/304] Update v-fix-wp-core --- bin/v-fix-wp-core | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index e852da4d..8bf3277b 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -35,7 +35,7 @@ TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace trap 'rm -rf "$TMP_DIR"' EXIT # 1etermine WP version -WP_VERSION="$(v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" check_result $? "cannot detect WP version" > /dev/null if [ -z "$WP_VERSION" ]; then check_result 1 "empty WP version string" @@ -43,7 +43,7 @@ fi echo "Detected WordPress version $WP_VERSION" # 2ind site owner and path -USER="$(v-search-domain-owner "$DOMAIN")" +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" check_result $? "cannot find domain owner" > /dev/null SITE_PATH="/home/$USER/web/$DOMAIN/public_html" if [ ! -d "$SITE_PATH" ]; then @@ -98,7 +98,7 @@ for corephp in "$CACHE_PATH"/*.php; do done # fix permissions -v-fix-website-permissions $DOMAIN +/usr/local/vesta/bin/v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" echo "Done, wp-admin and wp-includes replaced for $DOMAIN" From a8e39817fcb8c9d30dc02cb85fa2f22634030987 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:40:47 +0200 Subject: [PATCH 231/304] Create v-desinfect-wp --- bin/v-desinfect-wp | 89 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 bin/v-desinfect-wp diff --git a/bin/v-desinfect-wp b/bin/v-desinfect-wp new file mode 100644 index 00000000..e1ddc65d --- /dev/null +++ b/bin/v-desinfect-wp @@ -0,0 +1,89 @@ +#!/bin/bash +# info: disinfect a WordPress site with several maintenance commands +# options: DOMAIN + +# -------------------------------------------------------- # +# variables and checks # +# -------------------------------------------------------- # + +if [ "$(whoami)" != "root" ]; then + echo "You must be root to run this command." + exit 1 +fi + +# make sure all Vesta helper scripts are reachable +export PATH="/usr/local/vesta/bin:$PATH" +source /etc/profile + +domain="$1" +if [ -z "$domain" ]; then + echo "Usage: v-desinfect-wp DOMAIN" + exit 1 +fi + +user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") +if [ -z "$user" ]; then + echo "Domain $domain does not exist." + exit 1 +fi + +# choose the correct admin-password script (with or without the “s”) +if [ -x /usr/local/vesta/bin/v-change-wp-admin-pass ]; then + admin_pass_script="/usr/local/vesta/bin/v-change-wp-admin-pass" +elif [ -x /usr/local/vesta/bin/v-change-wp-admins-pass ]; then + admin_pass_script="/usr/local/vesta/bin/v-change-wp-admins-pass" +else + admin_pass_script="" +fi + +# absolute paths to maintenance scripts, in desired order +declare -a tasks=( + "/usr/local/vesta/bin/v-change-db-password-to-wordpress" + "/usr/local/vesta/bin/v-fix-wp-core" + "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" +) + +# append the admin script if we found one +[ -n "$admin_pass_script" ] && tasks+=("$admin_pass_script") + +# -------------------------------------------------------- # +# execution strategy # +# -------------------------------------------------------- # + +echo +read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty + +if [[ "$run_all" =~ ^[Yy]$ ]]; then + echo "Running all maintenance steps for $domain" + automatic=true +else + echo + echo "Selective mode. You will be asked for each step." + automatic=false +fi + +for cmd in "${tasks[@]}"; do + if [ ! -x "$cmd" ]; then + echo "Command $cmd not found or not executable, skipping." + continue + fi + + if [ "$automatic" = false ]; then + while true; do + read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty + case "$yn" in + [Yy]* ) break ;; + [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;; + * ) echo "Please answer y or n." ;; + esac + done + fi + + echo + echo "=== $(basename "$cmd") $domain ===" + "$cmd" "$domain" +done + +echo +echo "Done." +exit 0 From 8a4b66a135bf956c6acc6ec62430a5b2ebe5b772 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:42:19 +0200 Subject: [PATCH 232/304] Update v-fix-wp-core --- bin/v-fix-wp-core | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 8bf3277b..4240b0ab 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -101,5 +101,5 @@ done /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" -echo "Done, wp-admin and wp-includes replaced for $DOMAIN" +echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" exit From 12dc1a57182fc3c63e7c79ccace891949eb02070 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:49:27 +0200 Subject: [PATCH 233/304] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 0b55082d..9351e4a1 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -31,7 +31,7 @@ if [ ! -f "$wp_path/wp-config.php" ]; then exit 1 fi -# make sure WP-CLI exists +# ensure WP-CLI exists if ! command -v wp >/dev/null 2>&1; then echo "WP-CLI is not installed, installing..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp @@ -50,7 +50,7 @@ fi # WP-CLI wrapper (array keeps spaces intact) wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) -# simple random 10-char generator (letters and digits) +# random 10-character password generator (letters and digits) gen_pass() { tr -dc 'A-Za-z0-9' Date: Tue, 17 Jun 2025 01:20:05 +0200 Subject: [PATCH 234/304] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 153 ++++++++++++------------------------ 1 file changed, 50 insertions(+), 103 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 9351e4a1..f7aa5245 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -1,128 +1,75 @@ #!/bin/bash -# info: interactively change WordPress admin passwords for a given domain +# info: disinfect a WordPress site with several maintenance commands # options: DOMAIN -# -------------------------------------------------------- # -# variables and checks # -# -------------------------------------------------------- # +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# +DOMAIN="$1" +VESTA="/usr/local/vesta" + +# absolute paths to maintenance scripts +CHANGE_DB_PASS="/usr/local/vesta/bin/v-change-db-password-to-wordpress" +FIX_CORE="/usr/local/vesta/bin/v-fix-wp-core" +WF_SCAN="/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" +ADMIN_PASS="/usr/local/vesta/bin/v-change-wp-admins-pass" + +TASKS=( + "$CHANGE_DB_PASS" + "$FIX_CORE" + "$WF_SCAN" + "$ADMIN_PASS" +) + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# if [ "$(whoami)" != "root" ]; then echo "You must be root to run this command." exit 1 fi -source /etc/profile - -domain="$1" -if [ -z "$domain" ]; then - echo "Usage: v-change-wp-admin-pass DOMAIN" +if [ -z "$DOMAIN" ]; then + echo "Usage: v-desinfect-wp DOMAIN" exit 1 fi -user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") -if [ -z "$user" ]; then - echo "Domain $domain does not exist." +if ! "$VESTA/bin/v-search-domain-owner" "$DOMAIN" >/dev/null 2>&1; then + echo "Domain $DOMAIN does not exist." exit 1 fi -wp_path="/home/$user/web/$domain/public_html" -if [ ! -f "$wp_path/wp-config.php" ]; then - echo "WordPress is not installed on this domain." - exit 1 -fi - -# ensure WP-CLI exists -if ! command -v wp >/dev/null 2>&1; then - echo "WP-CLI is not installed, installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp -fi - -# detect PHP for this domain -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") -if command -v "php$phpver" >/dev/null 2>&1; then - php_bin=$(command -v "php$phpver") -else - php_bin=$(command -v php) -fi -[ -z "$php_bin" ] && { echo "Could not find a PHP binary."; exit 1; } - -# WP-CLI wrapper (array keeps spaces intact) -wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) - -# random 10-character password generator (letters and digits) -gen_pass() { - tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) +for CMD in "${TASKS[@]}"; do + if [ ! -x "$CMD" ]; then + echo "Command $CMD not found or not executable, skipping." + continue + fi -if [ -z "$admin_list" ]; then - echo "No administrator accounts found." - exit 0 -fi + if [ "$AUTOMATIC" = false ]; then + while true; do + read -r -p "Run $(basename "$CMD") for $DOMAIN? (y/n) " YN < /dev/tty + case "$YN" in + [Yy]* ) break ;; + [Nn]* ) echo "Skipping $(basename "$CMD")."; continue 2 ;; + * ) echo "Please answer y or n." ;; + esac + done + fi -printf "%-6s %-20s %s\n" "ID" "Username" "Email" -echo "$admin_list" | while IFS=',' read -r id login email; do - printf "%-6s %-20s %s\n" "$id" "$login" "$email" + echo + echo "=== $(basename "$CMD") $DOMAIN ===" + "$CMD" "$DOMAIN" done -echo -echo "You will be asked for each admin whether you want to change the password." - -# interactive loop -while IFS=',' read -r id login email; do - [ -n "$email" ] && prompt_target="$login <$email>" || prompt_target="$login" - - while true; do - read -r -p "Change the password for $prompt_target? (y/n) " yn < /dev/tty - case "$yn" in - [Yy]* ) - new_pass=$(gen_pass) - if "${wp_run[@]}" user update "$id" --user_pass="$new_pass" --quiet; then - echo "Password for $prompt_target has been changed to: $new_pass" - else - echo "Failed to change password for $prompt_target." - fi - break - ;; - [Nn]* ) - echo "Skipping $prompt_target." - break - ;; - * ) - echo "Please answer y or n." - ;; - esac - done -done <<< "$admin_list" - -# -------------------------------------------------------- # -# flush cache and refresh all security salts # -# -------------------------------------------------------- # - -echo -echo "Flushing cache and refreshing salts..." - -"${wp_run[@]}" cache flush -"${wp_run[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force -"${wp_run[@]}" config shuffle-salts - -echo "Cache flushed and salts refreshed." - echo echo "Done." exit 0 From 31413a8f7301ed055c0df73feeb4185f6890dfce Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 01:56:02 +0200 Subject: [PATCH 235/304] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 152 ++++++++++++++++++++++++------------ 1 file changed, 104 insertions(+), 48 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index f7aa5245..0249efb7 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -1,75 +1,131 @@ #!/bin/bash -# info: disinfect a WordPress site with several maintenance commands +# info: interactively delete or change WordPress admin passwords for a given domain # options: DOMAIN +# +# d → delete user (with content reassignment) +# c → change password (random 10-char alnum) +# s → skip #----------------------------------------------------------# # Variable & Function # #----------------------------------------------------------# +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + DOMAIN="$1" -VESTA="/usr/local/vesta" +[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; } -# absolute paths to maintenance scripts -CHANGE_DB_PASS="/usr/local/vesta/bin/v-change-db-password-to-wordpress" -FIX_CORE="/usr/local/vesta/bin/v-fix-wp-core" -WF_SCAN="/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" -ADMIN_PASS="/usr/local/vesta/bin/v-change-wp-admins-pass" +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } -TASKS=( - "$CHANGE_DB_PASS" - "$FIX_CORE" - "$WF_SCAN" - "$ADMIN_PASS" -) +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# -if [ "$(whoami)" != "root" ]; then - echo "You must be root to run this command." - exit 1 +# ensure WP-CLI binary +if ! command -v wp >/dev/null 2>&1; then + echo "WP-CLI is not installed, installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp fi -if [ -z "$DOMAIN" ]; then - echo "Usage: v-desinfect-wp DOMAIN" - exit 1 -fi +PHPVER=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$DOMAIN") +PHP_BIN=$(command -v "php$PHPVER" 2>/dev/null || command -v php) +[ -z "$PHP_BIN" ] && { echo "Could not find a PHP binary."; exit 1; } -if ! "$VESTA/bin/v-search-domain-owner" "$DOMAIN" >/dev/null 2>&1; then - echo "Domain $DOMAIN does not exist." - exit 1 -fi +# WP-CLI wrapper +WP_RUN=(sudo -u "$USER" "$PHP_BIN" /usr/local/bin/wp --skip-plugins --skip-themes) + +# random 10-char password +gen_pass() { tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) +[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } - if [ "$AUTOMATIC" = false ]; then - while true; do - read -r -p "Run $(basename "$CMD") for $DOMAIN? (y/n) " YN < /dev/tty - case "$YN" in - [Yy]* ) break ;; - [Nn]* ) echo "Skipping $(basename "$CMD")."; continue 2 ;; - * ) echo "Please answer y or n." ;; - esac - done - fi - - echo - echo "=== $(basename "$CMD") $DOMAIN ===" - "$CMD" "$DOMAIN" +printf "%-6s %-20s %s\n" "ID" "Username" "Email" +echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do + printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" done +echo +echo "For each admin choose: (d) delete, (c) change password, (s) skip." + +# interactive loop +echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do + [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" + while true; do + read -r -p "Action for $TARGET [d/c/s]? " ACT < /dev/tty + case "$ACT" in + [Dd]* ) + read -r -p "Really DELETE $TARGET? (y/n) " CONF < /dev/tty + if [[ "$CONF" =~ ^[Yy]$ ]]; then + # build an array of OTHER admin usernames + mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') + if [ "${#OTHER_USERS[@]}" -eq 0 ]; then + echo "Cannot delete the only administrator account." + break + fi + DEFAULT_USER="${OTHER_USERS[0]}" + echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" + while true; do + read -r -p "Reassign content to which username? [default $DEFAULT_USER] " REASSIGN < /dev/tty + REASSIGN=${REASSIGN:-$DEFAULT_USER} + if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then + break + else + echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" + fi + done + # delete by username, reassign by username + "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes >/dev/null 2>&1 + echo "$TARGET deleted (content reassigned to $REASSIGN)." + else + echo "Deletion cancelled." + fi + break + ;; + [Cc]* ) + NEW_PASS=$(gen_pass) + if "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --quiet; then + echo "Password for $TARGET changed to: $NEW_PASS" + else + echo "Failed to change password for $TARGET." + fi + break + ;; + [Ss]* ) + echo "Skipping $TARGET." + break + ;; + * ) echo "Please answer d, c, or s." ;; + esac + done +done + +#----------------------------------------------------------# +# flush cache and refresh all security salts # +#----------------------------------------------------------# + +echo +echo "Flushing cache and refreshing salts..." + +"${WP_RUN[@]}" cache flush +"${WP_RUN[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force +"${WP_RUN[@]}" config shuffle-salts + +echo "Cache flushed and salts refreshed." + echo echo "Done." exit 0 From 596bce582f627d14b5ff0f0422773e7a894b4f2f Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 11:43:48 +0200 Subject: [PATCH 236/304] Jailing v-run-wp-cli --- bin/v-run-wp-cli | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 672832ab..ebe654f6 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -63,6 +63,9 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi +mkdir -p /home/$user/.wp-cli +chown $user:$user /home/$user/.wp-cli + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# @@ -70,7 +73,11 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command +sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log + +echo "WP CLI: Done." +echo "To see Warning/Error log: " +echo "cat /home/$user/web/$domain/wp-cli-error.log" #----------------------------------------------------------# # Vesta # From d1c48504adcf33fe068d065997f189d354399ff6 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 14:02:31 +0200 Subject: [PATCH 237/304] v-run-wp-cli --- bin/v-run-wp-cli | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index ebe654f6..9325d47d 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -75,9 +75,9 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") cd /home/$USER/web/$domain/public_html sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log -echo "WP CLI: Done." -echo "To see Warning/Error log: " -echo "cat /home/$user/web/$domain/wp-cli-error.log" +# echo "WP CLI: Done." +# echo "To see Warning/Error log: " +# echo "cat /home/$user/web/$domain/wp-cli-error.log" #----------------------------------------------------------# # Vesta # From c8f9601a356df33ba8c13b24ac178352b6e91931 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 15:56:56 +0200 Subject: [PATCH 238/304] v-fix-wp-core: BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/ --- bin/v-fix-wp-core | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 4240b0ab..1dd87b71 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -17,6 +17,8 @@ DOMAIN="$1" CACHE_DIR="${2-/srv/wp-cache}" # default cache location +QUARANTINE_DIR="/srv/wp-quarantine" + # Includes source $VESTA/func/main.sh source $VESTA/conf/vesta.conf @@ -72,7 +74,7 @@ fi # backup current core folders TIMESTAMP="$(date +%Y%m%d%H%M%S)" -BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" +BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" From b13b25602c1901cea81a37ed64516bd64f8f41fe Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 19:29:58 +0200 Subject: [PATCH 239/304] Use wp-cli from git repo if available --- bin/v-run-wp-cli | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 9325d47d..31730f63 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -58,6 +58,12 @@ if ! command -v wp &> /dev/null; then echo "WP CLI installed successfully." fi +wpcli="/usr/local/bin/wp" + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" +fi + if [ ! -d "/home/$user/web/$domain/public_html" ]; then # echo "Domain doesn't exist"; exit 1; @@ -73,7 +79,7 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log # echo "WP CLI: Done." # echo "To see Warning/Error log: " From e46c7e4e60e3a225777de5c89ad527b4e0c8afd5 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 22:22:16 +0200 Subject: [PATCH 240/304] v-get-wp-cli and terminal $COLUMNS fix --- bin/v-get-wp-cli | 44 ++++++++++++++++++++++++++++++++++++++++++++ bin/v-run-wp-cli | 15 +++++++++------ 2 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 bin/v-get-wp-cli diff --git a/bin/v-get-wp-cli b/bin/v-get-wp-cli new file mode 100644 index 00000000..c097a024 --- /dev/null +++ b/bin/v-get-wp-cli @@ -0,0 +1,44 @@ +#!/bin/bash +# info: Download WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +if [ ! -f "/usr/local/bin/composer" ]; then + echo "= Composer is not installed. Installing..." + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + php -r "unlink('composer-setup.php');" + echo "= Composer installed successfully." +fi + +if [ -d "/usr/local/bin/wp-cli" ]; then + echo "= Removing old WP CLI..." + rm -rf /usr/local/bin/wp-cli +fi + +cd /usr/local/bin +git clone https://github.com/wp-cli/wp-cli.git + +chown -R www-data:www-data wp-cli + +cd wp-cli/ +sudo -H -u www-data composer install + +# Fix terminal columns issue for WP CLI +/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' + +echo "= WP CLI installed successfully." + +exit 0; \ No newline at end of file diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 31730f63..1a0e2adc 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -62,11 +62,8 @@ wpcli="/usr/local/bin/wp" if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - # echo "Domain doesn't exist"; - exit 1; + COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') + echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS fi mkdir -p /home/$user/.wp-cli @@ -81,6 +78,12 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") cd /home/$USER/web/$domain/public_html sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +return_code=$? + +if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then + rm /usr/local/bin/wp-cli/COLUMNS +fi + # echo "WP CLI: Done." # echo "To see Warning/Error log: " # echo "cat /home/$user/web/$domain/wp-cli-error.log" @@ -89,4 +92,4 @@ sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pc # Vesta # #----------------------------------------------------------# -exit 0; +exit $return_code; From 2e2b4b2f58544c57aeaf2b0cfd6256af3d288195 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 19 Jun 2025 15:57:50 +0200 Subject: [PATCH 241/304] v-backup-user-now skip LA limit --- bin/v-backup-user | 3 +++ bin/v-backup-user-now | 1 + 2 files changed, 4 insertions(+) diff --git a/bin/v-backup-user b/bin/v-backup-user index 0db5d376..f6629c9e 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -22,6 +22,9 @@ source $VESTA/func/domain.sh source $VESTA/func/db.sh source $VESTA/conf/vesta.conf +if [ ! -z "$NOW" ]; then + BACKUP_LA_LIMIT=50 +fi #----------------------------------------------------------# # Verifications # diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now index 3a20b4ce..10eecd87 100644 --- a/bin/v-backup-user-now +++ b/bin/v-backup-user-now @@ -1,5 +1,6 @@ #!/bin/bash export ALLOW_BACKUP_ANYTIME='yes' +export NOW='yes' nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 From 761da8150b869df8392d2644a9a9e23a32a0cace Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 20 Jun 2025 17:54:04 +0200 Subject: [PATCH 242/304] Visual improvements for v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 0249efb7..44870b58 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -65,11 +65,12 @@ echo "For each admin choose: (d) delete, (c) change password, (s) skip." echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" while true; do - read -r -p "Action for $TARGET [d/c/s]? " ACT < /dev/tty + echo "-------------------------------------" + read -r -p "Action for \"$TARGET\" [d/c/s]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE $TARGET? (y/n) " CONF < /dev/tty - if [[ "$CONF" =~ ^[Yy]$ ]]; then + read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty + if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') if [ "${#OTHER_USERS[@]}" -eq 0 ]; then From 294c8ba516a3242d444b19c0156b874c9eb77027 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 21 Jun 2025 15:57:21 +0200 Subject: [PATCH 243/304] Setting chmod 600 for all php files --- ...hange-database-password-for-all-wordpress} | 2 +- ... v-change-database-password-for-wordpress} | 11 +++-- ...ns-pass => v-change-wordpress-admins-pass} | 16 +++++--- bin/{v-desinfect-wp => v-desinfect-wordpress} | 18 ++------ bin/v-fix-user-permissions | 1 + bin/v-fix-website-permissions | 26 ++++++++++-- ...v-fix-website-permissions-for-all-websites | 41 +++++++++++++++++++ bin/{v-fix-wp-core => v-fix-wordpress-core} | 0 bin/v-unlock-wordpress | 2 + 9 files changed, 90 insertions(+), 27 deletions(-) rename bin/{v-change-db-password-to-all-wordpress => v-change-database-password-for-all-wordpress} (93%) rename bin/{v-change-db-password-to-wordpress => v-change-database-password-for-wordpress} (92%) rename bin/{v-change-wp-admins-pass => v-change-wordpress-admins-pass} (93%) rename bin/{v-desinfect-wp => v-desinfect-wordpress} (77%) create mode 100644 bin/v-fix-website-permissions-for-all-websites rename bin/{v-fix-wp-core => v-fix-wordpress-core} (100%) diff --git a/bin/v-change-db-password-to-all-wordpress b/bin/v-change-database-password-for-all-wordpress similarity index 93% rename from bin/v-change-db-password-to-all-wordpress rename to bin/v-change-database-password-for-all-wordpress index b31edb80..ad922cc2 100644 --- a/bin/v-change-db-password-to-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -26,7 +26,7 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - /usr/local/vesta/bin/v-change-db-password-to-wordpress $domain + /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user echo "--------------------------------" fi done diff --git a/bin/v-change-db-password-to-wordpress b/bin/v-change-database-password-for-wordpress similarity index 92% rename from bin/v-change-db-password-to-wordpress rename to bin/v-change-database-password-for-wordpress index d7ce1782..e318edde 100644 --- a/bin/v-change-db-password-to-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -1,8 +1,8 @@ #!/bin/bash -# info: change db password to wordpress database +# info: change database password for wordpress # options: # -# The command is used for changing db password to wordpress database. +# The command is used for changing database password for wordpress. #----------------------------------------------------------# @@ -21,7 +21,12 @@ source /etc/profile # Argument definition domain=$1 -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi USER=$user if [ -z "$user" ]; then diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wordpress-admins-pass similarity index 93% rename from bin/v-change-wp-admins-pass rename to bin/v-change-wordpress-admins-pass index 44870b58..9028cd10 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wordpress-admins-pass @@ -59,14 +59,14 @@ echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do done echo -echo "For each admin choose: (d) delete, (c) change password, (s) skip." +echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit." # interactive loop -echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do +while IFS=',' read -r ID LOGIN EMAIL; do [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" while true; do echo "-------------------------------------" - read -r -p "Action for \"$TARGET\" [d/c/s]? " ACT < /dev/tty + read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty @@ -109,15 +109,20 @@ echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do echo "Skipping $TARGET." break ;; - * ) echo "Please answer d, c, or s." ;; + [Xx]* ) + echo "Exiting." + exit 0 + ;; + * ) echo "Please answer d, c, s, or x." ;; esac done -done +done <<< "$ADMIN_LIST_CSV" #----------------------------------------------------------# # flush cache and refresh all security salts # #----------------------------------------------------------# +echo "-------------------------------------" echo echo "Flushing cache and refreshing salts..." @@ -129,4 +134,5 @@ echo "Cache flushed and salts refreshed." echo echo "Done." + exit 0 diff --git a/bin/v-desinfect-wp b/bin/v-desinfect-wordpress similarity index 77% rename from bin/v-desinfect-wp rename to bin/v-desinfect-wordpress index e1ddc65d..4de2f779 100644 --- a/bin/v-desinfect-wp +++ b/bin/v-desinfect-wordpress @@ -27,25 +27,15 @@ if [ -z "$user" ]; then exit 1 fi -# choose the correct admin-password script (with or without the “s”) -if [ -x /usr/local/vesta/bin/v-change-wp-admin-pass ]; then - admin_pass_script="/usr/local/vesta/bin/v-change-wp-admin-pass" -elif [ -x /usr/local/vesta/bin/v-change-wp-admins-pass ]; then - admin_pass_script="/usr/local/vesta/bin/v-change-wp-admins-pass" -else - admin_pass_script="" -fi - # absolute paths to maintenance scripts, in desired order declare -a tasks=( - "/usr/local/vesta/bin/v-change-db-password-to-wordpress" - "/usr/local/vesta/bin/v-fix-wp-core" + "/usr/local/vesta/bin/v-change-database-password-for-wordpress" + "/usr/local/vesta/bin/v-change-wordpress-admins-pass" + "/usr/local/vesta/bin/v-fix-wordpress-core" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" + "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) -# append the admin script if we found one -[ -n "$admin_pass_script" ] && tasks+=("$admin_pass_script") - # -------------------------------------------------------- # # execution strategy # # -------------------------------------------------------- # diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index e55b5e0f..991ada62 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -52,6 +52,7 @@ find /home/$user/conf/ -type d -exec chown root:root {} \; find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; +find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} + echo "Done, permissions fixed for user: $user" diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index a63954eb..c79fe443 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -18,7 +18,13 @@ source /etc/profile # Argument definition domain=$1 -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user # Includes source /usr/local/vesta/func/main.sh @@ -27,8 +33,6 @@ if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" fi -USER=$user - #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# @@ -54,14 +58,28 @@ fi # Going to domain directory cd /home/$USER/web/$domain +# Ownership check +if [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + + echo "Updating permissions for /home/$USER/web/$domain/public_html/" find public_html/ -type d -exec chmod 755 {} + find public_html/ -type f -exec chmod 644 {} + chown -R $USER:$USER public_html/ +# Setting chmod 600 for all php files +echo "= Setting chmod 600 for all php files" +find -name "*.php" -type f -exec chmod 600 {} + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# echo "Permissions for $domain have been successfully updated." -exit +exit 0 diff --git a/bin/v-fix-website-permissions-for-all-websites b/bin/v-fix-website-permissions-for-all-websites new file mode 100644 index 00000000..9b1501bd --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites @@ -0,0 +1,41 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-wp-core b/bin/v-fix-wordpress-core similarity index 100% rename from bin/v-fix-wp-core rename to bin/v-fix-wordpress-core diff --git a/bin/v-unlock-wordpress b/bin/v-unlock-wordpress index 1e2cccc6..4a2c42c3 100644 --- a/bin/v-unlock-wordpress +++ b/bin/v-unlock-wordpress @@ -58,6 +58,8 @@ chown -R $user:$user public_html/ rm public_html/wp-content/uploads/.htaccess +/usr/local/vesta/bin/v-fix-website-permissions $domain + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# From 97e5fc06772b9dec38f9989ac5eff7c91e5c6674 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 21 Jun 2025 17:26:32 +0200 Subject: [PATCH 244/304] v-change-database-password-for-all-wordpress: Using existing password for $db_user --- ...change-database-password-for-all-wordpress | 5 +++++ bin/v-change-database-password-for-wordpress | 22 +++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index ad922cc2..e129497c 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -19,6 +19,8 @@ source $VESTA/func/main.sh # Action # #----------------------------------------------------------# +touch /root/remember-db-user-pass.txt + for user in $(grep '@' /etc/passwd |cut -f1 -d:); do if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then continue; @@ -33,6 +35,9 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do done +# cat /root/remember-db-user-pass.txt +rm /root/remember-db-user-pass.txt + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index e318edde..dd7a3a91 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -69,10 +69,28 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then chown $user:$user $wp_config_path fi db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") - new_password=$(generate_password) + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") + new_password='' + found_existing_password=0 + if [ -f "/root/remember-db-user-pass.txt" ]; then + db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt) + if [ -n "$db_user_pass" ]; then + new_password=$(echo "$db_user_pass" | cut -d':' -f2) + echo "= Using existing password for $db_user" + found_existing_password=1 + fi + fi + + if [ -z "$new_password" ]; then + new_password=$(generate_password) + fi + echo "DB name: $db_name" + echo "DB user: $db_user" echo "New DB password: $new_password" - # echo "executing: /usr/local/vesta/bin/v-change-database-password \"$user\" \"$db_name\" \"$new_password\"" + if [ $found_existing_password -eq 0 ] && [ -f "/root/remember-db-user-pass.txt" ]; then + echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt + fi /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" if [ $? -ne 0 ]; then echo "*************** ERROR: Failed to change database password ***************" From fd6eb44bae7fa3852f7465084a57a1d485fca533 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 22 Jun 2025 22:45:19 +0200 Subject: [PATCH 245/304] .gitignore: exclude data, conf, log --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 6701a887..fe0574ad 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ *.gz .vscode .DS_Store +data +conf +log \ No newline at end of file From d37473b5e86b4f890b276d2d2f7df19e3e131a8c Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 22 Jun 2025 23:53:53 +0200 Subject: [PATCH 246/304] Using v-wp-cli in v-change-wordpress-admin-passwords --- ...ins-pass => v-change-wordpress-admin-passwords} | 14 ++------------ bin/v-desinfect-wordpress | 2 +- 2 files changed, 3 insertions(+), 13 deletions(-) rename bin/{v-change-wordpress-admins-pass => v-change-wordpress-admin-passwords} (89%) diff --git a/bin/v-change-wordpress-admins-pass b/bin/v-change-wordpress-admin-passwords similarity index 89% rename from bin/v-change-wordpress-admins-pass rename to bin/v-change-wordpress-admin-passwords index 9028cd10..5a6a4e3f 100644 --- a/bin/v-change-wordpress-admins-pass +++ b/bin/v-change-wordpress-admin-passwords @@ -5,6 +5,7 @@ # d → delete user (with content reassignment) # c → change password (random 10-char alnum) # s → skip +# x → exit #----------------------------------------------------------# # Variable & Function # @@ -22,19 +23,8 @@ USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" WP_PATH="/home/$USER/web/$DOMAIN/public_html" [ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } -# ensure WP-CLI binary -if ! command -v wp >/dev/null 2>&1; then - echo "WP-CLI is not installed, installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp -fi - -PHPVER=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$DOMAIN") -PHP_BIN=$(command -v "php$PHPVER" 2>/dev/null || command -v php) -[ -z "$PHP_BIN" ] && { echo "Could not find a PHP binary."; exit 1; } - # WP-CLI wrapper -WP_RUN=(sudo -u "$USER" "$PHP_BIN" /usr/local/bin/wp --skip-plugins --skip-themes) +WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' Date: Mon, 23 Jun 2025 15:55:28 +0200 Subject: [PATCH 247/304] v-change-wordpress-admin-passwords: default = y --- bin/v-change-wordpress-admin-passwords | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 5a6a4e3f..c51c9270 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -59,7 +59,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty + read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') From 09465e5fba65dbff78f89cbc39991ff669c42983 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 23 Jun 2025 21:53:55 +0200 Subject: [PATCH 248/304] v-change-database-password-for-all-wordpress: first optional argument to specify a $user --- bin/v-change-database-password-for-all-wordpress | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index e129497c..2741e960 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -15,6 +15,11 @@ source /etc/profile # Includes source $VESTA/func/main.sh +only_user=''; +if [ ! -z "$1" ]; then + only_user=$1 +fi + #----------------------------------------------------------# # Action # #----------------------------------------------------------# @@ -26,6 +31,12 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do continue; fi + if [ ! -z "$only_user" ]; then + if [ "$only_user" != "$user" ]; then + continue; + fi + fi + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user @@ -33,6 +44,10 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do fi done + if [ ! -z "$only_user" ]; then + break; + fi + done # cat /root/remember-db-user-pass.txt From f77f8e8b784e6a138d90a61cdbf7e7ea5f83eff3 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 24 Jun 2025 15:37:21 +0200 Subject: [PATCH 249/304] $SKIP_OWNERSHIP_CHECK in v-fix-website-permissions, v-fix-wordpress-core --- bin/v-fix-website-permissions | 2 +- bin/v-fix-wordpress-core | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index c79fe443..0131b7c8 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -59,7 +59,7 @@ fi cd /home/$USER/web/$domain # Ownership check -if [ -f "public_html/index.php" ]; then +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then owner=$(stat -c '%U' "public_html/index.php") if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 1dd87b71..2549017b 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -84,7 +84,7 @@ for f in "$SITE_PATH"/*.php; do mv "$f" "$BACKUP_DIR/" done -chown -R www-data:www-data "$BACKUP_DIR" +# chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -100,8 +100,8 @@ for corephp in "$CACHE_PATH"/*.php; do done # fix permissions -/usr/local/vesta/bin/v-fix-website-permissions $DOMAIN -chown -R www-data:www-data "$BACKUP_DIR" +SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN +# chown -R www-data:www-data "$BACKUP_DIR" echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" exit From 451c9944b90f4d48ffb10e9788e827f6dd768a0b Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 25 Jun 2025 17:32:23 +0200 Subject: [PATCH 250/304] v-fix-wordpress-core: move .user.ini --- bin/v-fix-wordpress-core | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 2549017b..7a511747 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -83,6 +83,9 @@ for f in "$SITE_PATH"/*.php; do [[ $(basename "$f") == "wp-config.php" ]] && continue mv "$f" "$BACKUP_DIR/" done +if [ -f "$SITE_PATH/.user.ini" ]; then + mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/" +fi # chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null From e8b5b5a836662d2c07f2d0fc3cf704d585a504bc Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 26 Jun 2025 18:05:11 +0200 Subject: [PATCH 251/304] v-update-document-errors-files --- bin/v-update-document-errors-files | 48 ++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 bin/v-update-document-errors-files diff --git a/bin/v-update-document-errors-files b/bin/v-update-document-errors-files new file mode 100644 index 00000000..c044a80a --- /dev/null +++ b/bin/v-update-document-errors-files @@ -0,0 +1,48 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html + chown $user:$user /home/$user/web/$domain/document_errors/* + chmod 644 /home/$user/web/$domain/document_errors/* + done + +done + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit From 6cce5ecadda43c4ac94a1a094ed67111ff8fde0d Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 26 Jun 2025 22:26:14 +0200 Subject: [PATCH 252/304] chmod .env files to 600 --- bin/v-fix-website-permissions | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 0131b7c8..7dd36a62 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -76,6 +76,7 @@ chown -R $USER:$USER public_html/ # Setting chmod 600 for all php files echo "= Setting chmod 600 for all php files" find -name "*.php" -type f -exec chmod 600 {} + +find -name ".env" -type f -exec chmod 600 {} + #----------------------------------------------------------# # Vesta # From 1567383b4923b9f2ac567223e5ccfdd9e2f996a8 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 28 Jun 2025 16:49:18 +0200 Subject: [PATCH 253/304] v-run-wp-cli: Parameter 'PHP' to force specified PHP version --- bin/v-run-wp-cli | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 1a0e2adc..d03afc6a 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -69,7 +69,11 @@ fi mkdir -p /home/$user/.wp-cli chown $user:$user /home/$user/.wp-cli -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +if [ -z "$PHP" ]; then + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +else + phpver=$PHP +fi #----------------------------------------------------------# # Action # From 2fd60fc29d7ca08dc0bbe03b8b09e1ed0053e972 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 29 Jun 2025 17:16:50 +0200 Subject: [PATCH 254/304] VERBOSE_MODE in v-run-wp-cli --- bin/v-run-wp-cli | 3 +++ func/main.sh | 3 +++ 2 files changed, 6 insertions(+) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index d03afc6a..ef4f6e10 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -36,10 +36,13 @@ fi # Verifications # #----------------------------------------------------------# +VERBOSE_MODE=1 + check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' is_format_valid 'domain' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" +is_object_unsuspended 'web' 'DOMAIN' "$domain" if [ ! -d "/home/$user" ]; then # echo "User doesn't exist"; diff --git a/func/main.sh b/func/main.sh index 03773920..27c4dcbe 100644 --- a/func/main.sh +++ b/func/main.sh @@ -254,6 +254,9 @@ is_object_unsuspended() { spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'") fi if [ ! -z "$spnd" ]; then + if [ ! -z "$VERBOSE_MODE" ]; then + echo "Error: $(basename $1) $3 is suspended" + fi check_result $E_SUSPENDED "$(basename $1) $3 is suspended" fi } From b8b75f0dde93a0304b6306c83664f97a33a3771d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 29 Jun 2025 00:59:18 +0200 Subject: [PATCH 255/304] v-change-wordpress-admin-passwords --- bin/v-change-wordpress-admin-passwords | 46 ++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index c51c9270..89122a2d 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -25,6 +25,13 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" # WP-CLI wrapper WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) + --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2) [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } printf "%-6s %-20s %s\n" "ID" "Username" "Email" @@ -59,7 +70,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty + # read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty + CONF="y" if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') @@ -70,7 +82,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do DEFAULT_USER="${OTHER_USERS[0]}" echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do - read -r -p "Reassign content to which username? [default $DEFAULT_USER] " REASSIGN < /dev/tty + read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break @@ -79,8 +91,13 @@ while IFS=',' read -r ID LOGIN EMAIL; do fi done # delete by username, reassign by username - "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes >/dev/null 2>&1 - echo "$TARGET deleted (content reassigned to $REASSIGN)." + "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes + if [ $? -eq 0 ]; then + echo "$TARGET deleted (content reassigned to $REASSIGN)." + else + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + echo "Failed to delete $TARGET." + fi else echo "Deletion cancelled." fi @@ -88,9 +105,14 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - if "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --quiet; then - echo "Password for $TARGET changed to: $NEW_PASS" + "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --skip-plugins --skip-themes + if [ $? -eq 0 ]; then + echo "Password for username '$TARGET' changed to: $NEW_PASS" + echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt else + cat /home/$USER/web/$DOMAIN/wp-cli-error.log echo "Failed to change password for $TARGET." fi break @@ -125,4 +147,14 @@ echo "Cache flushed and salts refreshed." echo echo "Done." +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "-------------------------------------" + echo "For website $DOMAIN - new wp-admin passwords have been set." + echo "-------------------------------------" + cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + echo "-------------------------------------" + echo "" + read -r -p "== Press Enter to continue..." +fi + exit 0 From d20bc94866c2891ff96e669cc9143f9972a9a196 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 1 Jul 2025 10:03:32 +0200 Subject: [PATCH 256/304] v-fix-website-permissions: chown for .php and .env files --- bin/v-fix-website-permissions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 7dd36a62..3a73d13a 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -77,6 +77,8 @@ chown -R $USER:$USER public_html/ echo "= Setting chmod 600 for all php files" find -name "*.php" -type f -exec chmod 600 {} + find -name ".env" -type f -exec chmod 600 {} + +find -name "*.php" -type f -exec chown $USER:$USER {} + +find -name ".env" -type f -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From 54abc58c4e96c45173554dc351e94f8f11c8796d Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 10 Jul 2025 17:49:15 +0200 Subject: [PATCH 257/304] v-change-wordpress-admin-passwords: accept integer as id of user, support for custom php version --- bin/v-change-wordpress-admin-passwords | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 89122a2d..c81cbfcb 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -24,7 +24,12 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" [ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } # WP-CLI wrapper -WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +if [ ! -z "$PHP" ]; then + WP_RUN=(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +else + WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +fi + return_code=$? if [ $return_code -ne 0 ]; then @@ -86,9 +91,11 @@ while IFS=',' read -r ID LOGIN EMAIL; do REASSIGN=${REASSIGN:-$DEFAULT_USER} if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break - else - echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" fi + if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then + break + fi + echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes From acc87125f09083b5d171a5c9f7505a3c5b9a6b00 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 10:34:38 +0200 Subject: [PATCH 258/304] v-change-wordpress-admin-passwords: ability to run v-run-wp-cli on choosen PHP version --- bin/v-change-wordpress-admin-passwords | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index c81cbfcb..1802bd9f 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -25,9 +25,9 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" # WP-CLI wrapper if [ ! -z "$PHP" ]; then - WP_RUN=(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" else - WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" fi return_code=$? @@ -54,9 +54,9 @@ if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt fi -ADMIN_LIST_CSV=$("${WP_RUN[@]}" user list --role=administrator \ - --fields=ID,user_login,user_email \ - --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2) +RUN="$WP_RUN user list --role=administrator --fields=ID,user_login,user_email --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2" +ADMIN_LIST_CSV=$(eval "$RUN") + [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } printf "%-6s %-20s %s\n" "ID" "Username" "Email" @@ -98,7 +98,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username - "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes + RUN="$WP_RUN user delete $LOGIN --reassign=$REASSIGN --yes --skip-plugins --skip-themes" + eval "$RUN" if [ $? -eq 0 ]; then echo "$TARGET deleted (content reassigned to $REASSIGN)." else @@ -112,7 +113,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --skip-plugins --skip-themes + RUN="$WP_RUN user update $LOGIN --user_pass=$NEW_PASS --skip-plugins --skip-themes" + eval "$RUN" if [ $? -eq 0 ]; then echo "Password for username '$TARGET' changed to: $NEW_PASS" echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt @@ -145,9 +147,12 @@ echo "-------------------------------------" echo echo "Flushing cache and refreshing salts..." -"${WP_RUN[@]}" cache flush -"${WP_RUN[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force -"${WP_RUN[@]}" config shuffle-salts +RUN="$WP_RUN cache flush" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts" +eval "$RUN" echo "Cache flushed and salts refreshed." From 420a978572585868477bd6a32f6b2ccb64ea21dc Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 11:41:28 +0200 Subject: [PATCH 259/304] v-install-wordpress: Support for IDN format domains --- bin/v-install-wordpress | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 202919d0..3f21d172 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -57,8 +57,17 @@ if [ -z "$database" ]; then fi fi +# Convert domain to IDN if available +if command -v idn2 >/dev/null 2>&1; then + database=$(idn2 "$database") + idn_domain=$(idn2 "$domain") +elif command -v idn >/dev/null 2>&1; then + database=$(idn "$database") + idn_domain=$(idn "$domain") +fi + if [ -z "$email" ]; then - email="info@$domain"; + email="info@$idn_domain"; fi if [ ! -d "/home/$user" ]; then From bf54a85a51fd391b8d17b1483ff54bd9dab1dbf4 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 16:37:09 +0200 Subject: [PATCH 260/304] Added functions to check if a domain or user is unsuspended in main.sh --- func/main.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/func/main.sh b/func/main.sh index 27c4dcbe..4dfc087b 100644 --- a/func/main.sh +++ b/func/main.sh @@ -1236,3 +1236,26 @@ parse_object_kv_list_non_eval() { fi done } + +# Return OK (0) if domain is unsupended +# Parameters: +# $1 - user +# $2 - domain +return_ok_if_domain_is_unsuspended() { + spnd=$(grep "DOMAIN='$2'" /usr/local/vesta/data/users/$1/web.conf | grep "SUSPENDED='yes'") + if [ ! -z "$spnd" ]; then + return $E_SUSPENDED + fi + return $OK +} + +# Return OK (0) if user is unsupended +# Parameters: +# $1 - user +return_ok_if_user_is_unsuspended() { + spnd=$(cat /usr/local/vesta/data/users/$1/user.conf | grep "SUSPENDED='yes'") + if [ ! -z "$spnd" ]; then + return $E_SUSPENDED + fi + return $OK +} From cdf10aede168cde0e17e7f418855dc8c751497e1 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 12 Jul 2025 14:07:08 +0200 Subject: [PATCH 261/304] v-change-wordpress-admin-passwords: enhance admin reassignment logic to handle default user selection --- bin/v-change-wordpress-admin-passwords | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 1802bd9f..591ff27c 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -59,9 +59,14 @@ ADMIN_LIST_CSV=$(eval "$RUN") [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } +DEFAULT_USER="" + printf "%-6s %-20s %s\n" "ID" "Username" "Email" echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" + if [ "$PID" = "1" ]; then + DEFAULT_USER="$PLOGIN" + fi done echo @@ -84,11 +89,14 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Cannot delete the only administrator account." break fi - DEFAULT_USER="${OTHER_USERS[0]}" + if [ "$DEFAULT_USER" = "" ]; then + DEFAULT_USER="${OTHER_USERS[0]}" + fi echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} + DEFAULT_USER=$REASSIGN if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break fi From aa6263c0ac49f9fbfabc383d375acada9c834240 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:25:07 +0200 Subject: [PATCH 262/304] Create wprocket-webp-express-force-https.stpl WEBP Express NGINX support with Rocket-NGINX --- .../wprocket-webp-express-force-https.stpl | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl new file mode 100644 index 00000000..0d3eca17 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %sdocroot%; + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + + # Serve WebP if browser supports it + location ~* ^/wp-content/.*\.(png|jpe?g)$ { + add_header Vary Accept; + expires 365d; + + if ($http_accept !~* "webp") { + break; + } + + try_files + /wp-content/webp-express/webp-images/doc-root/$uri.webp + $uri.webp + @webp_on_demand; + } + + # Route .webp requests to converter if not found + location @webp_on_demand { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow .webp passthrough (trigger php fallback if not found) + location ~* ^/wp-content/.*\.(png|jpe?g)\.webp$ { + try_files + $uri + @webp_realizer; + } + + location @webp_realizer { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow PHP access to WebP Express WOD handler + location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { + proxy_pass https://148.113.209.199:8443; + } + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} From 59db959b9a0670575f13dfb11eb8d9ebe07f3dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:26:08 +0200 Subject: [PATCH 263/304] Update wprocket-webp-express-force-https.stpl --- .../wprocket-webp-express-force-https.stpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl index 0d3eca17..d504a6a1 100644 --- a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -43,7 +43,7 @@ server { # Allow PHP access to WebP Express WOD handler location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { - proxy_pass https://148.113.209.199:8443; + proxy_pass https://%ip%:%web_ssl_port%; } location / { From 7511baa62863537d4f75d60712fbe1800dcb8b57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:27:04 +0200 Subject: [PATCH 264/304] Create wprocket-webp-express-force-https.tpl --- .../wprocket-webp-express-force-https.tpl | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From a48621a88ec17c38753380276f63d829ed1ddc02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 19:00:48 +0200 Subject: [PATCH 265/304] Update wprocket-webp-express-force-https.stpl rocket include must go bellow webp rules --- .../wprocket-webp-express-force-https.stpl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl index d504a6a1..2a6a7671 100644 --- a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -7,8 +7,6 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; root %sdocroot%; - # Rocket-Nginx configuration - include rocket-nginx/conf.d/default.conf; # Serve WebP if browser supports it location ~* ^/wp-content/.*\.(png|jpe?g)$ { @@ -45,7 +43,10 @@ server { location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { proxy_pass https://%ip%:%web_ssl_port%; } - + + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + location / { proxy_pass https://%ip%:%web_ssl_port%; } From 29236cfb03b050df39bce02f8a113e3529d5fd3d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 13 Jul 2025 22:16:46 +0200 Subject: [PATCH 266/304] Enhance proxy template selection in v-activate-rocket-nginx to include wprocket-webp-express-force-https option and update install script to download corresponding templates. --- bin/v-activate-rocket-nginx | 12 +++++++----- src/deb/for-download/tools/install-rocket-nginx.sh | 2 ++ .../wprocket-webp-express-force-https.tpl | 8 ++++++++ 3 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx index de8f6c5f..8b562c9b 100644 --- a/bin/v-activate-rocket-nginx +++ b/bin/v-activate-rocket-nginx @@ -75,18 +75,20 @@ fi # Changing Proxy Template # Check if the proxy template is already set correctly current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}') -if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ]; then +if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then echo "Proxy Template is already set up correctly" else # Prompt the user to choose whether to force HTTPS or not - echo "Do you want to force-https in your Proxy Template or not (y/n):" + echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):" read answer # Change the proxy template based on the user's choice - if [ "$answer" == "y" ]; then - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" - else + if [ "$answer" == "h" ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting" + elif [ "$answer" == "f" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" + elif [ "$answer" == "w" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https" fi echo "Proxy Template is ready" diff --git a/src/deb/for-download/tools/install-rocket-nginx.sh b/src/deb/for-download/tools/install-rocket-nginx.sh index 47768b11..ca1f8b2a 100644 --- a/src/deb/for-download/tools/install-rocket-nginx.sh +++ b/src/deb/for-download/tools/install-rocket-nginx.sh @@ -4,6 +4,8 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl h wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl echo "Updating apt, please wait..." apt-get update > /dev/null 2>&1 diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From 98600537fc54e76f67633a4bb9ec8fcb952d173c Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 16:32:21 +0200 Subject: [PATCH 267/304] v-change-wordpress-admin-passwords: modified user deletion and password update commands to use user ID instead of username. --- bin/v-add-wordpress-admin | 5 +++++ bin/v-change-wordpress-admin-passwords | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 3814e51a..67f58bf4 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -12,6 +12,11 @@ if [ "$whoami" != "root" ]; then exit 1 fi +if [ "$#" -lt 4 ]; then + echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]" + exit 1 +fi + # Importing system environment source /etc/profile diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 591ff27c..ba3dec2b 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -106,7 +106,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username - RUN="$WP_RUN user delete $LOGIN --reassign=$REASSIGN --yes --skip-plugins --skip-themes" + RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes" eval "$RUN" if [ $? -eq 0 ]; then echo "$TARGET deleted (content reassigned to $REASSIGN)." @@ -121,7 +121,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - RUN="$WP_RUN user update $LOGIN --user_pass=$NEW_PASS --skip-plugins --skip-themes" + RUN="$WP_RUN user update $ID --user_pass=$NEW_PASS --skip-plugins --skip-themes" eval "$RUN" if [ $? -eq 0 ]; then echo "Password for username '$TARGET' changed to: $NEW_PASS" @@ -147,6 +147,18 @@ while IFS=',' read -r ID LOGIN EMAIL; do done done <<< "$ADMIN_LIST_CSV" +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "-------------------------------------" + echo + read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty + if [ -z "$SAVE_PASSWORDS" ]; then + SAVE_PASSWORDS="n" + fi + if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then + rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + fi +fi + #----------------------------------------------------------# # flush cache and refresh all security salts # #----------------------------------------------------------# From 1571d60b2f96c99bc386ee102b9599b6c98da87e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 17:16:25 +0200 Subject: [PATCH 268/304] Update v-fix-website-permissions to allow dynamic php file permissions based on user-defined settings --- bin/v-fix-website-permissions | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 3a73d13a..4b92df2f 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -73,10 +73,15 @@ find public_html/ -type d -exec chmod 755 {} + find public_html/ -type f -exec chmod 644 {} + chown -R $USER:$USER public_html/ +php_chmod="600" +if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) +fi + # Setting chmod 600 for all php files echo "= Setting chmod 600 for all php files" -find -name "*.php" -type f -exec chmod 600 {} + -find -name ".env" -type f -exec chmod 600 {} + +find -name "*.php" -type f -exec chmod $php_chmod {} + +find -name ".env" -type f -exec chmod $php_chmod {} + find -name "*.php" -type f -exec chown $USER:$USER {} + find -name ".env" -type f -exec chown $USER:$USER {} + From ca9a93982343928a696f54db2d9713348a42e04e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 18:17:43 +0200 Subject: [PATCH 269/304] Refactor v-change-wordpress-admin-passwords to streamline admin list processing by using a here-string for input --- bin/v-change-wordpress-admin-passwords | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index ba3dec2b..7c4fabdb 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -62,12 +62,12 @@ ADMIN_LIST_CSV=$(eval "$RUN") DEFAULT_USER="" printf "%-6s %-20s %s\n" "ID" "Username" "Email" -echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do +while IFS=',' read -r PID PLOGIN PEMAIL; do printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" if [ "$PID" = "1" ]; then DEFAULT_USER="$PLOGIN" fi -done +done <<< "$ADMIN_LIST_CSV" echo echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit." From f16c7e4c3fff4aa83ee4640f9608dee16b73530b Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 13:12:20 +0200 Subject: [PATCH 270/304] New command: v-delete-inactive-wordpress-plugins-and-themes --- ...lete-inactive-wordpress-plugins-and-themes | 165 ++++++++++++++++++ bin/v-desinfect-wordpress | 1 + 2 files changed, 166 insertions(+) create mode 100644 bin/v-delete-inactive-wordpress-plugins-and-themes diff --git a/bin/v-delete-inactive-wordpress-plugins-and-themes b/bin/v-delete-inactive-wordpress-plugins-and-themes new file mode 100644 index 00000000..e9b1715c --- /dev/null +++ b/bin/v-delete-inactive-wordpress-plugins-and-themes @@ -0,0 +1,165 @@ +#!/bin/bash +# info: delete inactive WordPress plugins and themes +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +# WP-CLI wrapper +if [ ! -z "$PHP" ]; then + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +else + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +fi + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 +echo "Inactive WordPress plugins for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes" +PLUGINS_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2) + +DEACTIVATED_PLUGINS_LIST_CSV="" + +if [ ! -z "$PLUGINS_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME" + fi + done <<< "$PLUGINS_LIST_CSV" +else + echo "No plugins found." +fi + +if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME" + file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php" + if [ -d "$folder" ] || [ -f "$file" ]; then + destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN" + if [ -d "$folder" ]; then + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + elif [ -f "$file" ]; then + source_path="$file" + destination_path="$destination_base_folder/$NAME.php" + fi + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + if [ -f "$destination_path" ]; then + echo "= File $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder or file $file not found - it does not exist?" + fi + fi + done <<< "$PLUGINS_LIST_CSV" + fi +fi + +echo "" +echo "Inactive WordPress themes for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes" +THEMES_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2) + +DEACTIVATED_THEMES_LIST_CSV="" + +if [ ! -z "$THEMES_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME" + fi + done <<< "$THEMES_LIST_CSV" +else + echo "No themes found." +fi + +if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME" + if [ -d "$folder" ]; then + destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN" + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder not found - it does not exist?" + fi + fi + done <<< "$THEMES_LIST_CSV" + fi +fi + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All deactivated plugins and themes moved to quarantine." + echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN" +else + echo "= No deactivated plugins or themes found." +fi +exit 0; diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index 04583c1e..dbcda395 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -32,6 +32,7 @@ declare -a tasks=( "/usr/local/vesta/bin/v-change-database-password-for-wordpress" "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" "/usr/local/vesta/bin/v-fix-wordpress-core" + "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) From 7191baa1c9edcb812b4e79431ae46f729d843c6b Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 13:53:20 +0200 Subject: [PATCH 271/304] v-change-wordpress-admin-passwords: improve error handling --- bin/v-change-wordpress-admin-passwords | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 7c4fabdb..6ab4ad0e 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -30,14 +30,6 @@ else WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" fi -return_code=$? - -if [ $return_code -ne 0 ]; then - echo "WP-CLI error:" - cat /home/$USER/web/$DOMAIN/wp-cli-error.log - exit $return_code -fi - # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' Date: Tue, 15 Jul 2025 17:48:08 +0200 Subject: [PATCH 272/304] v-fix-website-permissions: only modify those that are not already set correctly --- bin/v-fix-website-permissions | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 4b92df2f..03798a15 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,9 +69,9 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d -exec chmod 755 {} + -find public_html/ -type f -exec chmod 644 {} + -chown -R $USER:$USER public_html/ +find public_html/ -type d ! -perm 755 -exec chmod 755 {} + +find public_html/ -type f ! -perm 644 -exec chmod 644 {} + +find public_html/ ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" if [ -f "/home/$USER/web/$domain/php_chmod" ]; then @@ -79,11 +79,11 @@ if [ -f "/home/$USER/web/$domain/php_chmod" ]; then fi # Setting chmod 600 for all php files -echo "= Setting chmod 600 for all php files" -find -name "*.php" -type f -exec chmod $php_chmod {} + -find -name ".env" -type f -exec chmod $php_chmod {} + -find -name "*.php" -type f -exec chown $USER:$USER {} + -find -name ".env" -type f -exec chown $USER:$USER {} + +echo "= Setting chmod $php_chmod for all php files" +find -name "*.php" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -name ".env" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + +find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From b88f0e56bf8e33ca6d77c0fbd0c419881452960e Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 18:44:02 +0200 Subject: [PATCH 273/304] New command: v-delete-wordpress-uploads-php-files --- bin/v-delete-wordpress-uploads-php-files | 70 ++++++++++++++++++++++++ bin/v-desinfect-wordpress | 1 + 2 files changed, 71 insertions(+) create mode 100644 bin/v-delete-wordpress-uploads-php-files diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files new file mode 100644 index 00000000..4ef12f1e --- /dev/null +++ b/bin/v-delete-wordpress-uploads-php-files @@ -0,0 +1,70 @@ +#!/bin/bash +# info: delete PHP files from WordPress uploads folder +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 + +files=$(find wp-content/uploads/ -type f -name "*.php") + +if [ -z "$files" ]; then + echo "= No PHP files found in WordPress uploads folder." + exit 0; +fi + +echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :" +echo "-------------------------------------" +echo "$files" +echo "-------------------------------------" + +while true; do + read -r -p "Do you want to delete these files? (y/n): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" + break; + fi + if [ "$RESPONSE" == "n" ] || [ "$RESPONSE" == "N" ]; then + break; + fi +done + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All PHP files moved to quarantine." + echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN" +else + echo "= No PHP files found in WordPress uploads folder." +fi + +exit 0; \ No newline at end of file diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index dbcda395..fcdc2f66 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -33,6 +33,7 @@ declare -a tasks=( "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" "/usr/local/vesta/bin/v-fix-wordpress-core" "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" + "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) From 29f030205e05648c1e82a110837fc892b4e4edf0 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 12:50:25 +0200 Subject: [PATCH 274/304] v-fix-website-permissions: exclude specific file types from permission changes to avoid altering 'Change' file attribute --- bin/v-fix-website-permissions | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 03798a15..bc0d1ba5 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,8 +69,8 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d ! -perm 755 -exec chmod 755 {} + -find public_html/ -type f ! -perm 644 -exec chmod 644 {} + +find public_html/ -type d ! \( -name "*.php" -o -name "*.env" \) ! -perm 755 -exec chmod 755 {} + +find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + find public_html/ ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" @@ -80,8 +80,7 @@ fi # Setting chmod 600 for all php files echo "= Setting chmod $php_chmod for all php files" -find -name "*.php" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + -find -name ".env" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + From a5f2e6acd5b78fe24c2d791c31dcbd0aa5554ec2 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 12:52:43 +0200 Subject: [PATCH 275/304] v-fix-website-permissions: exclude specific file types from permission changes to avoid altering 'Change' file attribute --- bin/v-fix-website-permissions | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index bc0d1ba5..93b9d662 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,20 +69,24 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d ! \( -name "*.php" -o -name "*.env" \) ! -perm 755 -exec chmod 755 {} + +# Fixing permissions +find public_html/ -type d ! -perm 755 -exec chmod 755 {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + -find public_html/ ! -user $USER -exec chown $USER:$USER {} + +# Fixing ownership +find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + +find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" if [ -f "/home/$USER/web/$domain/php_chmod" ]; then php_chmod=$(cat /home/$USER/web/$domain/php_chmod) fi -# Setting chmod 600 for all php files -echo "= Setting chmod $php_chmod for all php files" +# Setting chmod 600 for all .php and .env files +echo "= Setting chmod $php_chmod for all .php and .env files" +# Fixing permissions find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + -find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + -find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + +# Fixing ownership +find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From 3801e8d6cf43ecbeb52e1de97ea1c2e137799112 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 13:57:37 +0200 Subject: [PATCH 276/304] v-delete-wordpress-uploads-php-files: set default response to 'yes' for moving files to quarantine --- bin/v-delete-wordpress-uploads-php-files | 34 ++++++++++-------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files index 4ef12f1e..ce72c0c4 100644 --- a/bin/v-delete-wordpress-uploads-php-files +++ b/bin/v-delete-wordpress-uploads-php-files @@ -38,26 +38,20 @@ echo "-------------------------------------" echo "$files" echo "-------------------------------------" -while true; do - read -r -p "Do you want to delete these files? (y/n): " RESPONSE < /dev/tty - if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ]; then - for file in $files; do - source_file="/home/$USER/web/$DOMAIN/public_html/$file" - destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" - destination_folder=$(dirname "$destination_file") - mkdir -p "$destination_folder" - chown $USER:$USER "$destination_folder" - mv "$source_file" "$destination_file" - echo "= File $source_file moved to $destination_file" - quarantined=1; - done - chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" - break; - fi - if [ "$RESPONSE" == "n" ] || [ "$RESPONSE" == "N" ]; then - break; - fi -done +read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty +if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" +fi echo "" if [ $quarantined -eq 1 ]; then From 403dd654009a7afb2d953c9f0fe8d2d0fa02f358 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 15:35:46 +0200 Subject: [PATCH 277/304] v-change-database-password-for-wordpress: enhance database name and user retrieval to support both single and double quotes in wp-config.php --- bin/v-change-database-password-for-wordpress | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index dd7a3a91..0c84f80b 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -70,6 +70,12 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then fi db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") + if [ -z "$db_name" ]; then + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+") + fi + if [ -z "$db_user" ]; then + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+") + fi new_password='' found_existing_password=0 if [ -f "/root/remember-db-user-pass.txt" ]; then From a976a3bc3f0d46f28059e2df3fcc84501846f9b8 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 17:53:38 +0200 Subject: [PATCH 278/304] v-change-database-password-for-wordpress: fixing a bug in temporary password storage --- bin/v-change-database-password-for-all-wordpress | 4 +++- bin/v-change-database-password-for-wordpress | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index 2741e960..1a364307 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -51,7 +51,9 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do done # cat /root/remember-db-user-pass.txt -rm /root/remember-db-user-pass.txt +if [ -f "/root/remember-db-user-pass.txt" ]; then + rm /root/remember-db-user-pass.txt +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index 0c84f80b..7f31b181 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -94,8 +94,11 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then echo "DB name: $db_name" echo "DB user: $db_user" echo "New DB password: $new_password" - if [ $found_existing_password -eq 0 ] && [ -f "/root/remember-db-user-pass.txt" ]; then + if [ $found_existing_password -eq 0 ]; then + touch /root/remember-db-user-pass.txt echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt + chown root:root /root/remember-db-user-pass.txt + chmod 600 /root/remember-db-user-pass.txt fi /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" if [ $? -ne 0 ]; then @@ -126,4 +129,4 @@ fi # Logging log_event "$OK" "$ARGUMENTS" -exit +exit 0; From 9eade5a7df4759d0d4a90862fe1e1892f74e8e58 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 19:21:18 +0200 Subject: [PATCH 279/304] v-fix-wordpress-core: support for custom PHP version --- bin/v-fix-wordpress-core | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 7a511747..2bcd6c34 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -37,7 +37,12 @@ TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace trap 'rm -rf "$TMP_DIR"' EXIT # 1etermine WP version -WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +if [ -z "$PHP" ]; then + WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +else + WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +fi + check_result $? "cannot detect WP version" > /dev/null if [ -z "$WP_VERSION" ]; then check_result 1 "empty WP version string" From f64968ba918e10040325315eaaa5e8f09657d72b Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 17 Jul 2025 14:36:37 +0200 Subject: [PATCH 280/304] v-change-wordpress-admin-passwords: add option to skip content reassignment during user deletion --- bin/v-change-wordpress-admin-passwords | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 6ab4ad0e..eae5b078 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -81,6 +81,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do while true; do echo "-------------------------------------" read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty + skip=0; case "$ACT" in [Dd]* ) # read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty @@ -97,17 +98,25 @@ while IFS=',' read -r ID LOGIN EMAIL; do fi echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do - read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty + read -r -p "Reassign content to which username? [default: $DEFAULT_USER, s: skip] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} DEFAULT_USER=$REASSIGN if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break fi + if [[ "$REASSIGN" =~ ^[Ss]$ ]]; then + echo "Skipping reassignment." + skip=1; + break + fi if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then break fi echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done + if [ $skip -eq 1 ]; then + break + fi # delete by username, reassign by username RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes" eval "$RUN" From 7799cd3322e4e2b416cba968e5540a505b8c8289 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 22 Jul 2025 14:18:10 +0200 Subject: [PATCH 281/304] v-update-deb-package: change target Debian version to 'trixie' and update dependencies for NGINX, OpenSSL, and Zlib --- src/deb/vesta_compile.sh | 46 ++++++++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index a80316d9..c645aa4c 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -7,8 +7,8 @@ build_deb_package=1 add_deb_to_apt_repo=0 -TARGET_DEB_NAME='bookworm' -TARGET_DEB_VER='12' +TARGET_DEB_NAME='trixie' +TARGET_DEB_VER='13' run_apt_update_and_install=1 wait_to_press_enter=1 @@ -31,8 +31,8 @@ fi MAINTAINER_EMAIL='info@myvestacp.com' -TARGET_DEB_NAME_MAIN='bookworm' -TARGET_DEB_VER_MAIN='12' +TARGET_DEB_NAME_MAIN='trixie' +TARGET_DEB_VER_MAIN='13' # Set compiling directory BUILD_DIR="/usr/src/$TARGET_DEB_NAME" @@ -58,10 +58,10 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" -NGINX_V='1.25.1' -OPENSSL_V='1.1.1u' +NGINX_V='1.29.0' +OPENSSL_V='1.1.1w' PCRE_V='8.45' -ZLIB_V='1.2.13' +ZLIB_V='1.3.1' PHP_V='5.6.40' # Generate Links for sourcecode @@ -130,6 +130,9 @@ if [ $run_apt_update_and_install -eq 1 ]; then if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi + if [ "$release" -eq 13 ]; then + ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl + fi press_enter "=== Press enter to continue ===============================================================================" fi @@ -258,6 +261,7 @@ EOF press_enter "*** please copy above generated key to your clipboard and then paste it after pressing enter now ***" vi $PATH_OF_APT_REPO_ROOT/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/13/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/12/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/11/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/10/deb_signing.key @@ -442,6 +446,34 @@ if [ "$CWEB_B" = true ]; then fi tar -czf fail2ban.tar.gz fail2ban/ + if [ -f "dovecot.tar.gz" ]; then + rm dovecot.tar.gz + fi + tar -czf dovecot.tar.gz dovecot/ + echo "=== All done for Debian12" + ########## + cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/13 + + if [ -f "packages.tar.gz" ]; then + rm packages.tar.gz + fi + tar -czf packages.tar.gz packages/ + + if [ -f "templates.tar.gz" ]; then + rm templates.tar.gz + fi + tar -czf templates.tar.gz templates/ + + if [ -f "firewall.tar.gz" ]; then + rm firewall.tar.gz + fi + tar -czf firewall.tar.gz firewall/ + + if [ -f "fail2ban.tar.gz" ]; then + rm fail2ban.tar.gz + fi + tar -czf fail2ban.tar.gz fail2ban/ + if [ -f "dovecot.tar.gz" ]; then rm dovecot.tar.gz fi From b3758430c653c3c031273d85f3fd44d154fe265c Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 22 Jul 2025 16:30:23 +0200 Subject: [PATCH 282/304] v-update-php-version: upgrade PHP to 8.4.10 and update download link; add additional dependencies for Debian 13 --- src/deb/vesta_compile.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index c645aa4c..0d899cb3 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -62,7 +62,7 @@ NGINX_V='1.29.0' OPENSSL_V='1.1.1w' PCRE_V='8.45' ZLIB_V='1.3.1' -PHP_V='5.6.40' +PHP_V='8.4.10' # Generate Links for sourcecode NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz' @@ -73,7 +73,7 @@ OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz' PCRE='https://sourceforge.net/projects/pcre/files/pcre/'$PCRE_V'/pcre-'$PCRE_V'.tar.gz/download' # Zlib moved archives to Github ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz' -PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz' +PHP='https://www.php.net/distributions/php-'$PHP_V'.tar.gz' # Set package dependencies for compiling release=$(cat /etc/debian_version | tr "." "\n" | head -n1) @@ -81,7 +81,7 @@ release=$(cat /etc/debian_version | tr "." "\n" | head -n1) if [ "$release" -lt 12 ]; then SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' else - SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync' + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync libsqlite3-dev libonig-dev' fi function press_enter { @@ -130,7 +130,7 @@ if [ $run_apt_update_and_install -eq 1 ]; then if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi - if [ "$release" -eq 13 ]; then + if [ ! -e /usr/local/include/curl ] && [ "$release" -eq 13 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi press_enter "=== Press enter to continue ===============================================================================" @@ -530,7 +530,7 @@ if [ "$NGINX_B" = true ]; then --with-openssl-opt=no-weak-ssl-ciphers \ --with-openssl-opt=no-ssl3 \ --with-pcre=../pcre-$PCRE_V \ - --with-pcre-jit \ + --with-pcre-jit \ --with-zlib=../zlib-$ZLIB_V # Check install directory and remove if exists @@ -625,11 +625,10 @@ if [ "$PHP_B" = true ]; then --with-zlib \ --with-fpm-user=admin \ --with-fpm-group=admin \ - --with-mysql \ --with-mysqli \ --with-curl \ --enable-mbstring \ - --with-mysql-sock=/var/run/mysqld/mysqld.sock + --with-mysql-sock=/var/run/mysqld/mysqld.sock # Check install directory and remove if exists if [ -d $INSTALL_DIR/php ]; then @@ -637,7 +636,7 @@ if [ "$PHP_B" = true ]; then fi press_enter "=== Press enter to compile PHP ===============================================================================" - + make && make install press_enter "=== Press enter to continue ===============================================================================" From 77b6506baeca26e71dcba0eb367c9f66b213da83 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 14:02:52 +0200 Subject: [PATCH 283/304] v-update-deb-package: update completion message for Debian 13 --- src/deb/vesta_compile.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index 0d899cb3..08bc163b 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -478,7 +478,7 @@ if [ "$CWEB_B" = true ]; then rm dovecot.tar.gz fi tar -czf dovecot.tar.gz dovecot/ - echo "=== All done for Debian12" + echo "=== All done for Debian13" ########## cp /root/vesta/install/vst-install-debian.sh $PATH_OF_C_WEB_FOLDER_ROOT/vst-install-debian.sh From 30581ea672b0bcce6d2605a6138d1085c60aaf67 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 22:37:09 +0200 Subject: [PATCH 284/304] v-change-wordpress-admin-passwords: enhance output messages for password change confirmation --- bin/v-change-wordpress-admin-passwords | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index eae5b078..bca23ad8 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -160,8 +160,15 @@ while IFS=',' read -r ID LOGIN EMAIL; do done <<< "$ADMIN_LIST_CSV" if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "" + echo "" echo "-------------------------------------" - echo + echo "For website $DOMAIN - new wp-admin passwords have been set." + echo "-------------------------------------" + cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + echo "-------------------------------------" + echo "" + echo "" read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty if [ -z "$SAVE_PASSWORDS" ]; then SAVE_PASSWORDS="n" @@ -191,14 +198,4 @@ echo "Cache flushed and salts refreshed." echo echo "Done." -if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then - echo "-------------------------------------" - echo "For website $DOMAIN - new wp-admin passwords have been set." - echo "-------------------------------------" - cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt - echo "-------------------------------------" - echo "" - read -r -p "== Press Enter to continue..." -fi - exit 0 From 4e8bac8dda0670066c3b8cd880bfb388cb550a25 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 23:34:07 +0200 Subject: [PATCH 285/304] v-update-firewall-rules: improve nginx configuration handling for deleting rules, as well as for suspended and unsuspended rules --- bin/v-delete-firewall-rule | 2 +- bin/v-suspend-firewall-rule | 9 +++++++++ bin/v-unsuspend-firewall-rule | 13 +++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 61f7602d..10fd0fb9 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -45,7 +45,7 @@ $BIN/v-update-firewall if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then parse_object_kv_list_non_eval "$oldvalues" if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then - sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf + sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf systemctl restart nginx fi fi diff --git a/bin/v-suspend-firewall-rule b/bin/v-suspend-firewall-rule index 67f14cec..9191fed0 100755 --- a/bin/v-suspend-firewall-rule +++ b/bin/v-suspend-firewall-rule @@ -32,12 +32,21 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unsuspend-firewall-rule b/bin/v-unsuspend-firewall-rule index be6320d4..f0e00c96 100755 --- a/bin/v-unsuspend-firewall-rule +++ b/bin/v-unsuspend-firewall-rule @@ -32,12 +32,25 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # From d017fbbe0700a61adb45a8494b1f6656655ffff3 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 25 Jul 2025 16:37:45 +0200 Subject: [PATCH 286/304] v-fix-website-permissions: improve error messages for non-existent user and domain directories --- bin/v-fix-website-permissions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 93b9d662..13c6775d 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -42,12 +42,12 @@ is_format_valid 'domain' is_object_valid 'user' 'USER' "$user" if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; + echo "Error: Folder /home/$user doesn't exist"; exit 1; fi if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; + echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; exit 1; fi From 5fb7862b39b7437777fd1c57bc35c9c588854ac4 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 26 Jul 2025 21:36:10 +0200 Subject: [PATCH 287/304] Replace direct calls to 'wp' with 'v-run-wp-cli' --- bin/v-add-wordpress-admin | 16 ++++------ bin/v-clone-website | 22 ++++++------- bin/v-install-wordfence-cli | 0 bin/v-install-wordpress | 29 +++++++++++------ bin/{v-get-wp-cli => v-install-wp-cli} | 24 ++++++++++++-- bin/v-migrate-site-to-https | 22 +++++++++---- bin/v-run-wp-cli | 44 +++++++++++++++++++------- 7 files changed, 108 insertions(+), 49 deletions(-) create mode 100644 bin/v-install-wordfence-cli rename bin/{v-get-wp-cli => v-install-wp-cli} (60%) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 67f58bf4..20585485 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -63,21 +63,19 @@ if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then exit 1; fi -if ! command -v wp &> /dev/null; then - echo "WP CLI is not installed. Installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp - echo "WP CLI installed successfully." +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi - -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# # Action # #----------------------------------------------------------# -cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; +/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes; #----------------------------------------------------------# # Vesta # diff --git a/bin/v-clone-website b/bin/v-clone-website index 0258e39a..0e089465 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -265,10 +265,12 @@ if [ $IT_IS_WP -eq 0 ]; then git clone https://github.com/interconnectit/Search-Replace-DB.git fi else - if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp + if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli + fi + if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi fi @@ -429,17 +431,15 @@ if [ $IT_IS_WP -eq 0 ]; then php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else - phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") - cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; fi - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli new file mode 100644 index 00000000..e69de29b diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 3f21d172..ba4d38c2 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -71,12 +71,12 @@ if [ -z "$email" ]; then fi if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; + echo "= Error: Folder /home/$user doesn't exist"; exit 1; fi if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; + echo "= Error: Folder /home/$user/web/$domain/public_html doesn't exist"; exit 1; fi @@ -138,24 +138,35 @@ fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" -if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi WORKINGDIR="/home/$user/web/$domain/public_html" rm -rf $WORKINGDIR/* cd $WORKINGDIR -sudo -H -u$user wp core download -sudo -H -u$user wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB +/usr/local/vesta/bin/v-run-wp-cli $domain core download +if [ ! -f "$WORKINGDIR/index.php" ]; then + echo "= WordPress installation failed: WordPress core download failed." + exit 1; +fi + +/usr/local/vesta/bin/v-run-wp-cli $domain core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB +if [ ! -f "$WORKINGDIR/wp-config.php" ]; then + echo "= WordPress installation failed: WordPress core config failed, wp-config.php not found." + exit 1; +fi password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12) wpadmin=$(echo "$domain" | sed 's#\.#_#g')_4dm1n -sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR +/usr/local/vesta/bin/v-run-wp-cli $domain core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" diff --git a/bin/v-get-wp-cli b/bin/v-install-wp-cli similarity index 60% rename from bin/v-get-wp-cli rename to bin/v-install-wp-cli index c097a024..e9be765d 100644 --- a/bin/v-get-wp-cli +++ b/bin/v-install-wp-cli @@ -24,10 +24,16 @@ if [ ! -f "/usr/local/bin/composer" ]; then fi if [ -d "/usr/local/bin/wp-cli" ]; then - echo "= Removing old WP CLI..." + echo "= Removing old myVesta WP CLI..." rm -rf /usr/local/bin/wp-cli fi +echo "= Installing classic WP CLI..." +wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp +chmod +x /usr/local/bin/wp + +echo "= Installing myVesta WP CLI..." + cd /usr/local/bin git clone https://github.com/wp-cli/wp-cli.git @@ -36,9 +42,21 @@ chown -R www-data:www-data wp-cli cd wp-cli/ sudo -H -u www-data composer install +echo "= Installing search-replace-command package..." +sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command + # Fix terminal columns issue for WP CLI +echo "= Fixing terminal columns issue for WP CLI..." /usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' -echo "= WP CLI installed successfully." +echo "" -exit 0; \ No newline at end of file +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] || [ -f "/usr/local/bin/wp" ]; then + echo "= WP CLI installed successfully." + echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND" + exit 0; +else + echo "= WP CLI installation failed." + echo "= Please install it manually." + exit 1; +fi diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index b6f4295b..1df0f0d5 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -40,6 +40,14 @@ is_format_valid 'domain' 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; +fi + FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' FROM_DATABASE_PASSWORD='' @@ -113,10 +121,12 @@ if [ $IT_IS_WP -eq 0 ]; then git clone https://github.com/interconnectit/Search-Replace-DB.git fi else - if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp + if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli + fi + if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi fi @@ -172,9 +182,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; fi echo "===== DONE ====" diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index ef4f6e10..c0c37d25 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -45,28 +45,37 @@ is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'web' 'DOMAIN' "$domain" if [ ! -d "/home/$user" ]; then - # echo "User doesn't exist"; + echo "= User doesn't exist"; exit 1; fi -if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - echo 'Please install WordPress first.' +if [[ "$wp_command" != core\ download* ]] && [[ "$wp_command" != core\ config* ]] && [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo '= Please install WordPress first.' exit 1; fi -if ! command -v wp &> /dev/null; then - echo "WP CLI is not installed. Installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp - echo "WP CLI installed successfully." +wpcli="" + +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli fi -wpcli="/usr/local/bin/wp" +if [ -f "/usr/local/bin/wp" ]; then + wpcli="/usr/local/bin/wp" + WP_CLI_PACKAGES_DIR="" +fi -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ -z "$USE_WP_CLI_BUNDLED" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS + WP_CLI_PACKAGES_DIR="WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages" +fi + +if [ -z "$wpcli" ]; then + echo "= WP CLI is not installed. Please install it manually." + exit 1; fi mkdir -p /home/$user/.wp-cli @@ -83,7 +92,20 @@ fi #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log + +if [ -z "$OPEN_BASEDIR" ]; then + OPEN_BASEDIR="/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin:/tmp" +fi + +if [ -z "$DISABLE_FUNCTIONS" ]; then + DISABLE_FUNCTIONS="pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" +fi + +if [ -z "$SHOW_ERRORS" ]; then + sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +else + sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command +fi return_code=$? From 35653eec54bb105cc383a5cbd255fc1ad0791d32 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 26 Jul 2025 22:00:22 +0200 Subject: [PATCH 288/304] Add WordFence CLI installation script --- bin/v-desinfect-wordpress | 5 +++++ bin/v-install-wordfence-cli | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index fcdc2f66..51ee217e 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -27,6 +27,11 @@ if [ -z "$user" ]; then exit 1 fi +if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then + echo "= WordFence CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wordfence-cli +fi + # absolute paths to maintenance scripts, in desired order declare -a tasks=( "/usr/local/vesta/bin/v-change-database-password-for-wordpress" diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli index e69de29b..fc6ca0b5 100644 --- a/bin/v-install-wordfence-cli +++ b/bin/v-install-wordfence-cli @@ -0,0 +1,37 @@ +#!/bin/bash +# info: Script for installing WordFence CLI +# options: NONE + +if ! command -v git &> /dev/null; then + echo "= Git is not installed. Installing..." + apt-get update > /dev/null 2>&1 + apt-get install -y git +fi + +cd /root + +if [ ! -d "myvesta-wordfence-cli" ]; then + git clone https://github.com/isscbta/myvesta-wordfence-cli.git + cd ~/myvesta-wordfence-cli/ +else + cd ~/myvesta-wordfence-cli/ + git pull +fi + +echo "" +echo "----------------------------------------------------------------" +echo "" +echo "Which Docker container do you want to install for WordFence CLI?" +echo "1. WordFence CLI official Docker container" +echo "2. WordFence CLI Docker container maintained by myVesta" +read -r -p "Enter your choice: " choice < /dev/tty + +if [ "$choice" == "1" ]; then + bash wf-cli-install.sh +fi + +if [ "$choice" == "2" ]; then + bash wf-cli-install-our-image.sh +fi + +exit 0; From 95ed753b0b1bb3bf8bd7aad2631bc55093f22092 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 27 Jul 2025 18:07:14 +0200 Subject: [PATCH 289/304] Separating v-install-wp-cli-myvesta. Update v-run-wp-cli to display error log if PHP Fatal Error occured. Updating v-run-wp-cli to use standard wp-cli, making v-run-wp-cli-myvesta for myvesta version of wp-cli. --- bin/v-install-wp-cli | 39 ++---------------------- bin/v-install-wp-cli-myvesta | 58 ++++++++++++++++++++++++++++++++++++ bin/v-run-wp-cli | 18 +++++++---- bin/v-run-wp-cli-myvesta | 8 +++++ 4 files changed, 81 insertions(+), 42 deletions(-) create mode 100644 bin/v-install-wp-cli-myvesta create mode 100644 bin/v-run-wp-cli-myvesta diff --git a/bin/v-install-wp-cli b/bin/v-install-wp-cli index e9be765d..17df71e8 100644 --- a/bin/v-install-wp-cli +++ b/bin/v-install-wp-cli @@ -12,46 +12,11 @@ if [ "$whoami" != "root" ]; then exit 1 fi -# Importing system environment -source /etc/profile - -if [ ! -f "/usr/local/bin/composer" ]; then - echo "= Composer is not installed. Installing..." - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" - php composer-setup.php --install-dir=/usr/local/bin --filename=composer - php -r "unlink('composer-setup.php');" - echo "= Composer installed successfully." -fi - -if [ -d "/usr/local/bin/wp-cli" ]; then - echo "= Removing old myVesta WP CLI..." - rm -rf /usr/local/bin/wp-cli -fi - -echo "= Installing classic WP CLI..." +echo "= Installing WP CLI by downloading phar file..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp chmod +x /usr/local/bin/wp -echo "= Installing myVesta WP CLI..." - -cd /usr/local/bin -git clone https://github.com/wp-cli/wp-cli.git - -chown -R www-data:www-data wp-cli - -cd wp-cli/ -sudo -H -u www-data composer install - -echo "= Installing search-replace-command package..." -sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command - -# Fix terminal columns issue for WP CLI -echo "= Fixing terminal columns issue for WP CLI..." -/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' - -echo "" - -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] || [ -f "/usr/local/bin/wp" ]; then +if [ -f "/usr/local/bin/wp" ]; then echo "= WP CLI installed successfully." echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND" exit 0; diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta new file mode 100644 index 00000000..f619626f --- /dev/null +++ b/bin/v-install-wp-cli-myvesta @@ -0,0 +1,58 @@ +#!/bin/bash +# info: Download myVesta WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +if [ ! -f "/usr/local/bin/composer" ]; then + echo "= Composer is not installed. Installing..." + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + php -r "unlink('composer-setup.php');" + echo "= Composer installed successfully." +fi + +if [ -d "/usr/local/bin/wp-cli" ]; then + echo "= Removing old myVesta WP CLI..." + rm -rf /usr/local/bin/wp-cli +fi + +echo "= Installing myVesta WP CLI..." + +cd /usr/local/bin +git clone https://github.com/wp-cli/wp-cli.git + +chown -R www-data:www-data wp-cli + +cd wp-cli/ +sudo -H -u www-data composer install + +echo "= Installing search-replace-command package..." +sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command + +# Fix terminal columns issue for WP CLI +echo "= Fixing terminal columns issue for WP CLI..." +/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' + +echo "" + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= myVesta WP CLI installed successfully." + echo "= Usage: v-run-wp-cli-myvesta DOMAIN WP_CLI_COMMAND" + exit 0; +else + echo "= myVesta WP CLI installation failed." + echo "= Please install it manually." + exit 1; +fi diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index c0c37d25..999e30a8 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -61,12 +61,19 @@ if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php /usr/local/vesta/bin/v-install-wp-cli fi +output='terminal' +if [ -t 1 ]; then + output='terminal' +else + output='file' +fi + if [ -f "/usr/local/bin/wp" ]; then wpcli="/usr/local/bin/wp" WP_CLI_PACKAGES_DIR="" fi -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ -z "$USE_WP_CLI_BUNDLED" ]; then +if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS @@ -113,10 +120,11 @@ if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then rm /usr/local/bin/wp-cli/COLUMNS fi -# echo "WP CLI: Done." -# echo "To see Warning/Error log: " -# echo "cat /home/$user/web/$domain/wp-cli-error.log" - +if [ -z "$SHOW_ERRORS" ]; then + if grep -q "PHP Fatal error" /home/$user/web/$domain/wp-cli-error.log || [ $return_code -ne 0 ]; then + cat /home/$user/web/$domain/wp-cli-error.log + fi +fi #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta new file mode 100644 index 00000000..e250a8ee --- /dev/null +++ b/bin/v-run-wp-cli-myvesta @@ -0,0 +1,8 @@ +#!/bin/bash + +if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= myVesta WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli-myvesta +fi + +USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@" From ef8d033b60e0dd6e1a1a9fa2bad9eaf7d7dd0e0f Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 30 Jul 2025 16:18:20 +0200 Subject: [PATCH 290/304] Enhance v-run-wp-cli and v-run-wp-cli-myvesta to check for file age and update if older than 30 days --- bin/v-run-wp-cli | 18 ++++++++++++++++-- bin/v-run-wp-cli-myvesta | 13 +++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 999e30a8..e4a3d4a7 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -61,7 +61,21 @@ if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php /usr/local/vesta/bin/v-install-wp-cli fi -output='terminal' +if [ -z "$USE_WP_CLI_MYVESTA" ]; then + if [ -f "/usr/local/bin/wp" ]; then + # Get current time and file ctime in seconds since epoch + current_time=$(date +%s) + file_ctime=$(stat -c %Z /usr/local/bin/wp) + # Calculate age in days + age_days=$(( (current_time - file_ctime) / 86400 )) + if [ "$age_days" -gt 30 ]; then + echo "= The /usr/local/bin/wp file is older than 30 days (based on CTime)." + echo "= Updating WP CLI..." + /usr/local/vesta/bin/v-install-wp-cli + fi + fi +fi + if [ -t 1 ]; then output='terminal' else @@ -73,7 +87,7 @@ if [ -f "/usr/local/bin/wp" ]; then WP_CLI_PACKAGES_DIR="" fi -if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then +if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta index e250a8ee..5947edfa 100644 --- a/bin/v-run-wp-cli-myvesta +++ b/bin/v-run-wp-cli-myvesta @@ -5,4 +5,17 @@ if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then /usr/local/vesta/bin/v-install-wp-cli-myvesta fi +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + # Get current time and file ctime in seconds since epoch + current_time=$(date +%s) + file_ctime=$(stat -c %Z /usr/local/bin/wp-cli/php/boot-fs.php) + # Calculate age in days + age_days=$(( (current_time - file_ctime) / 86400 )) + if [ "$age_days" -gt 30 ]; then + echo "= The /usr/local/bin/wp-cli/php/boot-fs.php file is older than 30 days (based on CTime)." + echo "= Updating myVesta WP CLI..." + /usr/local/vesta/bin/v-install-wp-cli-myvesta + fi +fi + USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@" From 48944af1826e8bb2dd1540094b6bf561003f207f Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 30 Jul 2025 18:14:25 +0200 Subject: [PATCH 291/304] Update v-install-wp-cli-myvesta to set PHP version dynamically based on the oldest installed version and revert to the current version after installation --- bin/v-install-wp-cli-myvesta | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta index f619626f..b65479f6 100644 --- a/bin/v-install-wp-cli-myvesta +++ b/bin/v-install-wp-cli-myvesta @@ -35,12 +35,33 @@ git clone https://github.com/wp-cli/wp-cli.git chown -R www-data:www-data wp-cli +ver_ge() { + # usage: ver_ge 7.2 5.6 --> returns true if $1 is greater than or equal to $2 + [ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ] +} + +current_php_version=$(readlink -f /usr/bin/php | grep -oP 'php\K[0-9]+\.[0-9]+') + +php_versions=$(/usr/local/vesta/bin/v-list-php) +for php_version in $php_versions; do + if ver_ge "$php_version" "7.2"; then + oldest_allowed_php_version=$php_version + break + fi +done + +echo "= Setting PHP version to $oldest_allowed_php_version" +update-alternatives --set php /usr/bin/php$oldest_allowed_php_version + cd wp-cli/ sudo -H -u www-data composer install echo "= Installing search-replace-command package..." sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command +echo "= Setting PHP version to $current_php_version" +update-alternatives --set php /usr/bin/php$current_php_version + # Fix terminal columns issue for WP CLI echo "= Fixing terminal columns issue for WP CLI..." /usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' From 46a6ebafb0ad8a4a09008a21859b6dd2b0d3f9eb Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 19:42:16 +0200 Subject: [PATCH 292/304] Enhance v-commander to check for kernel updates and reboot requirements --- bin/v-commander | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index f04b3a17..72607c95 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -201,11 +201,9 @@ do apt_upgraded=1 kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log) - if [ $kernelupdate -gt 0 ]; then + if [ $kernelupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then touch /root/kernelupdate - echo "== kernel is updated" - else - echo "== kernel is not updated" + echo "== kernel is updated, reboot is required!" fi fi From cc09de9b6ec7e6104e5451ca2274822f3eaa8651 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 19:46:28 +0200 Subject: [PATCH 293/304] v-fix-website-permissions: checks for php_chmod conf files --- bin/v-fix-website-permissions | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 13c6775d..5c1eaca3 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -77,6 +77,15 @@ find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" +if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) +fi +if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) +fi +if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) +fi if [ -f "/home/$USER/web/$domain/php_chmod" ]; then php_chmod=$(cat /home/$USER/web/$domain/php_chmod) fi From c1f2a02fb8a05f9147e8bbc4d6dffaed6bb0e97e Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 20:08:17 +0200 Subject: [PATCH 294/304] Implement cron job for fixing website permissions --- install/vst-install-debian.sh | 4 +++- src/deb/vesta/postinst | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index f6de9e70..9517e4ef 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1894,7 +1894,9 @@ command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -service cron restart +command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +$VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" +systemctl restart cron.service echo "== Building inititall rrd images" $VESTA/bin/v-update-sys-rrd diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 68252789..d8a22ee1 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -21,10 +21,20 @@ if [ ! -d "/usr/local/vesta/data/upgrades" ]; then mkdir -p /usr/local/vesta/data/upgrades fi +VESTA="/usr/local/vesta" + # show changelog after update echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Fixing permissions for all websites +if ! grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Fixing permissions for all websites" + command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" + $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" + systemctl restart cron.service +fi + if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then echo "== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf From 97548e55fb76e9fd10913a0caedb08f535c9cb43 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 3 Aug 2025 15:00:29 +0200 Subject: [PATCH 295/304] Removing temporary Docker container network interfaces from RRD --- bin/v-update-sys-rrd-net | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bin/v-update-sys-rrd-net b/bin/v-update-sys-rrd-net index e9c642e4..d59eefd9 100755 --- a/bin/v-update-sys-rrd-net +++ b/bin/v-update-sys-rrd-net @@ -35,13 +35,15 @@ if [ ! -d "$RRD/net" ]; then mkdir $RRD/net fi +find $RRD/net -name "veth*" -delete + # Parsing network interfaces ndev=$(cat /proc/net/dev) ifaces=$(echo "$ndev" |grep : |cut -f 1 -d : | sed "s/ //g") # Parsing excludes if [ -z "$RRD_IFACE_EXCLUDE" ]; then - RRD_IFACE_EXCLUDE='lo' + RRD_IFACE_EXCLUDE='lo,' fi for exclude in $(echo ${RRD_IFACE_EXCLUDE//,/ }); do ifaces=$(echo "$ifaces" |grep -vw "$exclude" ) @@ -62,6 +64,8 @@ for iface in $ifaces; do RRA:MAX:0.5:6:700 \ RRA:MAX:0.5:24:775 \ RRA:MAX:0.5:288:797 + else + touch $RRD/net/$iface.rrd fi # Parsing device stats @@ -112,6 +116,8 @@ for iface in $ifaces; do done +find $RRD/net -name "*.png" -mtime +1 -delete +find $RRD/net -name "*.rrd" -mtime +1 -delete #----------------------------------------------------------# # Vesta # From d18967e627f654fc980457ead8bd35d5466bd9e6 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 11:07:07 +0200 Subject: [PATCH 296/304] Refactor v-run-wp-cli to simplify WP CLI installation check by removing redundant file check for boot-fs.php --- bin/v-run-wp-cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index e4a3d4a7..b1e4e6aa 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -56,7 +56,7 @@ fi wpcli="" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then +if [ ! -f "/usr/local/bin/wp" ]; then echo "= WP CLI is not installed. Installing..." /usr/local/vesta/bin/v-install-wp-cli fi From 8680995e66e820258bfaede558a5e144120856a8 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 15:19:22 +0200 Subject: [PATCH 297/304] Avoid 600 permissions for Apache-less variant --- bin/v-fix-user-permissions | 8 ++++---- bin/v-fix-website-permissions | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index 991ada62..47690477 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -49,10 +49,10 @@ find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; find /home/$user/conf/ -type d -exec chown root:root {} \; -find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + -find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + -find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; -find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} + +for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" +done echo "Done, permissions fixed for user: $user" diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 5c1eaca3..186075a1 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -28,6 +28,7 @@ USER=$user # Includes source /usr/local/vesta/func/main.sh +source /usr/local/vesta/conf/vesta.conf if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" @@ -77,6 +78,11 @@ find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" + +if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" +fi + if [ -f "/home/php_chmod" ]; then php_chmod=$(cat /home/php_chmod) fi From 4dc1e73612d07e80aad72c533d7fd10ed253834e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 16:42:07 +0200 Subject: [PATCH 298/304] Remove redundant WP CLI installation checks from multiple scripts --- bin/v-add-wordpress-admin | 8 -------- bin/v-clone-website | 8 -------- bin/v-install-wordpress | 8 -------- bin/v-migrate-site-to-https | 15 --------------- 4 files changed, 39 deletions(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 20585485..60778fb2 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -63,14 +63,6 @@ if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then exit 1; fi -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi - #----------------------------------------------------------# # Action # #----------------------------------------------------------# diff --git a/bin/v-clone-website b/bin/v-clone-website index 0e089465..9bebbffd 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -264,14 +264,6 @@ if [ $IT_IS_WP -eq 0 ]; then cd /root git clone https://github.com/interconnectit/Search-Replace-DB.git fi -else - if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli - fi - if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; - fi fi CREATE_TO_DATABASE=0 diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index ba4d38c2..f23afa74 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -138,14 +138,6 @@ fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi - WORKINGDIR="/home/$user/web/$domain/public_html" rm -rf $WORKINGDIR/* cd $WORKINGDIR diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 1df0f0d5..c15a521e 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -40,13 +40,6 @@ is_format_valid 'domain' 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' @@ -120,14 +113,6 @@ if [ $IT_IS_WP -eq 0 ]; then cd /root git clone https://github.com/interconnectit/Search-Replace-DB.git fi -else - if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli - fi - if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; - fi fi From a183cabdc7ece59d29c37f0c3064779adb52c140 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 16:50:52 +0200 Subject: [PATCH 299/304] v-install-wordpress: avoid changing nginx proxy template in apache-less variant --- bin/v-install-wordpress | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index f23afa74..25e38f3e 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -119,20 +119,22 @@ fi TPL_CHANGED=0; -if [ "$PROTOCOL" = "https" ]; then - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" +if [ "$WEB_SYSTEM" != 'nginx' ]; then + if [ "$PROTOCOL" = "https" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi fi - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" - fi -fi -if [ "$PROTOCOL" = "http" ]; then - if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + if [ "$PROTOCOL" = "http" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi fi fi From 5008c2c778595f0a73d3e78bc55d7a62d37fe371 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 7 Aug 2025 18:29:11 +0200 Subject: [PATCH 300/304] Refactor v-fix-website-permissions to introduce conditional checks for PHP and symlink ownership adjustments, allowing for more flexible permission management based on configuration files. --- bin/v-fix-website-permissions | 108 +++++++++++++++++++++++++--------- 1 file changed, 79 insertions(+), 29 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 186075a1..fca37e15 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -68,40 +68,90 @@ if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then fi fi +echo "Updating permissions for /home/$USER/web/$domain/" -echo "Updating permissions for /home/$USER/web/$domain/public_html/" -# Fixing permissions -find public_html/ -type d ! -perm 755 -exec chmod 755 {} + -find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + -# Fixing ownership -find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + -find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + - -php_chmod="600" - -if [ "$WEB_SYSTEM" = 'nginx' ]; then - php_chmod="644" +php_chmod_allowed=1 +if [ -f "/home/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then + php_chmod_allowed=0 fi -if [ -f "/home/php_chmod" ]; then - php_chmod=$(cat /home/php_chmod) -fi -if [ -f "/home/$USER/php_chmod" ]; then - php_chmod=$(cat /home/$USER/php_chmod) -fi -if [ -f "/home/$USER/web/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/php_chmod) -fi -if [ -f "/home/$USER/web/$domain/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/$domain/php_chmod) +# === General files and directories permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + # New way of fixing permissions + # Fixing permissions + find public_html/ -type d ! -perm 755 -exec chmod 755 {} + + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + + + # Fixing ownership + find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +else + # Old way of fixing permissions + # Fixing permissions + find public_html/ -type d ! -perm 755 -exec chmod 755 {} + + find public_html/ -type f ! -perm 644 -exec chmod 644 {} + + + # Fixing ownership + find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + + find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} + fi -# Setting chmod 600 for all .php and .env files -echo "= Setting chmod $php_chmod for all .php and .env files" -# Fixing permissions -find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + -# Fixing ownership -find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +# === PHP and .env permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + php_chmod="600" + + if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" + fi + + if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) + fi + if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) + fi + if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) + fi + if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) + fi + + # Setting chmod 600 for all .php and .env files + echo "= Setting chmod $php_chmod for all .php and .env files" + # Fixing permissions + find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + + # Fixing ownership + find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +fi + +# === Symlinks ownership === +symlink_chown_allowed=1 +if [ -f "/home/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi + +if [ "$symlink_chown_allowed" -eq 1 ]; then + find -type l ! -user $USER -exec chown -h $USER:$USER {} + +fi #----------------------------------------------------------# # Vesta # From efe0045c5f7a7fa12ded564a4e7ee49df38cf152 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 7 Aug 2025 19:03:30 +0200 Subject: [PATCH 301/304] Introduction of v-fix-website-permissions-only-php script --- bin/v-fix-website-permissions | 6 +- ...site-permissions-for-all-websites-only-php | 44 +++++++ bin/v-fix-website-permissions-only-php | 121 ++++++++++++++++++ install/vst-install-debian.sh | 2 +- src/deb/vesta/postinst | 19 ++- 5 files changed, 184 insertions(+), 8 deletions(-) create mode 100644 bin/v-fix-website-permissions-for-all-websites-only-php create mode 100644 bin/v-fix-website-permissions-only-php diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index fca37e15..50b143c8 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -1,6 +1,6 @@ #!/bin/bash -# info: Fixing chown and chmod permissions in the public_html directory -# options: DOMAIN +# info: Fixing chown and chmod permissions for a website +# options: DOMAIN [USER] #----------------------------------------------------------# # Variable&Function # @@ -68,7 +68,7 @@ if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then fi fi -echo "Updating permissions for /home/$USER/web/$domain/" +echo "Updating permissions and ownership for /home/$USER/web/$domain/" php_chmod_allowed=1 if [ -f "/home/php_chmod_disabled" ]; then diff --git a/bin/v-fix-website-permissions-for-all-websites-only-php b/bin/v-fix-website-permissions-for-all-websites-only-php new file mode 100644 index 00000000..a89d2416 --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites-only-php @@ -0,0 +1,44 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log +truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1 + echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-website-permissions-only-php b/bin/v-fix-website-permissions-only-php new file mode 100644 index 00000000..cf548e6b --- /dev/null +++ b/bin/v-fix-website-permissions-only-php @@ -0,0 +1,121 @@ +#!/bin/bash +# info: Fixing PHP and .env permissions and ownership for a website +# options: DOMAIN [USER] + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/conf/vesta.conf + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "Error: Folder /home/$user doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Going to domain directory +cd /home/$USER/web/$domain + +# Ownership check +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + +echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/" + +php_chmod_allowed=1 +if [ -f "/home/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi + +# === PHP and .env permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + php_chmod="600" + + if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" + fi + + if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) + fi + if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) + fi + if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) + fi + if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) + fi + + # Setting chmod 600 for all .php and .env files + echo "= Setting chmod $php_chmod for all .php and .env files" + # Fixing permissions + find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + + # Fixing ownership + find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# +echo "PHP and .env permissions and ownership for $domain have been successfully updated." + +exit 0 diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 9517e4ef..1c8f2e1b 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1894,7 +1894,7 @@ command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" systemctl restart cron.service diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index d8a22ee1..f5f79877 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -27,10 +27,21 @@ VESTA="/usr/local/vesta" echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog -# Fixing permissions for all websites -if ! grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Fixing permissions for all websites" - command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin + systemctl restart cron.service + fi +fi + +# Fixing PHP and .env permissions and ownership for all websites +if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Fixing PHP and .env permissions and ownership for all websites" + command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" systemctl restart cron.service fi From 4fff4b498553e2545c674427296d271a0d16ee5f Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Sun, 10 Aug 2025 11:48:54 +0000 Subject: [PATCH 302/304] Fix PHP 5.6 array index and implode compatibility issues Co-authored-by: peca --- web/add/dns/index.php | 12 ++++++++++-- web/add/mail/index.php | 9 +++++++-- web/add/web/index.php | 6 +++++- web/upload/UploadHandler.php | 9 +++++++-- 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/web/add/dns/index.php b/web/add/dns/index.php index 7c18faab..06ca9547 100644 --- a/web/add/dns/index.php +++ b/web/add/dns/index.php @@ -80,7 +80,11 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); + } unset($v_domain); } } @@ -128,7 +132,11 @@ if (!empty($_POST['ok_rec'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); + } unset($v_domain); unset($v_rec); unset($v_val); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index c761139c..5fe9b6ff 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -186,8 +186,13 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + } else { + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + } unset($v_account); unset($v_password); unset($v_password); diff --git a/web/add/web/index.php b/web/add/web/index.php index d77b8f40..f8953f19 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -323,7 +323,11 @@ if (!empty($_POST['ok'])) { } if (!empty($_SESSION['error_msg']) && $domain_added) { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); + } $_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); header('Location: ' . $url); diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index 48f40b23..581f9741 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1095,8 +1095,13 @@ class UploadHandler } } if (count($failed_versions)) { - $file->error = $this->get_error_message('image_resize') - .' ('.implode($failed_versions,', ').')'; + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $file->error = $this->get_error_message('image_resize') + .' ('.implode($failed_versions,', ').')'; + } else { + $file->error = $this->get_error_message('image_resize') + .' ('.implode(', ', $failed_versions).')'; + } } // Free memory: $this->destroy_image_object($file_path); From be756306b084aa808dcd4328303a316f0a4a3a10 Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Sun, 10 Aug 2025 12:13:20 +0000 Subject: [PATCH 303/304] Remove PHP version-specific code for array access and string formatting Co-authored-by: peca --- web/add/dns/index.php | 12 ++---------- web/add/mail/index.php | 9 ++------- web/add/web/index.php | 6 +----- web/upload/UploadHandler.php | 9 ++------- 4 files changed, 7 insertions(+), 29 deletions(-) diff --git a/web/add/dns/index.php b/web/add/dns/index.php index 06ca9547..b9e47abe 100644 --- a/web/add/dns/index.php +++ b/web/add/dns/index.php @@ -80,11 +80,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); unset($v_domain); } } @@ -132,11 +128,7 @@ if (!empty($_POST['ok_rec'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); unset($v_domain); unset($v_rec); unset($v_val); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index 5fe9b6ff..6a8b6e9f 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -186,13 +186,8 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; - } else { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; - } + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; unset($v_account); unset($v_password); unset($v_password); diff --git a/web/add/web/index.php b/web/add/web/index.php index f8953f19..e11cff23 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -323,11 +323,7 @@ if (!empty($_POST['ok'])) { } if (!empty($_SESSION['error_msg']) && $domain_added) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); $_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); header('Location: ' . $url); diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index 581f9741..ce8863bb 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1095,13 +1095,8 @@ class UploadHandler } } if (count($failed_versions)) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $file->error = $this->get_error_message('image_resize') - .' ('.implode($failed_versions,', ').')'; - } else { - $file->error = $this->get_error_message('image_resize') - .' ('.implode(', ', $failed_versions).')'; - } + $file->error = $this->get_error_message('image_resize') + .' ('.implode(', ', $failed_versions).')'; } // Free memory: $this->destroy_image_object($file_path); From 457e5c862ee820cf03558f6ea6b34290d16ca9ac Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 12 Aug 2025 13:58:17 +0200 Subject: [PATCH 304/304] Add cron job for disk usage snapshot --- bin/v-df-snapshot-diff | 102 +++++++++++++++++++++++++++++++++ bin/v-df-snapshot-logs-cleaner | 11 ++++ bin/v-df-snapshot-make | 20 +++++++ install/vst-install-debian.sh | 4 ++ src/deb/vesta/postinst | 14 +++++ 5 files changed, 151 insertions(+) create mode 100644 bin/v-df-snapshot-diff create mode 100644 bin/v-df-snapshot-logs-cleaner create mode 100644 bin/v-df-snapshot-make diff --git a/bin/v-df-snapshot-diff b/bin/v-df-snapshot-diff new file mode 100644 index 00000000..ee427bd2 --- /dev/null +++ b/bin/v-df-snapshot-diff @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Make a diff between two snapshots of the disk usage +# options: FILE1 FILE2 + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Let's declare three associative arrays +declare -A FILE1 +declare -A FILE2 +declare -A FILED + +file1=$1 +file2=$2 + +if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then + file1="/usr/local/vesta/data/df/$file1" +fi + +if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then + file2="/usr/local/vesta/data/df/$file2" +fi + +if [ ! -f "$file1" ]; then + echo "File $file1 not found" + exit 1 +fi + +if [ ! -f "$file2" ]; then + echo "File $file2 not found" + exit 1 +fi + +timestamp=$(date +%Y-%m-%d-%H-%M-%S) +mkdir -p /usr/local/vesta/data/df-diff +file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt" +file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt" +file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt" +touch $file0 + +# Let's load the first file and fill the array FILE1 +while IFS=$'\t' read SIZE DIRECTORY; do + # Skip blank lines or lines that are not in the correct format + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + # Insert values into the array + FILE1["$DIRECTORY"]="$SIZE" +done < "$file1" + +# Let's load the second file and fill the array FILE2 +while IFS=$'\t' read SIZE DIRECTORY; do + # Skip blank lines or lines that are not in the correct format + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + # Insert values into the array + FILE2["$DIRECTORY"]="$SIZE" +done < "$file2" + +# We iterate through FILE1 and look for the matching key in FILE2 +for k in "${!FILE1[@]}"; do + if [[ -v FILE2["$k"] ]]; then + # If there is the same folder (KEY) in FILE2 + DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} )) + FILED["$k"]=$DIFF + echo -e "${DIFF}\t${k}" >> $file0 + else + # If the folder (KEY) is not found in FILE2 + FILED["$k"]=${FILE1["$k"]} + echo -e "${FILE1["$k"]}\t${k}" >> $file0 + fi +done + +# sorted by size +sort -nr -k1,1 $file0 > $file0s + +# sorted by folders +while IFS=$'\t' read SIZE DIRECTORY; do + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f +done < "$file2" + +chmod 600 $file0 $file0s $file0f +chown root:root $file0 $file0s $file0f + +echo "Done." +echo "You can do:" +echo "mcview $file0" +echo "mcview $file0s" +echo "mcview $file0f" +echo "--------------------------------" +echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):" +head -n 30 $file0s +echo "--------------------------------" +echo "Here is the first 30 lines of the diff, sorted by folders (in MB):" +head -n 30 $file0f +echo "--------------------------------" + +exit 0 diff --git a/bin/v-df-snapshot-logs-cleaner b/bin/v-df-snapshot-logs-cleaner new file mode 100644 index 00000000..63275034 --- /dev/null +++ b/bin/v-df-snapshot-logs-cleaner @@ -0,0 +1,11 @@ +#!/bin/bash +# info: Clean up old snapshots of the disk usage +# options: NONE + +folder="/usr/local/vesta/data/df" +mkdir -p $folder +find $folder -type f -mtime +30 -delete + +folder="/usr/local/vesta/data/df-diff" +mkdir -p $folder +find $folder -type f -mtime +30 -delete diff --git a/bin/v-df-snapshot-make b/bin/v-df-snapshot-make new file mode 100644 index 00000000..51c41e9d --- /dev/null +++ b/bin/v-df-snapshot-make @@ -0,0 +1,20 @@ +#!/bin/bash +# info: Make a snapshot of the disk usage +# options: NONE + +folder="/usr/local/vesta/data/df" + +mkdir -p $folder +timestamp=$(date +%Y-%m-%d-%H-%M-%S) +du --max-depth=1 -c -m -x / > $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=2 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=3 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=6 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /var/log >> $folder/snapshot-$timestamp.txt + +chmod 600 $folder/snapshot-$timestamp.txt +chown root:root $folder/snapshot-$timestamp.txt + +exit 0 diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 1c8f2e1b..e8208113 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1896,6 +1896,10 @@ command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-df-snapshot-make" +$VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" +$VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" systemctl restart cron.service echo "== Building inititall rrd images" diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index f5f79877..ac034e82 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -38,6 +38,20 @@ if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/user fi fi +# Adding cron job for disk usage snapshot +if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot" + command="sudo $VESTA/bin/v-df-snapshot-make" + $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" + systemctl restart cron.service +fi +if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot logs cleaner" + command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" + $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" + systemctl restart cron.service +fi + # Fixing PHP and .env permissions and ownership for all websites if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then echo "== Fixing PHP and .env permissions and ownership for all websites"