diff --git a/.gitignore b/.gitignore
index 6701a887..fe0574ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,6 @@
 *.gz
 .vscode
 .DS_Store
+data
+conf
+log
\ No newline at end of file
diff --git a/Changelog.md b/Changelog.md
index 3f5fb37b..617bc9c3 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,28 +1,111 @@
-Version 0.9.9-0-4 [27-Jun-2023]
+Version 0.9.9-0-13 [2025-08-15]
+==================================================
+* Improvement: Activating FileManager licence for all users (credits to Official VestaCP)
+* Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta)
+* Improvement: Added support for PHP 8.3 and 8.4
+* SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP)
+* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all .php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php)
+* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot])
+* Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request')
+* Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12
+* Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel
+* Improvement: v-install-wordpress: Support for IDN format domains
+* Security: Adding ProFTPD jail rule to Fail2Ban
+* Introducing: v-make-main-apache-log - making one log file for PHP requests for all websites
+* Security: Introducing a new command: v-fix-php-ini-disable-functions
+* Improvement: Introducing myVesta rules for SpamAssassin (enhancing spam filtering)
+* Improvement: When deleting a domain, also delete the database if the domain has a database
+* Bugfix: Removing temporary Docker container network interfaces from RRD
+* Introducing v-run-wp-cli-myvesta that knows the correct terminal width
+* Introducing a new command: v-cd-www alias for v-change-dir-www
+* Introducing a new command: v-clear-fail2ban
+* Introducing a new command: v-get-dns-config (to print zone file in bind9 format)
+* Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute)
+* Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command
+* Security: Enhance package validation, in v-change-user-package 'eval' replaced with 'parse_object_kv_list_non_eval'
+* Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp'
+* Improvement: v-install-wordpress: Almost always use https
+* Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables  in the command line
+* Security: Jailing v-run-wp-cli (running WP-CLI as user, added open_basedir, disabling shell_exec() and other dangerous PHP functions)
+* Security: v-commander: removing the ability to set a root password
+* Bugfix: DKIM record deletion command in v-delete-mail-domain-dkim script
+* Adding FTP / SFTP port for Remote Backup (credits to ikheetjeff)
+* Introducing a new command: v-delete-mails - delete emails older than N days (credits to isscbta)
+* Introducing new commands: v-blacklist-email-domain, v-blacklist-email-account, v-whitelist-email-domain, v-whitelist-email-account (credits to isscbta)
+* Bugfix: v-move-folder-and-make-symlink: use 'mv' instead of 'rsync'
+* Improvement: Calculate the size of directories on /hdd too
+* Bugfix: v-move-domain-and-database-to-account: Update wordfence-waf.php
+* Bugfix: v-add-letsencrypt-domain: Detecting valid status on wildcard variant
+* Bugfix: db.sh and v-clone-website: mysqldump --max_allowed_packet=1024M
+* Bugfix: web/index.php: Prevent recreation of token by shitty browser add-ons
+* Bugfix: v-restore-user: permissions fix while restoring backup
+* Bugfix: Add some loops due to 403 errors during LE request in some random cases
+* Improvement: v-clone-website: adding --EXCLUDE_UPLOADS parameter
+* Bugfix: vst-install-debian.sh - removing phppgadmin
+* Bugfix: v-update-firewall: $FIREWALL_STATEFUL conf variable (for Infomaniak VPS servers)
+* Bugfix: Awstats template for all systems does not have a closed bracket in line 27 (credits to gkirde)
+* Bugfix: Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */
+* Bugfix: Small PHP syntax fixes in the admin panel
+* Introducing nginx template 'wprocket-webp-express-force-https' (credits to Luka Paunovic)
+* Improvement: Added functions to check if a domain or user is unsuspended in main.sh
+* Introducing a new command: v-update-document-errors-files
+* Improvement: new v-backup-user-now command does backup even if the system Load Average is above the limit, or the administrator configured backups to perform only at night
+* Improvement: v-install-wp-cli and v-install-wp-cli-myvesta - automatically updates if wp-cli is 30 days old
+* Bugfix: Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl
+* Improvement: v-install-wordpress: avoid changing nginx proxy template in apache-less variant
+* Added to .gitignore excludes for 'data', 'conf', and 'log' folders
+* And many other minor bugfixes and improvements...
+
+Version 0.9.9-0-12 [2025-02-28]
+==================================================
+* SpamHaus DNSBL removed from exim4
+* A lot of small bugs fixed
+
+Version 0.9.9-0-11 [2024-05-30]
+==================================================
+* Introducing v-run-wp-cli command ( @isscbta )
+* Introducing v-add-wordpress-admin command ( @isscbta )
+* Few bugs fixed
+
+Version 0.9.9-0-10 [2024-04-11]
+==================================================
+* Introducing v-edit-php-ini command ( @isscbta )
+* Introducing v-edit-domain-php-ini command ( @isscbta )
+
+Version 0.9.9-0-9 [2024-04-05]
+==================================================
+* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos )
+* Few bugs fixed
+
+Version 0.9.9-0-5 to 0.9.9-0-8
+==================================================
+* Few bugs fixed
+
+Version 0.9.9-0-4 [2023-06-27]
 ==================================================
 * Support for Debian 12 ( in mutual cooperation with @HestiaCP )
 
-Version 0.9.9-0-2 [12-Jun-2023]
+Version 0.9.9-0-2 [2023-06-12]
 ==================================================
 * Hosting panel UI perfomance fix
 
-Version 0.9.9-0 [05-Jun-2023]
+Version 0.9.9-0 [2023-06-05]
 ==================================================
 * Redesign of hosting panel
 * Fix for WP_CACHE_KEY_SALTs in v-clone-website command
 * Fix for "Helo name contains a ip address" in Exim4
 * Fix for Exim4 for punycode domains (in collaboration with @HestiaCP )
 
-Version 0.9.8-26-62 [05-Apr-2023]
+Version 0.9.8-26-62 [2023-04-05]
 ==================================================
 * Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP )
 
-Version 0.9.8-26-61 [04-Apr-2023]
+Version 0.9.8-26-61 [2023-04-04]
 ==================================================
 * Many bugfixes
 * Hotfix for LetsEncrypt to prevent Apache falling 
 
-Version 0.9.8-26-60 [12-Feb-2023]
+Version 0.9.8-26-60 [2023-02-12]
 ==================================================
 * New script: v-commander (useful for maintaining the server)
 * New script: v-activate-rocket-nginx (serve WP-Rocket cache directly from nginx)
@@ -30,7 +113,7 @@ Version 0.9.8-26-60 [12-Feb-2023]
 * v-clone-website: By default cloning to database: user_domain_com (instead of cloning to database: user_old_db_migrated)
 * Many minor bugfixes
 
-Version 0.9.8-26-59 [01-Feb-2023]
+Version 0.9.8-26-59 [2023-02-01]
 ==================================================
 * Support for PHP 8.2
 * New script: v-move-folder-and-make-symlink
@@ -38,82 +121,82 @@ Version 0.9.8-26-59 [01-Feb-2023]
 * v-install-wordpress: Installing WordPress to user_domain_com database instead of installing to user_wp database
 * Many minor bugfixes
 
-Version 0.9.8-26-58 [12-Jul-2022]
+Version 0.9.8-26-58 [2022-07-12]
 ==================================================
 * [Security] hash_equals() in /reset/mail/ (credits to @divinity76 )
 * Avoid out-of-memory while downloading large log files from panel (credits to @divinity76 )
 * Fix for an boring PHP Notice in vesta-php
 
-Version 0.9.8-26-57 [06-Jul-2022]
+Version 0.9.8-26-57 [2022-07-06]
 ==================================================
 * Fix for GMail SMTP timeouts on Debian11
 * [Security] Fix for Local Sed Injection Vulnerability ( credits to @cleemy-desu-wayo )
 
-Version 0.9.8-26-56 [28-May-2022]
+Version 0.9.8-26-56 [2022-05-28]
 ==================================================
 * Adding Barracuda RBL to SpamAssassin
 * Fixing insane HTML form bug in List backup items page
 * Script for easy adding second IP address for SMTP authenticated users only (v-make-separated-ip-for-email)
 
-Version 0.9.8-26-55 [26-Apr-2022]
+Version 0.9.8-26-55 [2022-04-26]
 ==================================================
 * Support for MySQL 8
 * [Security] Preventing brute-force resetting password  (thanks to HestiaCP @hestiacp for fix)
 * Many minor bugfixes
 
-Version 0.9.8-26-54 [17-Dec-2021]
+Version 0.9.8-26-54 [2021-12-17]
 ==================================================
 * Checking if FreshClam is started after installation
 
-Version 0.9.8-26-53 [12-Dec-2021]
+Version 0.9.8-26-53 [2021-12-12]
 ==================================================
 * Support for PHP 8.1
 * Function to ensure that pool.d folders are not empty
 
-Version 0.9.8-26-52 [23-Nov-2021]
+Version 0.9.8-26-52 [2021-11-23]
 ==================================================
 * Fix for not to match wildcard "*domains" and "databases*" while restoring
 * Added memcached to v-list-sys-services
 
-Version 0.9.8-26-51 [14-Nov-2021]
+Version 0.9.8-26-51 [2021-11-14]
 ==================================================
 * Many fixes for "List services" page (v-list-sys-services function)
 
-Version 0.9.8-26-50 [07-Nov-2021]
+Version 0.9.8-26-50 [2021-11-07]
 ==================================================
 * Many small bugfixes and CSRF fixes
 
-Version 0.9.8-26-49 [17-Jul-2021]
+Version 0.9.8-26-49 [2021-07-17]
 ==================================================
 * Support for Debian 11
 
-Version 0.9.8-26-48 [11-Jul-2021]
+Version 0.9.8-26-48 [2021-07-11]
 ==================================================
 * Fixed two bugs in LetsEncrypt generating process
 
-Version 0.9.8-26-47 [30-May-2021]
+Version 0.9.8-26-47 [2021-05-30]
 ==================================================
 * Enabling TLS for ProFTPD FTPS
 * More logical "Restore backup" template
 
-Version 0.9.8-26-46 [17-Apr-2021]
+Version 0.9.8-26-46 [2021-04-17]
 ==================================================
 * [Feature] Updating CloudFlare IP addresses
 
-Version 0.9.8-26-45 [13-Apr-2021]
+Version 0.9.8-26-45 [2021-04-13]
 ==================================================
 * [Feature] Logging whole LetsEncrypt process to /usr/local/vesta/log/letsencrypt.log and /usr/local/vesta/log/letsencrypt_cron.log
 * [Feature] Warn admin once (by sending email) if LetsEncrypt renewing failed for server hostname
 * [Bugfix] Correct truncating of CA LetsEncrypt certificate (thanks to HestiaCP @hestiacp for fix)
 
-Version 0.9.8-26-44 [04-Apr-2021]
+Version 0.9.8-26-44 [2021-04-04]
 ==================================================
 * [Security] Preventing denial-of-service in openssl library in vesta-nginx service (CVE-2021-3449)
 * [Security] Preventing admin to install non-vesta packages from vesta admin panel user interface (Credits to: Numan Türle @numanturle)
 * [Bugfix] Preventing multiple execution of v-backup-users
 * [UserInterface] CSS fix for Apache status table (Credits to: Milos Spasic)
 
-Version 0.9.8-26-43 [15-Mar-2021]
+Version 0.9.8-26-43 [2021-03-15]
 ==================================================
 * [Security] fix for: CSRF remote code execution in UploadHandler.php - CVE-2021-28379 (Credits to: Fady Osman @fady_othman)
 * [Security] fix for: Local privilege escalation from user account to admin account via v-add-web-domain (Credits to: Two independent security researchers, Marti Guasch Jiménez and Francisco Andreu Sanz, working with the SSD Secure Disclosure program) (and also thanks to HestiaCP @hestiacp for fix)
@@ -123,62 +206,62 @@ Version 0.9.8-26-43 [15-Mar-2021]
 * [Security] fix for: Admin to root escalation in v-activate-vesta-license (Credits to: Numan Türle @numanturle)
 * [Security] Ensure HTML will not be displayed in list log page (Credits to: Kristan Kenney @kristankenney, thanks to HestiaCP @hestiacp for fix)
 
-Version 0.9.8-26-42 [26-Feb-2021]
+Version 0.9.8-26-42 [2021-02-26]
 ==================================================
 * [Feature] Support for PHP 8.0, see: https://forum.myvestacp.com/viewtopic.php?f=18&t=52
 * [Bugfix] Making sure Apache is in mpm_event mode
 
-Version 0.9.8-26-41 [11-Feb-2021]
+Version 0.9.8-26-41 [2021-02-11]
 ==================================================
 * Few bugfixes
 
-Version 0.9.8-26-40 [08-Feb-2021]
+Version 0.9.8-26-40 [2021-02-08]
 ==================================================
 * Few bugfixes
 
-Version 0.9.8-26-39 [12-Dec-2020]
+Version 0.9.8-26-39 [2020-12-12]
 ==================================================
 * [Security] Fixing useless issue with tokens in "download backup" and "loginas" functions (thanks to HestiaCP for fixes)
 * [Security] Fixing XSS in /list/rrd/?period= value
 
-Version 0.9.8-26-38 [05-Dec-2020]
+Version 0.9.8-26-38 [2020-12-05]
 ==================================================
 * [Security] Fixing Apache status public access (thanks to HestiaCP for letting us know)
 
-Version 0.9.8-26-37 [26-Oct-2020]
+Version 0.9.8-26-37 [2020-10-26]
 ==================================================
 * [Bugfix] Fixing LetsEncrypt deprecated GET method for ACME v2 (thanks to @moucho)
 * [Bugfix] Fixing Roundcube to send via authenticated SMTP user instead via php
 
-Version 0.9.8-26-36 [10-Sep-2020]
+Version 0.9.8-26-36 [2020-09-10]
 ==================================================
 * [Bugfix] Checking necessary available disk space before doing backup
 * [Security] Disabling login with 'root'
 
-Version 0.9.8-26-35 [23-Aug-2020]
+Version 0.9.8-26-35 [2020-08-23]
 ==================================================
 * [Feature] Limiting max recipients per email to 15, in order to prevent mass spamming
 * [Bugfix] While restoring backup, only exclude logs folder from root, not in public_html
 
-Version 0.9.8-26-34 [19-Aug-2020]
+Version 0.9.8-26-34 [2020-08-19]
 ==================================================
 * [Bugfix] Split long DNS TXT entries into 255 chunks
 
-Version 0.9.8-26-33 [16-Aug-2020]
+Version 0.9.8-26-33 [2020-08-16]
 ==================================================
 * [Feature] Ability to set some domain to send emails from another IP (command: v-make-separated-ip-for-email-domain)
 
-Version 0.9.8-26-32 [02-Aug-2020]
+Version 0.9.8-26-32 [2020-08-02]
 ==================================================
 * [Feature] v-replace-in-file command introduced
 * [Security] Making sure new myVesta commands can be called only by root
 
-Version 0.9.8-26-31 [30-Jul-2020]
+Version 0.9.8-26-31 [2020-07-30]
 ==================================================
 * [Feature] v-import-cpanel-backup command moved to vesta-bin folder (becoming standard myVesta command)
 * Starting to log auto-update output
 
-Version 0.9.8-26-30 [26-Jul-2020]
+Version 0.9.8-26-30 [2020-07-26]
 ==================================================
 * New ASCII logo in installer
 * Deleted favicon when user don't know secret-url of hosting panel
@@ -186,14 +269,14 @@ Version 0.9.8-26-30 [26-Jul-2020]
 * [bugfix] Minor fix of URL for templates in v-update-dns-templates
 * [bugfix] Minor fixes in installer
 
-Version 0.9.8-26-29 [21-Jul-2020]
+Version 0.9.8-26-29 [2020-07-21]
 ==================================================
 * [Feature] v-clone-website command moved to vesta-bin folder (becoming standard myVesta command)
 * [Feature] v-migrate-site-to-https command moved to vesta-bin folder (becoming standard myVesta command)
 * [Bugfix] Fix for ClamAV socket
 * Changing Vesta to myVesta in title of hosting panel pages
 
-Version 0.9.8-26-28 [15-Jul-2020]
+Version 0.9.8-26-28 [2020-07-15]
 ==================================================
 * [Feature] v-install-wordpress command introduced
 * [Feature] v-move-domain-and-database-to-account command introduced
@@ -201,37 +284,37 @@ Version 0.9.8-26-28 [15-Jul-2020]
 * [Bugfix] Fix for LetsEncrypt issuing in apache-less variant (nginx + php-fpm variant)
 * [Bugfix] Fix for configuring phpMyAdmin DB in apache-less variant (nginx + php-fpm variant)
 
-Version 0.9.8-26-27 [05-Jul-2020]
+Version 0.9.8-26-27 [2020-07-05]
 ==================================================
 * [Feature] Admins now see changelog when they open myVesta panel after myVesta get updated (changelog will dissapear on next refresh)
 * [Bugfix] Better control of opened SMTP concurrent connections (preventing denial-of-service of SMTP) on fresh installed servers - https://github.com/myvesta/vesta/commit/c57b15b5daca2a0ea88ee6a89a2ff5a4ef47d2a3
 * Second tuning of php-fpm pool.d config files (perfomances and limits)
 
-Version 0.9.8-26-26 [27-Jun-2020]
+Version 0.9.8-26-26 [2020-06-27]
 ==================================================
 * [Feature] Self-signed SSL will be automaticaly added when you add new domain (CloudFlare is fine with that, you don't need LetsEncrypt anymore if you use CloudFlare as reverse-proxy(CDN+Firewall), just set "Full" in SSL section on CloudFlare)
 * [Feature] Script for adding self-signed SSL to desired domain [v-install-unsigned-ssl]
 * From now, on fresh installed server, default backup cron goes at Saturday at 01 AM (instead of everyday at 05 AM)
 * New favicon for hosting panel
 
-Version 0.9.8-26-25 [23-Jun-2020]
+Version 0.9.8-26-25 [2020-06-23]
 ==================================================
 * [Security] Fixing unnecessary slash in nginx configs for phpmyadmin and roundcube (Credits to Bernardo Berg @bberg1984 for finding this issue!)
 * [Security] Adding escapeshellarg on few more places in php code (Credits to Talha Günay and @Lupul for finding these places)
 
-Version 0.9.8-26-24 [22-Jun-2020]
+Version 0.9.8-26-24 [2020-06-22]
 ==================================================
 * [Bugfix] nginx + php-fpm installer variant now finally works
 
-Version 0.9.8-26-23 [14-Jun-2020]
+Version 0.9.8-26-23 [2020-06-14]
 ==================================================
 * Adding label that LetsEncrypt can be added when you Edit domain
 
-Version 0.9.8-26-22 [13-Jun-2020]
+Version 0.9.8-26-22 [2020-06-13]
 ==================================================
 * [Bugfix] Checking (in order to delete) php7.4 pool config file while deleting domain
 
-Version 0.9.8-26-21 [13-Jun-2020]
+Version 0.9.8-26-21 [2020-06-13]
 ==================================================
 * [Feature] Blocking executable files inside archives in received emails (ClamAV)
 * [Bugfix] Removing ability to schedule LetsEncrypt issuing while adding new domain (because it can fall in infinite loop whole day)
@@ -240,82 +323,82 @@ Version 0.9.8-26-21 [13-Jun-2020]
 * [Bugfix] Script that removes depricated 'ssl on;' in nginx templates
 * [Security] Ensure UPDATE_SSL_SCRIPT is not set in some config files
 
-Version 0.9.8-26-20 [01-Jun-2020]
+Version 0.9.8-26-20 [2020-06-01]
 ==================================================
 * [Bugfix] Script that will ensure that Apache2 will always stay in mpm_event mode
 * [Bugfix] Ensure config files will not be overwritten while updating vesta-nginx package
 * [Bugfix] Fixing URL in v-update-web-templates script
 * [Feature] Additional rates for nginx anti-denial-of-service templates
 
-Version 0.9.8-26-19 [15-May-2020]
+Version 0.9.8-26-19 [2020-05-15]
 ==================================================
 * [Bugfix] Do not match subdomains while restoring domain [v-restore-user]
 
-Version 0.9.8-26-18 [15-May-2020]
+Version 0.9.8-26-18 [2020-05-15]
 ==================================================
 * [Bugfix] Fixing NS parameters in v-add-dns-on-web-alias
 
-Version 0.9.8-26-17 [15-May-2020]
+Version 0.9.8-26-17 [2020-05-15]
 ==================================================
 * [Bugfix] Reverting default clamav socket path 
 * [Bugfix] Put mail_max_userip_connections = 50 in dovecot
 
-Version 0.9.8-26-16 [15-May-2020]
+Version 0.9.8-26-16 [2020-05-15]
 ==================================================
 * [Bugfix] Allow quick restarting of nginx if acme-challenge should be added many times
 * [Bugfix] Enabling email notification to fresh installed servers about backup success status
 * [Bugfix] Timeout 10 sec for apache2 status
 
-Version 0.9.8-26-15 [09-May-2020]
+Version 0.9.8-26-15 [2020-05-09]
 ==================================================
 * [Feature] nginx templates that can prevent denial-of-service on your server
 * First tuning php-fpm pool.d config files (perfomances and limits)
 * New logo
 
-Version 0.9.8-26-14 [08-May-2020]
+Version 0.9.8-26-14 [2020-05-08]
 ==================================================
 * v-clone-website script switched to parameters
 * Display new version in console while updating myVesta
 
-Version 0.9.8-26-13 [07-May-2020]
+Version 0.9.8-26-13 [2020-05-07]
 ==================================================
 * [Feature] Put build date and version in right-bottom corner of control panel
 
-Version 0.9.8-26-12 [07-May-2020]
+Version 0.9.8-26-12 [2020-05-07]
 ==================================================
 * [Feature] Put build date and version while compiling myVesta
 * [Feature] Office365 DNS template
 * [Feature] Yandex DNS template
 * ProFTPD MaxIstances = 100 for fresh installed servers
 
-Version 0.9.8-26-11 [01-May-2020]
+Version 0.9.8-26-11 [2020-05-01]
 ==================================================
 * [Feature] Skipping LE renewing after 7 failed attempts
 * [Bugfix] Keep conf files during auto-update
 * [Bugfix] Do not restart apache while preparing letsencrypt acme challenge
 * [Bugfix] Set ALLOW_BACKUP_ANYTIME='yes' for fresh installed servers
 
-Version 0.9.8-26-10 [11-Apr-2020]
+Version 0.9.8-26-10 [2020-04-11]
 ==================================================
 * [Feature] Creating v-normalize-restored-user script (normalize NS1, NS2 and IP of account that is backuped on other server and restored on this server)
 * Tweak for hostname FPM conf
 * [Security] Forbid changing root password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com)
 * [Security] Importing system enviroment in v-change-user-password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com)
 
-Version 0.9.8-26-9 [23-Mar-2020]
+Version 0.9.8-26-9 [2020-03-23]
 ==================================================
 * [Security] Preventing manipulation with $SERVER['HTTP_HOST'] (Credits to @mdisec - Managing Partner of PRODAFT / INVICTUS A.Ş. Master ninja at pentest.blog)
 
-Version 0.9.8-26-8 [23-Mar-2020]
+Version 0.9.8-26-8 [2020-03-23]
 ==================================================
 * [Security] Temporary fix for parsing backup conf (Credits to @dreiggy - https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/)
 
-Version 0.9.8-26-7 [18-Mar-2020]
+Version 0.9.8-26-7 [2020-03-18]
 ==================================================
 * [Bugfix] Fix that avoid LetsEncrypt domain validation timeout
 * [Bugfix] Set timeout in v-list-sys-web-status script
 
-Version 0.9.8-26-6 [21-Feb-2020]
+Version 0.9.8-26-6 [2020-02-21]
 ==================================================
 * [Bugfix] mail-wrapper.php from now works
 * [Feature] Introducing NOTIFY_ADMIN_FULL_BACKUP, email notification about backup success status
@@ -323,7 +406,7 @@ Version 0.9.8-26-6 [21-Feb-2020]
 * [Feature] Introducing force-https-webmail-phpmyadmin nginx template
 * [Feature] Trigger for /root/update_firewall_custom.sh
 
-Version 0.9.8-26-5 [10-Feb-2020]
+Version 0.9.8-26-5 [2020-02-10]
 ==================================================
 * [Security] sudoers fix for Debian10
 * [Feature] [Script that will migrate your site from http to https, replacing http to https URLs in database](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/v-migrate-site-to-https)
@@ -332,7 +415,7 @@ Version 0.9.8-26-5 [10-Feb-2020]
 * [Bugfix] Roundcube force https
 * [Bugfix] Exim compatibility with Loopia for Debian10
 
-Version 0.9.8-26-4 [07-Jan-2020]
+Version 0.9.8-26-4 [2020-01-07]
 ==================================================
 * [Feature] Allow whitelisting specific IP for /api/
 * [Feature] Allow whitelisting specific IP to avoid secret_url
@@ -340,11 +423,11 @@ Version 0.9.8-26-4 [07-Jan-2020]
 * [Bugfix] apparmor install fix again
 * [Bugfix] Turning off MariaDB SQL strict mode
 
-Version 0.9.8-26-3 [26-Nov-2019]
+Version 0.9.8-26-3 [2019-11-26]
 ==================================================
 * [Bugfix] Better check if session cron already added
 
-Version 0.9.8-26-2 [15-Nov-2019]
+Version 0.9.8-26-2 [2019-11-15]
 ==================================================
 * [Feature] Support for sub-sub-sub-sub versions :))
 * [Bugfix] Support for longer username of email accounts
@@ -352,7 +435,7 @@ Version 0.9.8-26-2 [15-Nov-2019]
 * [Bugfix] Trying to fix ClamAV broken socket
 * Moving to myvestacp.com
 
-Version 0.9.8-26 [28-Sep-2019]
+Version 0.9.8-26 [2019-09-28]
 ==================================================
 * [Bugfix] Let's Encrypt HTTP/2 support (by @serghey-rodin)
 * [Bugfix] Fixing broken autoreply output
diff --git a/README.md b/README.md
index 71d9f5a9..a2e7a3de 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@
 
 <h1>Features of myVesta</h1>
 <ul>
-    <li>Support for Debian 10 and 11 (Debian 11 is recommended, but previous Debian releases are also supported)</li>
+    <li>Support for Debian 11 and 12 (Debian 12 is recommended, but previous Debian releases are also supported)</li>
     <li>Support for MySQL 8</li>
     <li><a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=51">nginx templates</a> that can prevent denial-of-service on your server</li>
     <li><a href="https://forum.myvestacp.com/viewtopic.php?f=18&t=52">Support for multi-PHP versions</a></li>
diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx
index bd4145cc..8b562c9b 100644
--- a/bin/v-activate-rocket-nginx
+++ b/bin/v-activate-rocket-nginx
@@ -75,18 +75,20 @@ fi
 # Changing Proxy Template
 # Check if the proxy template is already set correctly
 current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}')
-if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ]; then
+if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then
     echo "Proxy Template is already set up correctly"
 else
     # Prompt the user to choose whether to force HTTPS or not
-    echo "Do you want to force-https in your Proxy Template or not (y/n):"
+    echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):"
     read answer
 
     # Change the proxy template based on the user's choice
-    if [ "$answer" == "y" ]; then
-        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https"
-    else
+    if [ "$answer" == "h" ]; then
         /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting"
+    elif [ "$answer" == "f" ]; then
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https"
+    elif [ "$answer" == "w" ]; then
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https"
     fi
 
     echo "Proxy Template is ready"
@@ -126,7 +128,7 @@ else
     chown $user:$user /home/$user/web/$domain/cron.log
 
     case $fpm_ver in
-        5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2) 
+        5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) 
             /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1"
             ;;
     esac
diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban
index a1eed13e..80143132 100755
--- a/bin/v-add-firewall-ban
+++ b/bin/v-add-firewall-ban
@@ -72,6 +72,13 @@ $iptables -I fail2ban-$chain 1 -s $ip \
 # Changing permissions
 chmod 660 $conf
 
+# nginx deny rules conf
+if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
+    if ! grep -q  "deny $ip;" /etc/nginx/conf.d/block.conf; then
+        echo "deny $ip;" >> /etc/nginx/conf.d/block.conf
+        systemctl reload nginx
+   fi
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-add-firewall-rule b/bin/v-add-firewall-rule
index 6fb867d3..b815778b 100755
--- a/bin/v-add-firewall-rule
+++ b/bin/v-add-firewall-rule
@@ -83,6 +83,16 @@ sort_fw_rules
 # Updating system firewall
 $BIN/v-update-firewall
 
+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
+        touch /etc/nginx/conf.d/block-firewall.conf
+        if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then
+            echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf
+            systemctl restart nginx
+        fi
+    fi
+fi
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain
index 1f1f5a6e..a7c7fbb8 100755
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@@ -154,6 +154,11 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
 done
 payload=$(echo "$payload"|sed "s/,$//")
 payload=$payload']}'
+# validation='pending'
+# # Start counter to avoid infinite loop
+# i=0
+# while [ "$validation" = 'pending' ]; do
+# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$url" "$payload" "$nonce")
@@ -168,10 +173,19 @@ order=$(echo -e "$answer" | grep -i location | cut -f2 -d \  | tr -d '\r\n')
 echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
+echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 201 ]]; then
     echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
     check_result $E_CONNECT "Let's Encrypt new auth status $status"
 fi
+# # Exit the loop after 5 attempts
+# i=$((i + 1))
+# if [ $i -gt 5 ]; then
+#     break
+# fi
+# sleep 2
+# done
 
 # Requesting authorization token / STEP 3
 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
@@ -276,19 +290,35 @@ for auth in $authz; do
     # Doing pol check on status
     i=1
     while [ "$validation" = 'pending' ]; do
-        echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
-        payload='{}'
-        echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
-        answer=$(query_le_v2 "$url" "$payload" "$nonce")
-        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
-        url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
-        echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log
-        validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
-        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
-        nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
-        echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
-        status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
-        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+        i=0
+        while true; do
+            echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
+            payload='{}'
+            echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+            answer=$(query_le_v2 "$url" "$payload" "$nonce")
+            echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+            url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
+            echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log
+            validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
+            echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+            nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+            echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+            status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+            echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+            if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then
+                break
+            fi
+            if [ "$wildcard" = 'yes'  ]; then
+                if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then
+                    break
+                fi                
+            fi
+            i=$((i + 1))
+            if ((i > 30)); then
+                break
+            fi
+            sleep 2
+        done
         if [[ "$status" -ne 200 ]]; then
             echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
             check_result $E_CONNECT "Let's Encrypt validation status $status"
diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim
new file mode 100644
index 00000000..4b7789ea
--- /dev/null
+++ b/bin/v-add-srs-support-to-exim
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+gen_pass() {
+    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+    if [ -z "$1" ]; then
+        LENGTH=32
+    else
+        LENGTH=$1
+    fi
+    while [ ${n:=1} -le $LENGTH ]; do
+        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
+        let n+=1
+    done
+    echo "$PASS"
+}
+
+eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
+if (( $(echo "$eximversion < 4.96" | bc -l) )); then
+    echo "= ERROR: Exim SRS support requires Exim 4.96 or higher."
+    echo "You have Exim $eximversion"
+    exit 1;
+fi
+
+echo "=== Addind SRS support to Exim4 ==="
+# SRS support is taken from HestiaCP
+
+if [ ! -f "/etc/exim4/srs.conf" ]; then
+    echo "= Generating SRS KEY"
+    srs=$(gen_pass 16) 
+    echo $srs > /etc/exim4/srs.conf
+    chmod 640 /etc/exim4/srs.conf
+    chown root:Debian-exim /etc/exim4/srs.conf
+fi
+
+if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then
+    echo "= Backing up /etc/exim4/exim4.conf.template"
+    cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf"
+    v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Patching \"dnslookup:\" block"
+    /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' '  no_more' 'dnslookup:\n  driver = dnslookup\n  # if outbound, and forwarding has been done, use an alternate transport\n  domains = ! +local_domains\n  transport = ${if eq {$local_part@$domain} \\n                      {$original_local_part@$original_domain} \\n                      {remote_smtp} {remote_forwarded_smtp}}\n  no_more'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks"
+    v-sed 'aliases:' 'inbound_srs:\n    driver = redirect\n    senders = :\n    domains = +local_domains\n    # detect inbound bounces which are converted to SRS, and decode them\n    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n    data = $srs_recipient\n\ninbound_srs_failure:\n    driver = redirect\n    senders = :\n    domains = +local_domains\n    # detect inbound bounces which look converted to SRS but are invalid\n    condition = ${if inbound_srs {$local_part} {}}\n    allow_fail\n    data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding \"remote_forwarded_smtp:\" block"
+    v-sed 'procmail:\n  driver = pipe' 'remote_forwarded_smtp:\n  driver = smtp\n  dkim_domain = DKIM_DOMAIN\n  dkim_selector = mail\n  dkim_private_key = DKIM_PRIVATE_KEY\n  dkim_canon = relaxed\n  dkim_strict = 0\n  hosts_try_fastopen = \n  hosts_try_chunking = !93.188.3.0/24\n  message_linelength_limit = 1G\n  # modify the envelope from, for mails that we forward\n  max_rcpt = 1\n  return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n  driver = pipe' '/etc/exim4/exim4.conf.template'
+fi
+
+touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
+touch /etc/exim4/limit_per_email_account_max_recipients
+touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
+touch /etc/exim4/limit_per_hosting_account_max_recipients
+
+echo "= Restarting exim4 service"
+systemctl restart exim4
+
+if [ $? -ne 0 ]; then
+    systemctl status exim4
+    cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template
+    systemctl restart exim4
+    echo "=== Patching failed, old exim conf returned, exim4 restarted again."
+    exit 1
+fi
+echo "=== SRS support was added successfully. ==="
+
+exit 0
diff --git a/bin/v-add-user-package b/bin/v-add-user-package
index 0cab1a3d..e9fe210a 100755
--- a/bin/v-add-user-package
+++ b/bin/v-add-user-package
@@ -28,7 +28,7 @@ is_package_new() {
 }
 
 is_package_consistent() {
-    source $pkg_dir/$package.pkg
+    parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg)
     if [ "$WEB_DOMAINS" != 'unlimited' ]; then
         is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
     fi
@@ -63,6 +63,9 @@ is_package_consistent() {
         is_int_format_valid $BACKUPS 'BACKUPS'
     fi
     is_format_valid_shell $SHELL
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }
 
 
diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin
new file mode 100644
index 00000000..60778fb2
--- /dev/null
+++ b/bin/v-add-wordpress-admin
@@ -0,0 +1,76 @@
+#!/bin/bash
+# info: Add a WordPress admin user to a specific domain
+# options: DOMAIN USERNAME PASSWORD EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+if [ "$#" -lt 4 ]; then
+    echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+username=$2
+password=$3
+email=$4
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain doesn't exist";
+    exit 1;
+fi
+
+if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo 'Please install WordPress first.'
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes;
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
diff --git a/bin/v-backup-user b/bin/v-backup-user
index 0db5d376..f6629c9e 100755
--- a/bin/v-backup-user
+++ b/bin/v-backup-user
@@ -22,6 +22,9 @@ source $VESTA/func/domain.sh
 source $VESTA/func/db.sh
 source $VESTA/conf/vesta.conf
 
+if [ ! -z "$NOW" ]; then
+    BACKUP_LA_LIMIT=50
+fi
 
 #----------------------------------------------------------#
 #                    Verifications                         #
diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now
new file mode 100644
index 00000000..10eecd87
--- /dev/null
+++ b/bin/v-backup-user-now
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export ALLOW_BACKUP_ANYTIME='yes'
+export NOW='yes'
+
+nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1
diff --git a/bin/v-backup-users b/bin/v-backup-users
index 16a93d6d..05550ded 100755
--- a/bin/v-backup-users
+++ b/bin/v-backup-users
@@ -37,7 +37,7 @@ fi
 
 log=$VESTA/log/backup.log
 
-$BIN/v-check-vesta-license >/dev/null
+# $BIN/v-check-vesta-license >/dev/null
 
 touch $log
 if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
diff --git a/bin/v-blacklist-email-account b/bin/v-blacklist-email-account
new file mode 100644
index 00000000..59ec9cf8
--- /dev/null
+++ b/bin/v-blacklist-email-account
@@ -0,0 +1,102 @@
+#!/bin/bash
+# info: Add a specific email address to exim4 and spamassassin blacklist
+# usage: v-blacklist-email-account EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+DENY_SENDERS_FILE="/etc/exim4/deny_senders"
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if an entry already exists in a file
+check_entry_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to add an entry to a file
+add_entry_to_file() {
+    local entry=$1
+    local file=$2
+    echo "$entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 1 ]; then
+    echo "Usage: v-blacklist-email EMAIL"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+EMAIL=$1
+
+# Validate email format
+if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+    echo "Invalid email address format."
+    exit 1
+fi
+
+# Prepare entries for Exim4 and SpamAssassin
+EXIM_ENTRY="$EMAIL"
+SPAMASSASSIN_ENTRY="blacklist_from $EMAIL"
+
+#----------------------------------------------------------#
+#                   Exim4 Blacklist                        #
+#----------------------------------------------------------#
+
+echo "Updating $DENY_SENDERS_FILE..."
+if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then
+    add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE"
+    echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE."
+else
+    echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE."
+fi
+
+#----------------------------------------------------------#
+#                SpamAssassin Blacklist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then
+    add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"
+    echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE."
+fi
+
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
diff --git a/bin/v-blacklist-email-domain b/bin/v-blacklist-email-domain
new file mode 100644
index 00000000..a72a17a9
--- /dev/null
+++ b/bin/v-blacklist-email-domain
@@ -0,0 +1,133 @@
+#!/bin/bash
+# info: Add a domain to exim4 and spamassassin blacklist
+# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+DENY_SENDERS_FILE="/etc/exim4/deny_senders"
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if a domain already exists in a file
+check_domain_exists() {
+    local domain=$1
+    local file=$2
+    grep -qE "^${domain}$" "$file"
+}
+
+# Function to check if a SpamAssassin entry already exists
+check_spamassassin_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to add domain to file
+add_domain_to_file() {
+    local domain=$1
+    local file=$2
+    echo "$domain" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DOMAIN=$1
+SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
+
+# Validate SUBDOMAIN parameter
+if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
+    echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
+    exit 1
+fi
+
+# Prepare entries for Exim4
+EXIM_ENTRY_MAIN="$DOMAIN"
+EXIM_ENTRY_SUB="*.$DOMAIN"
+
+# Prepare entries for SpamAssassin
+SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}"
+SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN"
+
+#----------------------------------------------------------#
+#                   Exim4 Blacklist                        #
+#----------------------------------------------------------#
+
+echo "Updating $DENY_SENDERS_FILE..."
+if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then
+    add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"
+    echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE."
+else
+    echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE."
+fi
+
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then
+        add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"
+        echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE."
+    else
+        echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE."
+    fi
+fi
+
+#----------------------------------------------------------#
+#                SpamAssassin Blacklist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
+    echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
+fi
+
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+        add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"
+        echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE."
+        SPAMASSASSIN_CHANGED=true
+    else
+        echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
+    fi
+fi
+
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress
new file mode 100644
index 00000000..1a364307
--- /dev/null
+++ b/bin/v-change-database-password-for-all-wordpress
@@ -0,0 +1,65 @@
+#!/bin/bash
+# info: change db password to all wordpress databases
+# options:
+#
+# The command is used for changing db password to all wordpress databases on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+only_user='';
+if [ ! -z "$1" ]; then
+    only_user=$1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+touch /root/remember-db-user-pass.txt
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    if [ ! -z "$only_user" ]; then
+        if [ "$only_user" != "$user" ]; then
+            continue;
+        fi
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+            /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user
+            echo "--------------------------------"
+        fi
+    done
+
+    if [ ! -z "$only_user" ]; then
+        break;
+    fi
+
+done
+
+# cat /root/remember-db-user-pass.txt
+if [ -f "/root/remember-db-user-pass.txt" ]; then
+    rm /root/remember-db-user-pass.txt
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress
new file mode 100644
index 00000000..7f31b181
--- /dev/null
+++ b/bin/v-change-database-password-for-wordpress
@@ -0,0 +1,132 @@
+#!/bin/bash
+# info: change database password for wordpress
+# options:
+#
+# The command is used for changing database password for wordpress.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+if [ -z "$user" ]; then
+    echo "ERROR: Domain $domain not found"
+    exit 1;
+fi
+
+if [ ! -d "/home/$user" ]; then
+    echo "ERROR: User $user doesn't exist";
+    exit 1;
+fi
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "ERROR: Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo "=== Domain: $domain"
+    wp_config_path="/home/$user/web/$domain/public_html/wp-config.php"
+    if grep -q $'\r' $wp_config_path; then
+        echo "=== removing CRLF from wp-config.php"
+        tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path
+        chown $user:$user $wp_config_path
+    fi
+    db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+")
+    db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+")
+    if [ -z "$db_name" ]; then
+        db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+")
+    fi
+    if [ -z "$db_user" ]; then
+        db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+")
+    fi
+    new_password=''
+    found_existing_password=0
+    if [ -f "/root/remember-db-user-pass.txt" ]; then
+        db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt)
+        if [ -n "$db_user_pass" ]; then
+            new_password=$(echo "$db_user_pass" | cut -d':' -f2)
+            echo "= Using existing password for $db_user"
+            found_existing_password=1
+        fi
+    fi
+
+    if [ -z "$new_password" ]; then
+        new_password=$(generate_password)
+    fi
+
+    echo "DB name: $db_name"
+    echo "DB user: $db_user"
+    echo "New DB password: $new_password"
+    if [ $found_existing_password -eq 0 ]; then
+        touch /root/remember-db-user-pass.txt
+        echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt
+        chown root:root /root/remember-db-user-pass.txt
+        chmod 600 /root/remember-db-user-pass.txt
+    fi
+    /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password"
+    if [ $? -ne 0 ]; then
+        echo "*************** ERROR: Failed to change database password ***************"
+        exit 1;
+    fi
+    line="define('DB_PASSWORD', '$new_password');"
+    chattr -i $wp_config_path
+    sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path
+    new_password_line=$(grep "DB_PASSWORD" $wp_config_path)
+    echo "New DB password line: $new_password_line"
+    if [ "$new_password_line" != "$line" ]; then
+        echo "*************** ERROR: line in wp-config.php is not what we expected ***************"
+        echo "Expected: $line"
+        echo "Actual  : $new_password_line"
+        echo "*************** ERROR: Please check wp-config.php manually ***************"
+        exit 1;
+    fi
+else
+    echo "ERROR: WP-config.php not found"
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit 0;
diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www
new file mode 100644
index 00000000..1f230099
--- /dev/null
+++ b/bin/v-change-dir-www
@@ -0,0 +1,71 @@
+#!/bin/bash
+# info: Change directory to the public_html folder of a domain
+# usage: source v-cd-www DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+    echo "This script must be sourced to change the current directory."
+    echo "Usage: source v-cd-www DOMAIN"
+    exit 1
+fi
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    return 1
+fi
+
+# Importing system environment
+source /etc/profile
+PATH=$PATH:/usr/local/vesta/bin && export PATH
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+
+if [ -z "$user" ]; then
+    echo "Domain $domain doesn't exist"
+    return 1
+fi
+
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User $user doesn't exist"
+    return 1
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain $domain doesn't have a public_html directory"
+    return 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+cd "/home/$user/web/$domain/public_html"
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+return 0
diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner
index 8f267307..ed5fa5a4 100755
--- a/bin/v-change-domain-owner
+++ b/bin/v-change-domain-owner
@@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then
     exit
 fi
 
+USER_DATA=$VESTA/data/users/$owner
+is_object_unsuspended 'user' 'USER' "$owner"
+USER_DATA=$VESTA/data/users/$user
 
 #----------------------------------------------------------#
 #                       Action                             #
@@ -57,11 +60,11 @@ if [ ! -z "$web_data" ]; then
         ssl_key=$VESTA/data/users/$owner/ssl/$domain.key
         ssl_ca=$VESTA/data/users/$owner/ssl/$domain.ca
         ssl_pem=$VESTA/data/users/$owner/ssl/$domain.pem
-        mv $ssl_crt $VESTA/data/users/$user/ssl/
-        mv $ssl_key $VESTA/data/users/$user/ssl/
-        mv $ssl_ca $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1
-        mv $ssl_pem $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1
-        rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
+        cp $ssl_crt $VESTA/data/users/$user/ssl/
+        cp $ssl_key $VESTA/data/users/$user/ssl/
+        cp $ssl_ca $VESTA/data/users/$user/ssl/ > /dev/null 2>&1
+        cp $ssl_pem $VESTA/data/users/$user/ssl/ > /dev/null 2>&1
+        # rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
     fi
 
     # Check ftp user account
@@ -79,10 +82,23 @@ if [ ! -z "$web_data" ]; then
     # Move data
     mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/
 
+    if [ -d "/hdd/home/$owner/web/$domain" ]; then
+        $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain
+    fi
+
     # Change ownership
     find $HOMEDIR/$user/web/$domain -user $owner \
         -exec chown -h $user:$user {} \;
 
+    if [ "$SSL" = 'yes' ]; then
+        sleep 10
+        rm $ssl_crt
+        rm $ssl_key
+        rm $ssl_ca > /dev/null 2>&1
+        rm $ssl_pem > /dev/null 2>&1
+        rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
+    fi
+
     # Rebuild config
     $BIN/v-unsuspend-web-domain $user $domain no >> /dev/null 2>&1
     $BIN/v-rebuild-web-domains $owner no
@@ -140,6 +156,10 @@ if [ ! -z "$mail_data" ]; then
     # Move data
     mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/
 
+    if [ -d "/hdd/home/$owner/mail/$domain" ]; then
+        $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain
+    fi
+
     # Change ownership
     find $HOMEDIR/$user/mail/$domain -user $owner \
         -exec chown -h $user {} \;
diff --git a/bin/v-change-firewall-rule b/bin/v-change-firewall-rule
index d2502bce..aad2ec38 100755
--- a/bin/v-change-firewall-rule
+++ b/bin/v-change-firewall-rule
@@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
 str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
 str="$str TIME='$time' DATE='$date'"
 
+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Deleting old rule
 sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf
 
@@ -74,6 +76,14 @@ sort_fw_rules
 # Updating system firewall
 $BIN/v-update-firewall
 
+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
+        NEWIP=$ip
+        parse_object_kv_list_non_eval "$oldvalues"
+        sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-change-user-package b/bin/v-change-user-package
index d0de98db..1e088bcc 100755
--- a/bin/v-change-user-package
+++ b/bin/v-change-user-package
@@ -16,6 +16,7 @@ force=$3
 
 # Includes
 source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 
 is_package_avalable() {
@@ -23,7 +24,7 @@ is_package_avalable() {
     usr_data=$(cat $USER_DATA/user.conf)
     IFS=$'\n'
     for key in $usr_data; do
-        eval ${key%%=*}=${key#*=}
+        parse_object_kv_list_non_eval $key
     done
 
     WEB_DOMAINS='0'
@@ -35,7 +36,7 @@ is_package_avalable() {
 
     pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
         grep -v DATE)
-    eval $pkg_data
+    parse_object_kv_list_non_eval $pkg_data
 
     # Checking usage agains package limits
     if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@@ -73,11 +74,15 @@ is_package_avalable() {
             check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
         fi
     fi
+
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }
 
 change_user_package() {
-    eval $(cat $USER_DATA/user.conf)
-    eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
+    parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf)
+    parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
     echo "FNAME='$FNAME'
 LNAME='$LNAME'
 PACKAGE='$package'
diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords
new file mode 100644
index 00000000..bca23ad8
--- /dev/null
+++ b/bin/v-change-wordpress-admin-passwords
@@ -0,0 +1,201 @@
+#!/bin/bash
+# info: interactively delete or change WordPress admin passwords for a given domain
+# options: DOMAIN
+#
+# d  → delete user  (with content reassignment)
+# c  → change password (random 10-char alnum)
+# s  → skip
+# x  → exit
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+# WP-CLI wrapper
+if [ ! -z "$PHP" ]; then
+    WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+else
+    WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+fi
+
+# random 10-char password
+gen_pass() { tr -dc 'A-Za-z0-9' </dev/urandom | head -c 10; }
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+echo
+echo "WordPress administrators for $DOMAIN:"
+echo "-------------------------------------"
+
+if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
+    rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+fi
+
+RUN="$WP_RUN user list --role=administrator --fields=ID,user_login,user_email --format=csv --skip-plugins --skip-themes"
+ADMIN_LIST_CSV=$(eval "$RUN")
+
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+ADMIN_LIST_CSV=$(echo "$ADMIN_LIST_CSV" | tail -n +2)
+
+[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; }
+
+DEFAULT_USER=""
+
+printf "%-6s %-20s %s\n" "ID" "Username" "Email"
+while IFS=',' read -r PID PLOGIN PEMAIL; do
+    printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL"
+    if [ "$PID" = "1" ]; then
+        DEFAULT_USER="$PLOGIN"
+    fi
+done <<< "$ADMIN_LIST_CSV"
+
+echo
+echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit."
+
+# interactive loop
+while IFS=',' read -r ID LOGIN EMAIL; do
+    [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN"
+    while true; do
+        echo "-------------------------------------"
+        read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty
+        skip=0;
+        case "$ACT" in
+            [Dd]* )
+                # read -r -p "Really DELETE \"$TARGET\" ?   (y/n, default: y) " CONF < /dev/tty
+                CONF="y"
+                if [[ ! "$CONF" =~ ^[Nn]$ ]]; then
+                    # build an array of OTHER admin usernames
+                    mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}')
+                    if [ "${#OTHER_USERS[@]}" -eq 0 ]; then
+                        echo "Cannot delete the only administrator account."
+                        break
+                    fi
+                    if [ "$DEFAULT_USER" = "" ]; then
+                        DEFAULT_USER="${OTHER_USERS[0]}"
+                    fi
+                    echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}"
+                    while true; do
+                        read -r -p "Reassign content to which username? [default: $DEFAULT_USER, s: skip] " REASSIGN < /dev/tty
+                        REASSIGN=${REASSIGN:-$DEFAULT_USER}
+                        DEFAULT_USER=$REASSIGN
+                        if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then
+                            break
+                        fi
+                        if [[ "$REASSIGN" =~ ^[Ss]$ ]]; then
+                            echo "Skipping reassignment."
+                            skip=1;
+                            break
+                        fi
+                        if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then
+                            break
+                        fi
+                        echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}"
+                    done
+                    if [ $skip -eq 1 ]; then
+                        break
+                    fi
+                    # delete by username, reassign by username
+                    RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes"
+                    eval "$RUN"
+                    if [ $? -eq 0 ]; then
+                        echo "$TARGET deleted (content reassigned to $REASSIGN)."
+                    else
+                        cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+                        echo "Failed to delete $TARGET."
+                    fi
+                else
+                    echo "Deletion cancelled."
+                fi
+                break
+                ;;
+            [Cc]* )
+                NEW_PASS=$(gen_pass)
+                RUN="$WP_RUN user update $ID --user_pass=$NEW_PASS --skip-plugins --skip-themes"
+                eval "$RUN"
+                if [ $? -eq 0 ]; then
+                    echo "Password for username '$TARGET' changed to: $NEW_PASS"
+                    echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                    chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                    chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                else
+                    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+                    echo "Failed to change password for $TARGET."
+                fi
+                break
+                ;;
+            [Ss]* )
+                echo "Skipping $TARGET."
+                break
+                ;;
+            [Xx]* )
+                echo "Exiting."
+                exit 0
+                ;;
+            * ) echo "Please answer d, c, s, or x." ;;
+        esac
+    done
+done <<< "$ADMIN_LIST_CSV"
+
+if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
+    echo ""
+    echo ""
+    echo "-------------------------------------"
+    echo "For website $DOMAIN - new wp-admin passwords have been set."
+    echo "-------------------------------------"
+    cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+    echo "-------------------------------------"
+    echo ""
+    echo ""
+    read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty
+    if [ -z "$SAVE_PASSWORDS" ]; then
+        SAVE_PASSWORDS="n"
+    fi
+    if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then
+        rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+    fi
+fi
+
+#----------------------------------------------------------#
+#        flush cache and refresh all security salts        #
+#----------------------------------------------------------#
+
+echo "-------------------------------------"
+echo
+echo "Flushing cache and refreshing salts..."
+
+RUN="$WP_RUN cache flush"
+eval "$RUN"
+RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force"
+eval "$RUN"
+RUN="$WP_RUN config shuffle-salts"
+eval "$RUN"
+
+echo "Cache flushed and salts refreshed."
+
+echo
+echo "Done."
+
+exit 0
diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage
index 72e8560e..11e29122 100644
--- a/bin/v-clean-garbage
+++ b/bin/v-clean-garbage
@@ -14,6 +14,10 @@ if [ "$whoami" != "root" ]; then
     exit 1
 fi
 
+echo "===== Before cleaning ====="
+df -h
+echo "==========================="
+
 # Includes
 source /usr/local/vesta/func/main.sh
 
@@ -21,6 +25,15 @@ source /usr/local/vesta/func/main.sh
 #                       Action                             #
 #----------------------------------------------------------#
 
+# turn off tailf watcher process
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
+fi
+if [ -f "/usr/local/bin/tailf_exim.php" ]; then
+    kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}')
+fi
+
+find /tmp/ -type f -mtime +7 -delete
 rm /var/backups/* > /dev/null 2>&1
 rm /var/cache/apt/archives/* > /dev/null 2>&1
 cd /var/log
@@ -37,13 +50,18 @@ find /var/log/ -type f -name "*.4" -delete
 find /var/log/ -type f -name "*.5" -delete
 find /var/log/ -type f -name "*.6" -delete
 find /var/log/ -type f -name "*.7" -delete
+find /var/log/ -type f -name "*.8" -delete
+find /var/log/ -type f -name "*.9" -delete
 find /var/log/ -name "*.gz" -type f -delete
 find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \;
 find /usr/local/vesta/log/ -type f -not -name "*.log" -delete
 find /var/log/exim4/ -type f -exec truncate -s 0 {} \;
+truncate -s 0 /*.log > /dev/null 2>&1
+rm /panic-*.log > /dev/null 2>&1
+rm /var/log/panic-*.log > /dev/null 2>&1
 
 clean_home() {
-    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete
+    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1
     find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1
     find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
     find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
@@ -51,7 +69,10 @@ clean_home() {
     find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
     find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
     find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1
     find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1
+    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1
     nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \;
     nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \;
     nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \;
@@ -69,16 +90,43 @@ if [ $fail2ban_running -eq 1 ]; then
 fi
 if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
     rm /var/lib/fail2ban/fail2ban.sqlite3
+    if [ -f "/etc/nginx/conf.d/block.conf" ]; then
+        truncate -s 0 /etc/nginx/conf.d/block.conf
+        nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
+        if [ $nginx_running -eq 1 ]; then
+            systemctl restart nginx
+        fi
+    fi
 fi
 if [ $fail2ban_running -eq 1 ]; then
     systemctl start fail2ban
 fi
 
+# turn on tailf watcher process
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 &
+fi
+if [ -f "/usr/local/bin/tailf_exim.php" ]; then
+    nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 &
+fi
+
+exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim')
+if [ $exim_installed -gt 0 ]; then
+    systemctl restart exim4
+fi
+
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 
-echo "=== Garbage cleaned ==="
+echo ""
+echo "***** Garbage cleaned *****"
+echo ""
+echo "===== After cleaning ======"
+df -h
+echo "==========================="
+
 
 log_event "$OK" "$ARGUMENTS"
 
diff --git a/bin/v-clear-fail2ban b/bin/v-clear-fail2ban
new file mode 100644
index 00000000..ab3ab30c
--- /dev/null
+++ b/bin/v-clear-fail2ban
@@ -0,0 +1,59 @@
+#!/bin/bash
+# info: Clean fail2ban database
+# options: NONE
+#
+# The function is cleaning fail2ban database
+
+#----------------------------------------------------------#
+#           Verifications & Variable & Function            #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# check if fail2ban is installed
+fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban')
+if [ $fail2ban_installed -eq 0 ]; then
+    echo "Fail2ban is not installed"
+    exit 1
+fi
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Cleaning fail2ban database
+fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
+if [ $fail2ban_running -eq 1 ]; then
+    echo "== Stopping fail2ban"
+    systemctl stop fail2ban
+fi
+if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
+    echo "== Cleaning fail2ban database"
+    rm /var/lib/fail2ban/fail2ban.sqlite3
+    if [ -f "/etc/nginx/conf.d/block.conf" ]; then
+        echo "== Cleaning nginx block.conf"
+        truncate -s 0 /etc/nginx/conf.d/block.conf
+        nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
+        if [ $nginx_running -eq 1 ]; then
+            echo "== Restarting nginx"
+            systemctl restart nginx
+        fi
+    fi
+fi
+if [ $fail2ban_running -eq 1 ]; then
+    echo "== Starting fail2ban"
+    systemctl start fail2ban
+fi
+
+echo "== Done, fail2ban database cleaned"
+
+log_event "$OK" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-clone-website b/bin/v-clone-website
index 46623db4..9bebbffd 100644
--- a/bin/v-clone-website
+++ b/bin/v-clone-website
@@ -20,6 +20,7 @@ if [ $# -lt 2 ]; then
     echo "--TO_DATABASE_USERNAME=..."
     echo "--TO_DATABASE_PASSWORD=..."
     echo "--SITE_SUBFOLDER=..."
+    echo "--EXCLUDE_UPLOADS=1 (or do not set it)"
     exit 1
 fi
 
@@ -263,12 +264,6 @@ if [ $IT_IS_WP -eq 0 ]; then
         cd /root
         git clone https://github.com/interconnectit/Search-Replace-DB.git
     fi
-else
-    if [ ! -f "/usr/local/bin/wp" ]; then
-        echo "=== Downloading latest wp-cli"
-        wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
-        chmod +x /usr/local/bin/wp
-    fi
 fi
 
 CREATE_TO_DATABASE=0
@@ -313,6 +308,7 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL"
 echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT"
 echo "SEARCH_FOR_CONFIGS_DATABASE_NAME     = $SEARCH_FOR_CONFIGS_DATABASE_NAME"
 echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME"
+echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS"
 echo "==============================================================================="
 read -p "=== Press Enter to continue ==="
 
@@ -370,17 +366,25 @@ if [ -d "/root/temp" ]; then
 fi
 mkdir -p /root/temp
 cd /root/temp
-mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
+mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
 echo "=== Importing to database $TO_DATABASE_NAME"
 mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql
+rm $FROM_DATABASE_NAME.sql
+
+EXCLUDE=''
+if [ ! -z "$EXCLUDE_UPLOADS" ]; then
+    EXCLUDE="--exclude '/wp-content/uploads/*'"
+fi
 
 echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER"
 if [ "$SITE_SUBFOLDER" != ".." ]; then
-    echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/"
-    rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/
+    run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/"
+    echo "====== Executing: $run"
+    eval $run
 else
-    echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
-    rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/
+    run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
+    echo "====== Executing: $run"
+    eval $run
 fi
 echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER"
 chown -R $TO_USER:$TO_USER $TO_FOLDER
@@ -419,16 +423,35 @@ if [ $IT_IS_WP -eq 0 ]; then
         php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/"
     fi
 else
-    cd $TO_FOLDER
     echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME"
-    sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
     if [ "$FROM_USER" != "$TO_USER" ]; then
         echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME"
-        sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid
+        /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
+    fi
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes;
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes;
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes;
+fi
+
+# ----------- Update Wordfence WAF Path -------------
+
+# Path to .user.ini file in the new domain directory
+user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini"
+
+# Check if .user.ini exists
+if [ -f "$user_ini" ]; then
+    echo "Updating .user.ini with new path..."
+
+    # Change path from old domain to new domain
+    sed -i "s|/home/.*/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" $user_ini
+
+    # Check if replacement was successful and update .user.ini
+    if [ $? -eq 0 ]; then
+        echo ".user.ini updated successfully."
+    else
+        echo "Failed to update .user.ini file."
     fi
-    sudo -H -u$TO_USER wp cache flush
-    sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force
-    sudo -H -u$TO_USER wp config shuffle-salts
 fi
 
 echo "===== DONE ===="
diff --git a/bin/v-commander b/bin/v-commander
index 06a5f737..a7fbf454 100644
--- a/bin/v-commander
+++ b/bin/v-commander
@@ -13,11 +13,14 @@ fi
 
 source /etc/profile
 PATH=$PATH:/usr/local/vesta/bin && export PATH
-echo "======================= mvVesta-commander ================================"
+if [ $SHOWHEADER -eq 1 ]; then
+    echo "======================= mvVesta-commander ================================"
+fi
 
 if [ -f /root/kernelupdate ]; then
     rm /root/kernelupdate
 fi
+apt_updated=0
 apt_upgraded=0
 quit_on_empty=0
 
@@ -60,34 +63,38 @@ check_status() {
 
 myhelp() {
     echo "---------- Press: -----------"
-    echo "u  = apt-get update"
-    echo "g  = apt-get upgrade"
+    echo "a  = Activate Email rate limit"
+    echo "b  = bash"
     echo "c  = check status"
+    echo "d  = df -h"
     echo "e  = make sure Apache is in mpm_event"
-    echo "s  = download sury.org apt-get key"
+    echo "f  = free -h"
+    echo "g  = apt-get upgrade"
+    echo "h  = help"
     echo "m  = install php-memcached"
     echo "p  = set version of php as default"
+    echo "q  = quit"
+    echo "r  = reboot"
+    echo "s  = download sury.org apt-get key"
+    echo "n  = download nginx gpg key"
+    echo "freexian = add Freexian repository"
+    echo "t  = clean the trash"
+    echo "u  = apt-get update"
     echo "v  = update myVesta"
     echo "vo = update myVesta without 'apt-get update'"
-    echo "t  = clean the trash"
     echo "w  = w"
-    echo "d  = df -h"
-    echo "f  = free -h"
-    echo "b  = bash"
-    echo "r  = reboot"
-    echo "q  = quit"
-    echo "h  = help"
     echo "-----------------------------"
-    echo "inst v   = install myVesta"
-    echo "inst p   = install multi-php"
-    echo "inst pgw = install php-gate"
-    echo "inst r   = install new Roundcube"
-    echo "inst memcached = install memcached"
-    echo "inst redis     = install Redis"
+    echo "inst v                = install myVesta"
+    echo "inst p                = install multi-php"
+    echo "inst pgw              = install php-gate"
+    echo "inst r                = install new Roundcube"
+    echo "inst memcached        = install memcached"
+    echo "inst redis            = install Redis"
+    echo "inst nginx-rate-limit = install nginx-rate-limit templates"
     echo "dis fb   = stop and disable fail2ban"
     echo "dis dove = stop and disable dovecot"
-    echo "dis spam = stop and disable spam"
-    echo "dis clam = stop and disable clamav"
+    echo "dis spam = stop and disable spamassassin"
+    echo "dis clam = stop and disable ClamAV"
     echo "p 7.0    = set default php 7.0"
     echo "p 7.3    = set default php 7.3"
     echo "p 7.4    = set default php 7.4"
@@ -96,20 +103,38 @@ myhelp() {
     echo "m def    = install php-memcached if needed"
     echo "check fc = check if FreshClam is up"
     echo "-----------------------------"
-    echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account"
+    echo "enable-ssh-root-password-login = Allow root password authentication via SSH"
+    echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub"
     echo "-----------------------------"
 }
 
+apt_update() {
+    echo "============================="
+    echo "== running: apt-get update"
+    release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+    if [ "$release" -lt 10 ]; then
+        apt-get update
+    else
+        apt-get update --allow-releaseinfo-change
+    fi
+    apt_updated=1
+}
+
 COUNTER=0
+HAS_PARAMETERS=0
 
 while true
 do
 
     COUNTER=$((COUNTER + 1))
     if [ $COUNTER -le $numargs ]; then
+        HAS_PARAMETERS=1
         answer=$1
         shift
     else
+        if [ $HAS_PARAMETERS -eq 1 ]; then
+            exit;
+        fi
         read -p 'What to do: ' answer
     fi
 
@@ -126,17 +151,42 @@ do
     if [ "$answer" = 'quit-on-empty' ]; then
         echo "== the script will quit on next enter"
         quit_on_empty=1
+        HAS_PARAMETERS=0
     fi
 
+
+    if [ "$answer" = 'a' ] || [ "$answer" = 'A' ]; then
+    mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
+    cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
+
+    touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
+    touch /etc/exim4/limit_per_email_account_max_recipients
+    touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
+    touch /etc/exim4/limit_per_hosting_account_max_recipients
+
+    check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template
+    fi
+
+    check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template
+    fi
+
+    check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template
+    fi
+
+    systemctl restart exim4
+    echo "Email rate limit activated."
+    fi
+
+
+
     if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then
-        echo "============================="
-        echo "== running: apt-get update"
-        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
-        if [ "$release" -lt 10 ]; then
-            apt-get update
-        else
-            apt-get update --allow-releaseinfo-change
-        fi
+        apt_update
     fi
 
     if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then
@@ -153,11 +203,10 @@ do
         apt_upgraded=1
         
         kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log)
-        if [ $kernelupdate -gt 0 ]; then
+        dbusupdate=$(grep -c ' dbus:a' /var/log/apt/history.log)
+        if [ $kernelupdate -gt 0 ] || [ $dbusupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then
             touch /root/kernelupdate
-            echo "== kernel is updated"
-        else
-            echo "== kernel is not updated"
+            echo "== kernel is updated, reboot is required!"
         fi
     fi
 
@@ -173,6 +222,33 @@ do
         fi
     fi
 
+    if [ "$answer" = 'n' ] || [ "$answer" = 'N' ]; then
+        if [ -f "/etc/apt/sources.list.d/nginx.list" ]; then
+            echo "============================="
+            echo "== renewing nginx gpg key"
+            apt-get update
+            apt-get -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
+            curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+            echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
+        fi
+    fi
+
+    if [ "$answer" = 'freexian' ] || [ "$answer" = 'FREEXIAN' ]; then
+        if [ "$release" -lt 11 ]; then
+            echo "============================="
+            echo "== adding Freexian repository"
+            apt-get update
+            apt-get install lsb-release
+            wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb
+            cat /etc/apt/sources.list
+            mv /etc/apt/sources.list /etc/apt/sources.list.old
+            echo "deb http://deb.freexian.com/extended-lts `lsb_release -cs` main contrib non-free" > /etc/apt/sources.list
+            rm /etc/apt/sources.list.d/hetzner*
+        else
+            echo "== Freexian is not supported on Debian 11 or higher"
+        fi
+    fi
+
     if [ "$answer" = 'e def' ] || [ "$answer" = 'E DEF' ]; then
         release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
         echo "============================="
@@ -231,6 +307,9 @@ do
         systemctl stop clamav-daemon.service
         systemctl disable clamav-daemon.service
 
+        systemctl stop clamav-daemon.socket
+        systemctl disable clamav-daemon.socket
+
         systemctl stop clamav-freshclam.service
         systemctl disable clamav-freshclam.service
 
@@ -241,8 +320,14 @@ do
     if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then
         echo "============================="
         echo "== disabling SpamAssassin"
-        systemctl stop spamassassin.service
-        systemctl disable spamassassin.service
+        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+        if [ "$release" -lt 12 ]; then
+            systemctl stop spamassassin.service
+            systemctl disable spamassassin.service
+        else
+            systemctl stop spamd.service
+            systemctl disable spamd.service
+        fi
 
         sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template
         sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template
@@ -354,32 +439,13 @@ do
         echo "============================="
         echo "== cleaning trash"
         df -m
-        ps -Af | grep tailf | grep -v "grep tailf"
-        if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
-            kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
-        fi
-        if [ -f "/usr/local/bin/tailf_exim.php" ]; then
-            kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}')
-        fi
         echo "------"
         ps -Af | grep tailf | grep -v "grep tailf"
         echo "------"
-        sleep 2
-        truncate -s 0 /*.log
-        rm /panic-*.log
-        rm /var/log/panic-*.log
         /usr/local/vesta/bin/v-clean-garbage
-        sleep 2
-        if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
-            nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log &
-        fi
-        if [ -f "/usr/local/bin/tailf_exim.php" ]; then
-            nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log &
-        fi
         echo "--------------"
         df -m
         echo "--------------"
-        sleep 2
         ps -Af | grep tailf | grep -v "grep tailf"
     fi
 
@@ -438,8 +504,8 @@ do
         memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
         apt-get update
         apt-get -y install memcached 
-        apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ")
-        apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ")
+        apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ")
+        apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ")
         if [ $memory -lt 15000000 ]; then
             sed -i "s/-m 64/-m 256/" /etc/memcached.conf
         else
@@ -460,6 +526,7 @@ do
 
         sed -i "s|^supervised no|supervised systemd|g" /etc/redis/redis.conf
         sed -i "s|^save |# save |g" /etc/redis/redis.conf
+        sed -i 's|^# save ""|save ""|g' /etc/redis/redis.conf
         if [ $memory -lt 15000000 ]; then
             sed -i "s|^# maxmemory .*|maxmemory 256m|g" /etc/redis/redis.conf
         else
@@ -472,6 +539,15 @@ do
         echo "-------------------"
     fi
 
+    if [ "$answer" = 'inst nginx-rate-limit' ] || [ "$answer" = 'INST NGINX-RATE-LIMIT' ]; then
+        echo "============================="
+        echo "== Installing inst nginx-rate-limit templates"
+        curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh
+        bash install_rate_limit_tpl.sh
+        echo "== nginx-rate-limit templates installed."
+        echo "-------------------"
+    fi
+
     if [ "$answer" = 'check fc' ] || [ "$answer" = 'CHECK FC' ]; then
         echo "== Checking if FreshClam is up"
         clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running')
@@ -490,21 +566,13 @@ do
         echo "--- New settings ---"
         grep '^PermitRoot' /etc/ssh/sshd_config
         echo "--------------------"
-        adminline=$(grep '^admin:' /etc/shadow)
-        adminline=${adminline:6}
-        adminline="root:$adminline"
-        sed -i "s#^root:.*#$adminline#" /etc/shadow
-        echo "root password is now the same as admin password."
-        echo "--------------------"
-        grep '^root:' /etc/shadow
-        grep '^admin:' /etc/shadow
-        echo "--------------------"
         echo "Port 22 opened in Firewall for all IP addresses."
         /usr/local/vesta/bin/v-unsuspend-firewall-rule "11"
         echo "--------------------"
+        echo "Type 'passwd' in the terminal to set the root password."
+        echo "--------------------"
     fi
 
-
     if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then
         echo "============================="
         echo "== Rebooting the server"
@@ -554,4 +622,13 @@ do
         /root/install-new-roundcube.sh
     fi
 
+    if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then
+        if [ ! -f "/root/.ssh/id_rsa.pub" ]; then
+            ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null
+        fi
+        echo "=== YOUR id_rsa.pub IS BELOW ==="
+        cat /root/.ssh/id_rsa.pub
+        echo "======"
+    fi
+
 done
diff --git a/bin/v-delete-database-of-domain b/bin/v-delete-database-of-domain
new file mode 100644
index 00000000..30fd18c0
--- /dev/null
+++ b/bin/v-delete-database-of-domain
@@ -0,0 +1,69 @@
+#!/bin/bash
+# info: delete database if domain has database
+# options: DOMAIN
+#
+# The function for deleting database if domain has database
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+RET=$OK
+
+# echo "================================="
+r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain)
+# echo $r
+eval $r
+# echo "================================="
+
+if [ ! -z "$DATABASE_NAME" ]; then
+    echo "=== v-delete-database $USER $DATABASE_NAME"
+    /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME
+    if [ $? -ne 0 ]; then
+        echo "=== v-delete-database failed"
+        RET=$E_NOTEXIST
+    fi
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+log_event "$RET" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-delete-domain b/bin/v-delete-domain
index b6294679..1ca3373b 100755
--- a/bin/v-delete-domain
+++ b/bin/v-delete-domain
@@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user"
 if [ ! -z "$WEB_SYSTEM" ]; then
     str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
     if [  ! -z "$str" ]; then
+        $BIN/v-delete-database-of-domain $domain
         domain_found='yes'
         $BIN/v-delete-web-domain $user $domain 'no'
-        check_result $? "can't suspend web" > /dev/null
+        check_result $? "can't delete web" > /dev/null
     fi
 fi
 
@@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then
     if [  ! -z "$str" ]; then
         domain_found='yes'
         $BIN/v-delete-dns-domain $user $domain 'no'
-        check_result $? "can't suspend dns" > /dev/null
+        check_result $? "can't delete dns" > /dev/null
     fi
 fi
 
@@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then
     if [  ! -z "$str" ]; then
         domain_found='yes'
         $BIN/v-delete-mail-domain $user $domain
-        check_result $? "can't suspend mail" > /dev/null
+        check_result $? "can't delete mail" > /dev/null
     fi
 fi
 
diff --git a/bin/v-delete-firewall-ban b/bin/v-delete-firewall-ban
index 52f3403d..cb5b352c 100755
--- a/bin/v-delete-firewall-ban
+++ b/bin/v-delete-firewall-ban
@@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null
 # Changing permissions
 chmod 660 $conf
 
+# nginx deny rules conf
+if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
+    sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf
+    systemctl reload nginx
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule
index 8f646644..10fd0fb9 100755
--- a/bin/v-delete-firewall-rule
+++ b/bin/v-delete-firewall-rule
@@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule"
 #                       Action                             #
 #----------------------------------------------------------#
 
+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Deleting rule
 sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf
 
 # Updating system firewall
 $BIN/v-update-firewall
 
+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    parse_object_kv_list_non_eval "$oldvalues"
+    if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
+        sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-delete-inactive-wordpress-plugins-and-themes b/bin/v-delete-inactive-wordpress-plugins-and-themes
new file mode 100644
index 00000000..e9b1715c
--- /dev/null
+++ b/bin/v-delete-inactive-wordpress-plugins-and-themes
@@ -0,0 +1,165 @@
+#!/bin/bash
+# info: delete inactive WordPress plugins and themes
+# options: DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+# WP-CLI wrapper
+if [ ! -z "$PHP" ]; then
+    WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+else
+    WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+fi
+
+quarantined=0;
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+echo "Inactive WordPress plugins for $DOMAIN:"
+echo "-------------------------------------"
+
+RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes"
+PLUGINS_LIST_CSV=$(eval "$RUN")
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2)
+
+DEACTIVATED_PLUGINS_LIST_CSV=""
+
+if [ ! -z "$PLUGINS_LIST_CSV" ]; then
+    printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update"
+    while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+        if [ "$STATUS" = "inactive" ]; then
+            printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE"
+            DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME"
+        fi
+    done <<< "$PLUGINS_LIST_CSV"
+else
+    echo "No plugins found."
+fi
+
+if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then
+    echo ""
+    read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+    if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+        while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+            if [ "$STATUS" = "inactive" ]; then
+                folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME"
+                file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php"
+                if [ -d "$folder" ] || [ -f "$file" ]; then
+                    destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN"
+                    if [ -d "$folder" ]; then
+                        source_path="$folder"
+                        destination_path="$destination_base_folder/$NAME"
+                    elif [ -f "$file" ]; then
+                        source_path="$file"
+                        destination_path="$destination_base_folder/$NAME.php"
+                    fi
+                    mkdir -p $destination_base_folder
+                    chown $USER:$USER $destination_base_folder
+                    mv $source_path $destination_path
+                    if [ -d "$destination_path" ]; then
+                        echo "= Folder $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                    if [ -f "$destination_path" ]; then
+                        echo "= File $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                else
+                    echo "=== ERROR: Folder $folder or file $file not found - it does not exist?"
+                fi
+            fi
+        done <<< "$PLUGINS_LIST_CSV"
+    fi
+fi
+
+echo ""
+echo "Inactive WordPress themes for $DOMAIN:"
+echo "-------------------------------------"
+
+RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes"
+THEMES_LIST_CSV=$(eval "$RUN")
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2)
+
+DEACTIVATED_THEMES_LIST_CSV=""
+
+if [ ! -z "$THEMES_LIST_CSV" ]; then
+    printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update"
+    while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+        if [ "$STATUS" = "inactive" ]; then
+            printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE"
+            DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME"
+        fi
+    done <<< "$THEMES_LIST_CSV"
+else
+    echo "No themes found."
+fi
+
+if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then
+    echo ""
+    read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+    if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+        while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+            if [ "$STATUS" = "inactive" ]; then
+                folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME"
+                if [ -d "$folder" ]; then
+                    destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN"
+                    source_path="$folder"
+                    destination_path="$destination_base_folder/$NAME"
+                    mkdir -p $destination_base_folder
+                    chown $USER:$USER $destination_base_folder
+                    mv $source_path $destination_path
+                    if [ -d "$destination_path" ]; then
+                        echo "= Folder $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                else
+                    echo "=== ERROR: Folder $folder not found - it does not exist?"
+                fi
+            fi
+        done <<< "$THEMES_LIST_CSV"
+    fi
+fi
+
+echo ""
+if [ $quarantined -eq 1 ]; then
+    echo "= All deactivated plugins and themes moved to quarantine."
+    echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN"
+else
+    echo "= No deactivated plugins or themes found."
+fi
+exit 0;
diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain
index ee727aa9..9be565bb 100755
--- a/bin/v-delete-mail-domain
+++ b/bin/v-delete-mail-domain
@@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn
     rm -rf $HOMEDIR/$user/conf/mail/$domain
     rm -rf $HOMEDIR/$user/mail/$domain_idn
+    if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then
+        rm -rf /hdd/home/$user/mail/$domain_idn
+    fi
 fi
 
 # Deleting dkim dns record
diff --git a/bin/v-delete-mail-domain-dkim b/bin/v-delete-mail-domain-dkim
index f11e48d4..7cfbab58 100755
--- a/bin/v-delete-mail-domain-dkim
+++ b/bin/v-delete-mail-domain-dkim
@@ -48,7 +48,7 @@ fi
 # Deleting dns record
 if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
     records=$($BIN/v-list-dns-records $user $domain plain)
-    dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
+    dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}')
     for id in $dkim_records; do
         $BIN/v-delete-dns-record $user $domain $id
     done
diff --git a/bin/v-delete-mails b/bin/v-delete-mails
new file mode 100644
index 00000000..24ac68e5
--- /dev/null
+++ b/bin/v-delete-mails
@@ -0,0 +1,127 @@
+#!/bin/bash
+# info: delete old emails (by mtime) for user/domain/account, with optional scope
+# usage:   v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE
+# SCOPE:   all    – clean every Maildir folder (cur, new, tmp, custom subfolders)
+#          trash  – clean only Trash/Junk/Spam folders
+
+# load Vesta functions & config
+source "$VESTA/func/main.sh"
+source "$VESTA/conf/vesta.conf"
+
+# read arguments
+user="$1"
+domain="$2"
+account="$3"
+mtime="$4"
+scope="$5"
+
+# verify argument count
+check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE'
+
+# validate scope
+if [[ "$scope" != "all" && "$scope" != "trash" ]]; then
+  echo "ERROR: SCOPE must be 'all' or 'trash'."
+  exit 1
+fi
+
+# validate logical combinations
+if [[ "$user" == "all" ]]; then
+  if [[ "$domain" != "all" || "$account" != "all" ]]; then
+    echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'."
+    exit 1
+  fi
+elif [[ "$domain" == "all" && "$account" != "all" ]]; then
+  echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'."
+  exit 1
+fi
+
+# build a detailed summary for the warning
+declare -a summary_parts
+if [[ "$user" == "all" ]]; then
+  summary_parts+=("all users")
+else
+  summary_parts+=("user '$user'")
+fi
+
+if [[ "$domain" == "all" ]]; then
+  summary_parts+=("all domains")
+else
+  summary_parts+=("domain '$domain'")
+fi
+
+if [[ "$account" == "all" ]]; then
+  summary_parts+=("all accounts")
+else
+  summary_parts+=("account '$account'")
+fi
+
+# join with commas
+summary=$(printf ", %s" "${summary_parts[@]}")
+summary=${summary:2}
+
+# only warn if any of them is 'all' or if mtime is 'all'
+if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then
+  echo "WARNING: This will delete emails older than '$mtime' days for ${summary}."
+  read -p "Are you sure? (yes/no): " confirm
+  [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; }
+fi
+
+# function to delete emails
+delete_emails() {
+  local u="$1" d="$2" a="$3"
+  local maildir="/home/$u/mail/$d/$a"
+
+  [[ ! -d "$maildir" ]] && return
+
+  echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime"
+
+  # build find predicates
+  if [[ "$scope" == "all" ]]; then
+    folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" )
+  else
+    folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" )
+  fi
+
+  # assemble and run find
+  if [[ "$mtime" == "all" ]]; then
+    find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null
+  else
+    find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null
+  fi
+}
+
+# collect users
+if [[ "$user" == "all" ]]; then
+  users=$(v-list-users plain | awk '{print $1}')
+else
+  users="$user"
+fi
+
+# iterate through users, domains, accounts
+for u in $users; do
+  if [[ "$domain" == "all" ]]; then
+    domains=$(v-list-mail-domains "$u" plain | awk '{print $1}')
+  else
+    domains="$domain"
+  fi
+
+  for d in $domains; do
+    if [[ "$account" == "all" ]]; then
+      accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}')
+    else
+      accounts="$account"
+    fi
+
+    for a in $accounts; do
+      delete_emails "$u" "$d" "$a"
+    done
+  done
+done
+
+# restart dovecot to refresh mailbox state
+systemctl restart dovecot
+
+# log the action (status first, then message)
+log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account"
+
+exit 0
diff --git a/bin/v-delete-user b/bin/v-delete-user
index c452f0a0..cdf809eb 100755
--- a/bin/v-delete-user
+++ b/bin/v-delete-user
@@ -94,6 +94,9 @@ fi
 # Deleting user directories
 chattr -i $HOMEDIR/$user/conf
 rm -rf $HOMEDIR/$user
+if [ -d "/hdd/home/$user" ]; then
+    rm -rf /hdd/home/$user
+fi
 rm -f /var/spool/mail/$user
 rm -f /var/spool/cron/$user
 rm -f /var/spool/cron/crontabs/$user
diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain
index 75399766..e64dd9a7 100755
--- a/bin/v-delete-web-domain
+++ b/bin/v-delete-web-domain
@@ -62,36 +62,24 @@ if [ -f "$fpmconf" ]; then
     rm $fpmconf
     echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
 fi
-fpmconf="/etc/php/5.6/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.0/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.1/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.2/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.3/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.4/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
+
+for PHPV in /etc/php/*; do
+    if [ -d "${PHPV}" ]; then
+        # PHPVER=$(basename ${PHPV})
+        POOLD="${PHPV}/fpm/pool.d"
+        fpmconf="$POOLD/$domain.conf"
+        if [ -f "$fpmconf" ]; then
+            rm $fpmconf
+            echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
+        fi
+        POOLD="${PHPV}/fpm/pool.d-ioncube"
+        fpmconf="$POOLD/$domain.conf"
+        if [ -f "$fpmconf" ]; then
+            rm $fpmconf
+            echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
+        fi
+    fi
+done
 
 # Deleting domain from web.conf
 sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf
@@ -142,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error*
 
 # Deleting directory
 rm -rf $HOMEDIR/$user/web/$domain
+if [ -d "/hdd/home/$user/web/$domain" ]; then
+    rm -rf /hdd/home/$user/web/$domain
+fi
 
 
 #----------------------------------------------------------#
diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files
new file mode 100644
index 00000000..ce72c0c4
--- /dev/null
+++ b/bin/v-delete-wordpress-uploads-php-files
@@ -0,0 +1,64 @@
+#!/bin/bash
+# info: delete PHP files from WordPress uploads folder
+# options: DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+quarantined=0;
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+
+files=$(find wp-content/uploads/ -type f -name "*.php")
+
+if [ -z "$files" ]; then
+    echo "= No PHP files found in WordPress uploads folder."
+    exit 0;
+fi
+
+echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :"
+echo "-------------------------------------"
+echo "$files"
+echo "-------------------------------------"
+
+read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+    for file in $files; do
+        source_file="/home/$USER/web/$DOMAIN/public_html/$file"
+        destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file"
+        destination_folder=$(dirname "$destination_file")
+        mkdir -p "$destination_folder"
+        chown $USER:$USER "$destination_folder"
+        mv "$source_file" "$destination_file"
+        echo "= File $source_file moved to $destination_file"
+        quarantined=1;
+    done
+    chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN"
+fi
+
+echo ""
+if [ $quarantined -eq 1 ]; then
+    echo "= All PHP files moved to quarantine."
+    echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN"
+else
+    echo "= No PHP files found in WordPress uploads folder."
+fi
+
+exit 0;
\ No newline at end of file
diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress
new file mode 100644
index 00000000..51ee217e
--- /dev/null
+++ b/bin/v-desinfect-wordpress
@@ -0,0 +1,86 @@
+#!/bin/bash
+# info: disinfect a WordPress site with several maintenance commands
+# options: DOMAIN
+
+# -------------------------------------------------------- #
+#                    variables and checks                  #
+# -------------------------------------------------------- #
+
+if [ "$(whoami)" != "root" ]; then
+    echo "You must be root to run this command."
+    exit 1
+fi
+
+# make sure all Vesta helper scripts are reachable
+export PATH="/usr/local/vesta/bin:$PATH"
+source /etc/profile
+
+domain="$1"
+if [ -z "$domain" ]; then
+    echo "Usage: v-desinfect-wp DOMAIN"
+    exit 1
+fi
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain")
+if [ -z "$user" ]; then
+    echo "Domain $domain does not exist."
+    exit 1
+fi
+
+if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then
+    echo "= WordFence CLI is not installed. Installing..."
+    /usr/local/vesta/bin/v-install-wordfence-cli
+fi
+
+# absolute paths to maintenance scripts, in desired order
+declare -a tasks=(
+    "/usr/local/vesta/bin/v-change-database-password-for-wordpress"
+    "/usr/local/vesta/bin/v-change-wordpress-admin-passwords"
+    "/usr/local/vesta/bin/v-fix-wordpress-core"
+    "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes"
+    "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files"
+    "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+    "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+)
+
+# -------------------------------------------------------- #
+#                    execution strategy                    #
+# -------------------------------------------------------- #
+
+echo
+read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty
+
+if [[ "$run_all" =~ ^[Yy]$ ]]; then
+    echo "Running all maintenance steps for $domain"
+    automatic=true
+else
+    echo
+    echo "Selective mode. You will be asked for each step."
+    automatic=false
+fi
+
+for cmd in "${tasks[@]}"; do
+    if [ ! -x "$cmd" ]; then
+        echo "Command $cmd not found or not executable, skipping."
+        continue
+    fi
+
+    if [ "$automatic" = false ]; then
+        while true; do
+            read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty
+            case "$yn" in
+                [Yy]* ) break ;;
+                [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;;
+                * )     echo "Please answer y or n." ;;
+            esac
+        done
+    fi
+
+    echo
+    echo "=== $(basename "$cmd") $domain ==="
+    "$cmd" "$domain"
+done
+
+echo
+echo "Done."
+exit 0
diff --git a/bin/v-df-snapshot-diff b/bin/v-df-snapshot-diff
new file mode 100644
index 00000000..ee427bd2
--- /dev/null
+++ b/bin/v-df-snapshot-diff
@@ -0,0 +1,102 @@
+#!/bin/bash
+# info: Make a diff between two snapshots of the disk usage
+# options: FILE1 FILE2
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Let's declare three associative arrays
+declare -A FILE1
+declare -A FILE2
+declare -A FILED
+
+file1=$1
+file2=$2
+
+if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then
+    file1="/usr/local/vesta/data/df/$file1"
+fi
+
+if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then
+    file2="/usr/local/vesta/data/df/$file2"
+fi
+
+if [ ! -f "$file1" ]; then
+    echo "File $file1 not found"
+    exit 1
+fi
+
+if [ ! -f "$file2" ]; then
+    echo "File $file2 not found"
+    exit 1
+fi
+
+timestamp=$(date +%Y-%m-%d-%H-%M-%S)
+mkdir -p /usr/local/vesta/data/df-diff
+file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt"
+file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt"
+file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt"
+touch $file0
+
+# Let's load the first file and fill the array FILE1
+while IFS=$'\t' read SIZE DIRECTORY; do
+    # Skip blank lines or lines that are not in the correct format
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    # Insert values into the array
+    FILE1["$DIRECTORY"]="$SIZE"
+done < "$file1"
+
+# Let's load the second file and fill the array FILE2
+while IFS=$'\t' read SIZE DIRECTORY; do
+    # Skip blank lines or lines that are not in the correct format
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    # Insert values into the array
+    FILE2["$DIRECTORY"]="$SIZE"
+done < "$file2"
+
+# We iterate through FILE1 and look for the matching key in FILE2
+for k in "${!FILE1[@]}"; do
+    if [[ -v FILE2["$k"] ]]; then
+        # If there is the same folder (KEY) in FILE2
+        DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} ))
+        FILED["$k"]=$DIFF
+        echo -e "${DIFF}\t${k}" >> $file0
+    else
+        # If the folder (KEY) is not found in FILE2
+        FILED["$k"]=${FILE1["$k"]}
+        echo -e "${FILE1["$k"]}\t${k}" >> $file0
+    fi
+done
+
+# sorted by size
+sort -nr -k1,1 $file0 > $file0s
+
+# sorted by folders
+while IFS=$'\t' read SIZE DIRECTORY; do
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f
+done < "$file2"
+
+chmod 600 $file0 $file0s $file0f
+chown root:root $file0 $file0s $file0f
+
+echo "Done."
+echo "You can do:"
+echo "mcview $file0"
+echo "mcview $file0s"
+echo "mcview $file0f"
+echo "--------------------------------"
+echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):"
+head -n 30 $file0s
+echo "--------------------------------"
+echo "Here is the first 30 lines of the diff, sorted by folders (in MB):"
+head -n 30 $file0f
+echo "--------------------------------"
+
+exit 0
diff --git a/bin/v-df-snapshot-logs-cleaner b/bin/v-df-snapshot-logs-cleaner
new file mode 100644
index 00000000..63275034
--- /dev/null
+++ b/bin/v-df-snapshot-logs-cleaner
@@ -0,0 +1,11 @@
+#!/bin/bash
+# info: Clean up old snapshots of the disk usage
+# options: NONE
+
+folder="/usr/local/vesta/data/df"
+mkdir -p $folder
+find $folder -type f -mtime +30 -delete
+
+folder="/usr/local/vesta/data/df-diff"
+mkdir -p $folder
+find $folder -type f -mtime +30 -delete
diff --git a/bin/v-df-snapshot-make b/bin/v-df-snapshot-make
new file mode 100644
index 00000000..985aab15
--- /dev/null
+++ b/bin/v-df-snapshot-make
@@ -0,0 +1,52 @@
+#!/bin/bash
+# info: Make a snapshot of the disk usage
+# options: NONE
+
+folder="/usr/local/vesta/data/df"
+
+mkdir -p $folder
+timestamp=$(date +%Y-%m-%d-%H-%M-%S)
+
+du --max-depth=1 -m -x / > $folder/snapshot-$timestamp.txt
+
+du --max-depth=6 -m -x /home > $folder/snapshot-temp.txt
+for i in {2..7}; do
+    while IFS= read -r line; do
+        count=0
+        for (( j=0; j<${#line}; j++ )); do
+            if [[ ${line:j:1} == "/" ]]; then
+                ((count++))
+            fi
+        done
+        if [ $count -eq $i ]; then
+            printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt
+        fi
+    done < $folder/snapshot-temp.txt
+done
+rm $folder/snapshot-temp.txt
+
+if [ -d "/hdd" ]; then
+    du --max-depth=7 -m -x /hdd > $folder/snapshot-temp.txt
+    for i in {1..8}; do
+        while IFS= read -r line; do
+            count=0
+            for (( j=0; j<${#line}; j++ )); do
+                if [[ ${line:j:1} == "/" ]]; then
+                    ((count++))
+                fi
+            done
+            if [ $count -eq $i ]; then
+                printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt
+            fi
+        done < $folder/snapshot-temp.txt
+    done
+    rm $folder/snapshot-temp.txt
+fi
+
+du --max-depth=1 -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt
+du --max-depth=1 -m -x /var/log >> $folder/snapshot-$timestamp.txt
+
+chmod 600 $folder/snapshot-$timestamp.txt
+chown root:root $folder/snapshot-$timestamp.txt
+
+exit 0
diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini
new file mode 100644
index 00000000..9eadfcee
--- /dev/null
+++ b/bin/v-edit-domain-php-ini
@@ -0,0 +1,90 @@
+#!/bin/bash
+# info: Edit php.ini for certain domain
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain)
+
+if [ -z "$fpm_ver" ]; then
+    echo "PHP version for domain $domain could not be determined."
+    exit 1
+fi
+
+config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf"
+
+if command -v mcedit >/dev/null; then
+    mcedit "$config_file"
+else
+    nano "$config_file"
+fi
+
+echo "Restarting PHP-FPM service for PHP version ${fpm_ver}"
+systemctl restart php${fpm_ver}-fpm
+if [ $? -ne 0 ]; then
+    systemctl status php${fpm_ver}-fpm
+    echo "========================="
+    echo ""
+    echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!"
+    echo ""
+    exit $E_RESTART;
+else
+    echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully."
+fi
+echo ""
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini
new file mode 100644
index 00000000..0155e6bb
--- /dev/null
+++ b/bin/v-edit-php-ini
@@ -0,0 +1,70 @@
+#!/bin/bash
+# info: Edit php.ini for a specific PHP version
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# List available PHP versions and store them into an array
+mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php)
+
+echo "Available PHP versions:"
+PS3="Please select the PHP version you want to edit php.ini for: "
+
+select php_version in "${php_versions[@]}"; do
+    if [[ -n $php_version ]]; then
+        break
+    else
+        echo "Invalid choice. Please try again."
+    fi
+done
+
+# Define path to the php.ini file
+php_ini_path="/etc/php/${php_version}/fpm/php.ini"
+
+# Check if php.ini exists for the selected version
+if [[ ! -f "$php_ini_path" ]]; then
+    echo "The php.ini file for the selected PHP version ($php_version) does not exist."
+    exit 1
+fi
+
+# Determine the text editor to use
+if command -v mcedit >/dev/null 2>&1; then
+    editor_cmd="mcedit"
+elif command -v nano >/dev/null 2>&1; then
+    editor_cmd="nano"
+else
+    echo "No supported text editor found. Please install 'mcedit' or 'nano'."
+    exit 1
+fi
+
+# Open php.ini for the chosen PHP version in the selected editor
+echo "Opening $php_ini_path in editor $editor_cmd..."
+$editor_cmd "$php_ini_path"
+
+# Restart the PHP-FPM service for the selected version
+echo "Restarting the PHP-FPM service for PHP version $php_version..."
+systemctl restart php${php_version}-fpm
+if [ $? -ne 0 ]; then
+    systemctl status php${php_version}-fpm
+    echo "========================="
+    echo ""
+    echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!"
+    echo ""
+    exit $E_RESTART;
+else
+    echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully."
+fi
+
+#----------------------------------------------------------#
+#                       Exit                               #
+#----------------------------------------------------------#
+
+exit 0;
diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions
new file mode 100644
index 00000000..3bce868f
--- /dev/null
+++ b/bin/v-fix-php-ini-disable-functions
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1;
+fi
+
+if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi;
+
+echo "=== Fixing php.ini files to have the correct disable_functions line"
+
+export NOTFOUNDVAL="exec,system,passthru,shell_exec"
+export LINEBEGINSWITH="disable_functions ="
+export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
+
+find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _
+
+export NOTFOUNDVAL2="^$LINEBEGINSWITH"
+export REMOVELINETHATCONTAINS=$LINEBEGINSWITH
+
+find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _
+
+if [ -f "/tmp/patched" ]; then
+    rm /tmp/patched
+
+    echo "== Restarting all PHP-FPM services"
+    systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart
+
+    echo "=== Everything done."
+else
+    echo "=== Everything is already correct."
+fi
+
+exit 0;
diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions
index ae798992..47690477 100644
--- a/bin/v-fix-user-permissions
+++ b/bin/v-fix-user-permissions
@@ -44,14 +44,15 @@ find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \;
 find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \;
 find /home/$user/mail/*/ -type f -exec chmod u+rw {} \;
 find /home/$user/mail/*/ -type f -exec chmod g+rw {} \;
-
+find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \;
 
 find /home/$user/conf/dns/ -type f -exec chown root:bind {} \;
 find /home/$user/conf/ -type d -exec chown root:root {} \;
 
-find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} +
-find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} +
-find /home/$user/web/*/public_html/ -exec chown $user:$user {} \;
+for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+    /usr/local/vesta/bin/v-fix-website-permissions $domain $user
+    echo "--------------------------------"
+done
 
 echo "Done, permissions fixed for user: $user"
 
diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions
new file mode 100644
index 00000000..50b143c8
--- /dev/null
+++ b/bin/v-fix-website-permissions
@@ -0,0 +1,161 @@
+#!/bin/bash
+# info: Fixing chown and chmod permissions for a website
+# options: DOMAIN [USER]
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/conf/vesta.conf
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "Error: Folder /home/$user doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Going to domain directory
+cd /home/$USER/web/$domain
+
+# Ownership check
+if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
+    owner=$(stat -c '%U' "public_html/index.php")
+    if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
+        echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
+        exit 1
+    fi
+fi
+
+echo "Updating permissions and ownership for /home/$USER/web/$domain/"
+
+php_chmod_allowed=1
+if [ -f "/home/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+
+# === General files and directories permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    # New way of fixing permissions
+    # Fixing permissions
+    find public_html/ -type d ! -perm 755 -exec chmod 755 {} +
+    find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} +
+
+    # Fixing ownership
+    find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} +
+    find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+else
+    # Old way of fixing permissions
+    # Fixing permissions
+    find public_html/ -type d ! -perm 755 -exec chmod 755 {} +
+    find public_html/ -type f ! -perm 644 -exec chmod 644 {} +
+
+    # Fixing ownership
+    find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} +
+    find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+# === PHP and .env permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    php_chmod="600"
+
+    if [ "$WEB_SYSTEM" = 'nginx' ]; then
+        php_chmod="644"
+    fi
+
+    if [ -f "/home/php_chmod" ]; then
+        php_chmod=$(cat /home/php_chmod)
+    fi
+    if [ -f "/home/$USER/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/$domain/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/$domain/php_chmod)
+    fi
+
+    # Setting chmod 600 for all .php and .env files
+    echo "= Setting chmod $php_chmod for all .php and .env files"
+    # Fixing permissions
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} +
+    # Fixing ownership
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+# === Symlinks ownership ===
+symlink_chown_allowed=1
+if [ -f "/home/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+
+if [ "$symlink_chown_allowed" -eq 1 ]; then
+    find -type l ! -user $USER -exec chown -h $USER:$USER {} +
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+echo "Permissions for $domain have been successfully updated."
+
+exit 0
diff --git a/bin/v-fix-website-permissions-for-all-websites b/bin/v-fix-website-permissions-for-all-websites
new file mode 100644
index 00000000..9b1501bd
--- /dev/null
+++ b/bin/v-fix-website-permissions-for-all-websites
@@ -0,0 +1,41 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        /usr/local/vesta/bin/v-fix-website-permissions $domain $user
+        echo "--------------------------------"
+    done
+
+done
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-fix-website-permissions-for-all-websites-only-php b/bin/v-fix-website-permissions-for-all-websites-only-php
new file mode 100644
index 00000000..a89d2416
--- /dev/null
+++ b/bin/v-fix-website-permissions-for-all-websites-only-php
@@ -0,0 +1,44 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        /usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1
+        echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+    done
+
+done
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-fix-website-permissions-only-php b/bin/v-fix-website-permissions-only-php
new file mode 100644
index 00000000..cf548e6b
--- /dev/null
+++ b/bin/v-fix-website-permissions-only-php
@@ -0,0 +1,121 @@
+#!/bin/bash
+# info: Fixing PHP and .env permissions and ownership for a website
+# options: DOMAIN [USER]
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/conf/vesta.conf
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "Error: Folder /home/$user doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Going to domain directory
+cd /home/$USER/web/$domain
+
+# Ownership check
+if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
+    owner=$(stat -c '%U' "public_html/index.php")
+    if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
+        echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
+        exit 1
+    fi
+fi
+
+echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/"
+
+php_chmod_allowed=1
+if [ -f "/home/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+
+# === PHP and .env permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    php_chmod="600"
+
+    if [ "$WEB_SYSTEM" = 'nginx' ]; then
+        php_chmod="644"
+    fi
+
+    if [ -f "/home/php_chmod" ]; then
+        php_chmod=$(cat /home/php_chmod)
+    fi
+    if [ -f "/home/$USER/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/$domain/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/$domain/php_chmod)
+    fi
+
+    # Setting chmod 600 for all .php and .env files
+    echo "= Setting chmod $php_chmod for all .php and .env files"
+    # Fixing permissions
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} +
+    # Fixing ownership
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+echo "PHP and .env permissions and ownership for $domain have been successfully updated."
+
+exit 0
diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core
new file mode 100644
index 00000000..2bcd6c34
--- /dev/null
+++ b/bin/v-fix-wordpress-core
@@ -0,0 +1,115 @@
+#!/bin/bash
+# info: fix compromised wp-admin and wp-includes
+# options: DOMAIN [CACHE_DIR]
+#
+# Replaces wp-admin and wp-includes with clean copies that match
+# the WordPress core version detected on the site.
+#
+# Example:
+#   v-fix-wp-core example.com
+#   v-fix-wp-core example.com /srv/wp-cache
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+# Arguments
+DOMAIN="$1"
+CACHE_DIR="${2-/srv/wp-cache}"       # default cache location
+
+QUARANTINE_DIR="/srv/wp-quarantine"
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+check_args '1' "$#" 'DOMAIN [CACHE_DIR]'
+is_format_valid 'domain'
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)"  # temp workspace
+trap 'rm -rf "$TMP_DIR"' EXIT
+
+# 1etermine WP version
+if [ -z "$PHP" ]; then
+    WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
+else
+    WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
+fi
+
+check_result $? "cannot detect WP version" > /dev/null
+if [ -z "$WP_VERSION" ]; then
+    check_result 1 "empty WP version string"
+fi
+echo "Detected WordPress version $WP_VERSION"
+
+# 2ind site owner and path
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+check_result $? "cannot find domain owner" > /dev/null
+SITE_PATH="/home/$USER/web/$DOMAIN/public_html"
+if [ ! -d "$SITE_PATH" ]; then
+    check_result 1 "site path $SITE_PATH does not exist"
+fi
+
+# ensure cached core is present
+CACHE_PATH="$CACHE_DIR/$WP_VERSION"
+if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then
+    echo "Cache for $WP_VERSION missing, downloading ZIP..."
+
+    mkdir -p "$CACHE_PATH"
+    ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip"
+    ZIP_FILE="$TMP_DIR/wp.zip"
+
+    curl -fSL "$ZIP_URL" -o "$ZIP_FILE"
+    check_result $? "download failed" > /dev/null
+
+    unzip -q "$ZIP_FILE" -d "$TMP_DIR"
+    check_result $? "unzip failed" > /dev/null
+
+    mv "$TMP_DIR/wordpress/wp-admin"    "$CACHE_PATH/"
+    mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/"
+    cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/"
+fi
+
+# backup current core folders
+TIMESTAMP="$(date +%Y%m%d%H%M%S)"
+BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP"
+mkdir -p "$BACKUP_DIR"
+mv "$SITE_PATH/wp-admin"    "$BACKUP_DIR/"
+mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/"
+
+for f in "$SITE_PATH"/*.php; do
+    [[ $(basename "$f") == "wp-config.php" ]] && continue
+    mv "$f" "$BACKUP_DIR/"
+done
+if [ -f "$SITE_PATH/.user.ini" ]; then
+    mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/"
+fi
+
+# chown -R www-data:www-data "$BACKUP_DIR"
+check_result $? "backup failed" > /dev/null
+echo "Old core folders moved to $BACKUP_DIR"
+
+# deploy clean core
+rsync -a --delete "$CACHE_PATH/wp-admin/"    "$SITE_PATH/wp-admin/"
+rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/"
+check_result $? "rsync failed" > /dev/null
+
+for corephp in "$CACHE_PATH"/*.php; do
+    base=$(basename "$corephp")
+    [ "$base" = "wp-config.php" ] && continue
+    rsync -a "$corephp" "$SITE_PATH/$base"
+done
+
+# fix permissions
+SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN
+# chown -R www-data:www-data "$BACKUP_DIR"
+
+echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN"
+exit
diff --git a/bin/v-get-dns-config b/bin/v-get-dns-config
new file mode 100644
index 00000000..d759c489
--- /dev/null
+++ b/bin/v-get-dns-config
@@ -0,0 +1,70 @@
+#!/bin/bash
+# info: Get domain DNS config.db file content
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DNS_FILE="/home/$user/conf/dns/$domain.db"
+
+if [ -f "$DNS_FILE" ]; then
+    cat "$DNS_FILE"
+else
+    echo "DNS configuration file for $domain does not exist."
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
diff --git a/bin/v-grep b/bin/v-grep
index 3e467129..9ea821e5 100644
--- a/bin/v-grep
+++ b/bin/v-grep
@@ -1,21 +1,27 @@
-#!/bin/bash
-# info: calling myvesta_grep PHP function
-# options: PARAMETERS
-#
-# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression)
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-
-if [ -p /dev/stdin ]; then
-    STDIN=$(cat -)
-    if [ ! -z "$STDIN" ]; then
-        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@"
-        exit $?
-    fi
-fi
-
-php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@"
-exit $?
+#!/bin/bash
+# info: calling myvesta_grep PHP function
+# options: PARAMETERS
+#
+# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression)
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
+    STDIN=$(cat -)
+    if [ ! -z "$STDIN" ]; then
+        shift;
+        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@"
+        exit $?
+    fi
+fi
+
+if [ "$1" == "--stdin" ]; then
+    shift;
+    php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@"
+else
+    php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@"
+fi
+exit $?
diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup
index 02383018..43e8c3bf 100644
--- a/bin/v-import-cpanel-backup
+++ b/bin/v-import-cpanel-backup
@@ -157,9 +157,15 @@ for sk_dbr in $sk_db_list
 			echo " Create and restore ${sk_dbr} "
 			sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
 			sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
+			if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then
+				v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create
+			fi
 			mysql < mysql/${sk_dbr}.create
 			sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
 			sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
+			if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then
+				v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql
+			fi
 			mysql ${sk_dbr} < mysql/${sk_dbr}.sql
 		else
 			echo "Error: Cant restore database $sk_dbr alredy exists in mysql server"
@@ -269,28 +275,29 @@ cd $sk_mdir
 for sk_maild in $(ls -1)
 do
 if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp"  ]]; then
-	if [ -d "$sk_maild" ]; then
-		for sk_mail_account in $(ls $sk_maild/)
-		 do
-					
-					echo "Create and restore mail account: $sk_mail_account@$sk_maild"
-					sk_mail_pass1=$(generate_password)		
-					/usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1
-					mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild}
-					chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild}
-					find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete
-					# echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1"	>> /root/sk_mail_password_${sk_cp_user}-${sk_cod}
-					echo "Set password for ${sk_mail_account}@${sk_maild}"
-					pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F  ":" '{print $2}')
-					newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0"
-					newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'"
-					# echo $newline
-					escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g')
-					escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g')
-					sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd
-					sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf
-		done
-	fi
+    if [ -d "$sk_maild" ]; then
+        for sk_mail_account in $(ls $sk_maild/)
+        do
+            echo "Create and restore mail account: $sk_mail_account@$sk_maild"
+            sk_mail_pass1=$(generate_password)        
+            /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1
+            mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild}
+            chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild}
+            find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete
+            if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then
+                echo "Set password for ${sk_mail_account}@${sk_maild}"
+                pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F  ":" '{print $2}')
+                newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0"
+                newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'"
+                escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g')
+                escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g')
+                sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd
+                sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf
+            else
+                echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1"    >> /root/sk_mail_password_${sk_cp_user}-${sk_cod}
+            fi
+        done
+    fi
 #else
 # this only detect default dirs account new, cur, tmp etc
 # maybe can do something with this, but on most cpanel default account have only spam.
@@ -367,7 +374,9 @@ tput setaf 4
 echo "##############################"
 echo "cPanel Backup restored"
 echo "Review your content and report any fail"
-# echo "I reset mail password not posible restore it yet."
-# echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}"
+if [ -f "/root/sk_mail_password_${sk_cp_user}-${sk_cod}" ]; then
+    echo "I reset mail password not posible restore it yet."
+    echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}"
+fi
 echo "##############################"
 tput sgr0
diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl
index 3395e4f2..9ac2f188 100644
--- a/bin/v-install-unsigned-ssl
+++ b/bin/v-install-unsigned-ssl
@@ -52,6 +52,10 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
+if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then
+    /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain"
+fi
+
 release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
 
 email="info@$domain"
diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli
new file mode 100644
index 00000000..fc6ca0b5
--- /dev/null
+++ b/bin/v-install-wordfence-cli
@@ -0,0 +1,37 @@
+#!/bin/bash
+# info: Script for installing WordFence CLI
+# options: NONE
+
+if ! command -v git &> /dev/null; then
+    echo "= Git is not installed. Installing..."
+    apt-get update > /dev/null 2>&1
+    apt-get install -y git
+fi
+
+cd /root
+
+if [ ! -d "myvesta-wordfence-cli" ]; then
+    git clone https://github.com/isscbta/myvesta-wordfence-cli.git
+    cd ~/myvesta-wordfence-cli/
+else
+    cd ~/myvesta-wordfence-cli/
+    git pull
+fi
+
+echo ""
+echo "----------------------------------------------------------------"
+echo ""
+echo "Which Docker container do you want to install for WordFence CLI?"
+echo "1. WordFence CLI official Docker container"
+echo "2. WordFence CLI Docker container maintained by myVesta"
+read -r -p "Enter your choice: " choice < /dev/tty
+
+if [ "$choice" == "1" ]; then
+    bash wf-cli-install.sh
+fi
+
+if [ "$choice" == "2" ]; then
+    bash wf-cli-install-our-image.sh
+fi
+
+exit 0;
diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress
index 70f3fc7b..25e38f3e 100644
--- a/bin/v-install-wordpress
+++ b/bin/v-install-wordpress
@@ -57,17 +57,26 @@ if [ -z "$database" ]; then
     fi
 fi
 
+# Convert domain to IDN if available
+if command -v idn2 >/dev/null 2>&1; then
+    database=$(idn2 "$database")
+    idn_domain=$(idn2 "$domain")
+elif command -v idn >/dev/null 2>&1; then
+    database=$(idn "$database")
+    idn_domain=$(idn "$domain")
+fi
+
 if [ -z "$email" ]; then
-    email="info@$domain";
+    email="info@$idn_domain";
 fi
 
 if [ ! -d "/home/$user" ]; then
-    echo "User doesn't exist";
+    echo "= Error: Folder /home/$user doesn't exist";
     exit 1;
 fi
 
 if [ ! -d "/home/$user/web/$domain/public_html" ]; then
-    echo "Domain doesn't exist";
+    echo "= Error: Folder /home/$user/web/$domain/public_html doesn't exist";
     exit 1;
 fi
 
@@ -95,51 +104,72 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
 #                       Action                             #
 #----------------------------------------------------------#
 
-PROTOCOL='http'
-if [ -z "$SKIP_LE" ]; then
-    if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then
-        /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes"
-    fi
-else
-    PROTOCOL='https'
+PROTOCOL='https'
+
+if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then
+    echo "== Trying to install LetsEncrypt for domain $domain"
+    /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes"
 fi
 
-if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then
-    PROTOCOL='https'
-    if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ]; then
-        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+if [ ! -z "$FORCE_HTTP" ]; then
+    # Switch to http:// only if --FORCE_HTTP parameter is set
+    echo "== Force http://"
+    PROTOCOL='http'
+fi
+
+TPL_CHANGED=0;
+
+if [ "$WEB_SYSTEM" != 'nginx' ]; then
+    if [ "$PROTOCOL" = "https" ]; then
+        if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+            TPL_CHANGED=1;
+            /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+        fi
+        if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+            TPL_CHANGED=1;
+            /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+        fi
+    fi
+    if [ "$PROTOCOL" = "http" ]; then
+        if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+            TPL_CHANGED=1;
+            /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+        fi
     fi
 fi
 
 /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql"
 
-if [ ! -f "/usr/local/bin/wp" ]; then
-    echo "=== Downloading latest wp-cli"
-    wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
-    chmod +x /usr/local/bin/wp
-fi
-
 WORKINGDIR="/home/$user/web/$domain/public_html"
 rm -rf $WORKINGDIR/*
 cd $WORKINGDIR
 
-sudo -H -u$user wp core download
-sudo -H -u$user wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB
+/usr/local/vesta/bin/v-run-wp-cli $domain core download
+if [ ! -f "$WORKINGDIR/index.php" ]; then
+    echo "= WordPress installation failed: WordPress core download failed."
+    exit 1;
+fi
+
+/usr/local/vesta/bin/v-run-wp-cli $domain core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB
+if [ ! -f "$WORKINGDIR/wp-config.php" ]; then
+    echo "= WordPress installation failed: WordPress core config failed, wp-config.php not found."
+    exit 1;
+fi
 
 password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12)
 
 wpadmin=$(echo "$domain" | sed 's#\.#_#g')_4dm1n
 
-sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR
+/usr/local/vesta/bin/v-run-wp-cli $domain core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR
 
 mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';"
 
 echo "================================================================="
-echo "Installation is complete. Your username/password is listed below."
+echo "Your WordPress installation is complete."
 echo ""
-echo "Site: $PROTOCOL://$domain/"
+echo "Website URL: $PROTOCOL://$domain/"
 echo ""
-echo "Login: $PROTOCOL://$domain/wp-admin/"
+echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/"
 echo "Username: $wpadmin"
 echo "Password: $password"
 echo ""
diff --git a/bin/v-install-wp-cli b/bin/v-install-wp-cli
new file mode 100644
index 00000000..17df71e8
--- /dev/null
+++ b/bin/v-install-wp-cli
@@ -0,0 +1,27 @@
+#!/bin/bash
+# info: Download WP CLI
+# options: NONE
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+echo "= Installing WP CLI by downloading phar file..."
+wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
+chmod +x /usr/local/bin/wp
+
+if [ -f "/usr/local/bin/wp" ]; then
+    echo "= WP CLI installed successfully."
+    echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND"
+    exit 0;
+else
+    echo "= WP CLI installation failed."
+    echo "= Please install it manually."
+    exit 1;
+fi
diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta
new file mode 100644
index 00000000..b65479f6
--- /dev/null
+++ b/bin/v-install-wp-cli-myvesta
@@ -0,0 +1,79 @@
+#!/bin/bash
+# info: Download myVesta WP CLI
+# options: NONE
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+if [ ! -f "/usr/local/bin/composer" ]; then
+    echo "= Composer is not installed. Installing..."
+    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+    php composer-setup.php --install-dir=/usr/local/bin --filename=composer
+    php -r "unlink('composer-setup.php');"
+    echo "= Composer installed successfully."
+fi
+
+if [ -d "/usr/local/bin/wp-cli" ]; then
+    echo "= Removing old myVesta WP CLI..."
+    rm -rf /usr/local/bin/wp-cli
+fi
+
+echo "= Installing myVesta WP CLI..."
+
+cd /usr/local/bin
+git clone https://github.com/wp-cli/wp-cli.git
+
+chown -R www-data:www-data wp-cli
+
+ver_ge() {
+    # usage: ver_ge 7.2 5.6   --> returns true if $1 is greater than or equal to $2
+    [ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ]
+}
+
+current_php_version=$(readlink -f /usr/bin/php | grep -oP 'php\K[0-9]+\.[0-9]+')
+
+php_versions=$(/usr/local/vesta/bin/v-list-php)
+for php_version in $php_versions; do
+    if ver_ge "$php_version" "7.2"; then
+        oldest_allowed_php_version=$php_version
+        break
+    fi
+done
+
+echo "= Setting PHP version to $oldest_allowed_php_version"
+update-alternatives --set php /usr/bin/php$oldest_allowed_php_version
+
+cd wp-cli/
+sudo -H -u www-data composer install
+
+echo "= Installing search-replace-command package..."
+sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command
+
+echo "= Setting PHP version to $current_php_version"
+update-alternatives --set php /usr/bin/php$current_php_version
+
+# Fix terminal columns issue for WP CLI
+echo "= Fixing terminal columns issue for WP CLI..."
+/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php'
+
+echo ""
+
+if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
+    echo "= myVesta WP CLI installed successfully."
+    echo "= Usage: v-run-wp-cli-myvesta DOMAIN WP_CLI_COMMAND"
+    exit 0;
+else
+    echo "= myVesta WP CLI installation failed."
+    echo "= Please install it manually."
+    exit 1;
+fi
diff --git a/bin/v-list-php b/bin/v-list-php
new file mode 100644
index 00000000..846e40de
--- /dev/null
+++ b/bin/v-list-php
@@ -0,0 +1,76 @@
+#!/bin/bash
+# info: list of installed php versions
+# options: [FORMAT]
+#
+# The function for obtaining the list of installed PHP versions.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    counter=$(echo "$phpversions" | wc -l)
+    i=1
+    echo '['
+    for phpversion in $phpversions; do
+        if [ "$i" -lt "$counter" ]; then
+            echo -e  "\t\"$phpversion\","
+        else
+            echo -e  "\t\"$phpversion\""
+        fi
+        (( ++i))
+    done
+    echo "]"
+}
+
+# shell list function
+shell_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# CSV list function
+csv_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Obtaining the list of installed PHP-FPM versions
+phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort)
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
diff --git a/bin/v-list-php-apache b/bin/v-list-php-apache
new file mode 100644
index 00000000..e2e431b1
--- /dev/null
+++ b/bin/v-list-php-apache
@@ -0,0 +1,91 @@
+#!/bin/bash
+# info: list of installed php versions that have Apache template.
+# options: [FORMAT]
+#
+# The function obtains the list of installed PHP versions that have Apache template.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    counter=$(echo "$phpversions" | wc -l)
+    i=1
+    echo '['
+    for phpversion in $phpversions; do
+        if [ "$i" -lt "$counter" ]; then
+            echo -e  "\t\"$phpversion\","
+        else
+            echo -e  "\t\"$phpversion\""
+        fi
+        (( ++i))
+    done
+    echo "]"
+}
+
+# shell list function
+shell_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# CSV list function
+csv_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+echo_phpversions_list() {
+    for element in "${phpversions_list[@]}"; do
+        echo "$element"
+    done
+}
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Obtaining the list of installed PHP-FPM versions
+fpmphpversions=$(/usr/local/vesta/bin/v-list-php)
+
+for phpversion in $fpmphpversions; do
+    phpversiontpl=${phpversion//./}
+    tpl="/usr/local/vesta/data/templates/web/apache2/PHP-FPM-$phpversiontpl.tpl"
+    if [ -f "$tpl" ]; then
+        phpversions_list+=("$phpversion")
+    fi
+done
+
+phpversions=$(echo_phpversions_list)
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config
index 127f2176..a0fdbbbc 100755
--- a/bin/v-list-sys-config
+++ b/bin/v-list-sys-config
@@ -54,7 +54,8 @@ json_list() {
         "SOFTACULOUS": "'$SOFTACULOUS'",
         "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'",
         "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
-        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
+        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'",
+        "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'"
     }
 }'
 }
diff --git a/bin/v-list-sys-services b/bin/v-list-sys-services
index 3d876101..d23a92a7 100755
--- a/bin/v-list-sys-services
+++ b/bin/v-list-sys-services
@@ -301,6 +301,10 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
                 service='mariadb'
                 proc_name='mariadbd'
             fi
+            if [ -f "/etc/apt/sources.list.d/mariadb.list" ]; then
+                service='mariadb'
+                proc_name='mariadbd'
+            fi
             if [ -d "/etc/sysconfig" ]; then
                 service='mysqld'
                 proc_name='mysqld'
diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log
new file mode 100644
index 00000000..6a6dfadd
--- /dev/null
+++ b/bin/v-make-main-apache-log
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+touch /var/log/apache2/time.log
+# truncate -s 0 /var/log/apache2/time.log
+chmod 0640 /var/log/apache2/time.log
+chown root:adm /var/log/apache2/time.log
+find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n    ServerName |g'
+find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n    ServerName |g'
+if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then
+    sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf
+fi
+systemctl restart apache2
+
+wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php
diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email
index a26c68e3..15e42c05 100644
--- a/bin/v-make-separated-ip-for-email
+++ b/bin/v-make-separated-ip-for-email
@@ -1,4 +1,4 @@
-#!/bin/bash
+ #!/bin/bash
 
 # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users
 # options: MAIL_HOSTNAME MAIL_IP
@@ -45,7 +45,7 @@ is_domain_format_valid "$MAIL_HOSTNAME"
 is_ip_format_valid "$MAIL_IP"
 
 HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME")
-if [ -z "$HOST_USER" ]; then
+if [ -z "$HOST_USER" ]; then 
     echo "Error: hostname $HOSTNAME is not created as web domain"
     exit 4
 fi
@@ -138,7 +138,18 @@ check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template)
 if [ "$check_grep" -eq 0 ]; then
     echo "=== patching exim4.conf.template"
     mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
-    cp /usr/local/vesta/install/debian/11/exim/exim4.conf.template-RC /etc/exim4/exim4.conf.template
+    cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
+
+    eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
+    if (( $(echo "$eximversion < 4.96" | bc -l) )); then
+        cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template
+        sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template
+    fi
+
+    if (( $(echo "$eximversion < 4.94" | bc -l) )); then
+        sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template
+    fi
+
     sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template
     sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template
     sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template
@@ -148,6 +159,8 @@ if [ "$check_grep" -eq 0 ]; then
     sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template
     sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template
     sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template
+    /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template'
+    /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template'
     touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
     touch /etc/exim4/limit_per_email_account_max_recipients
     touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
@@ -166,9 +179,10 @@ if [ "$check_grep" -eq 0 ]; then
     fi
     systemctl restart exim4
     if [ $? -ne 0 ]; then
+        systemctl status exim4
         cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template
         systemctl restart exim4
-        echo "=== Patching failed, aborting"
+        echo "=== Patching failed, old exim conf returned, exim4 restarted again."
         exit 1
     fi
     echo "=== Patching successful"
diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https
index 6c6c8653..c15a521e 100644
--- a/bin/v-migrate-site-to-https
+++ b/bin/v-migrate-site-to-https
@@ -40,6 +40,7 @@ is_format_valid 'domain' 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 
+
 FROM_DATABASE_NAME=''
 FROM_DATABASE_USERNAME=''
 FROM_DATABASE_PASSWORD=''
@@ -94,6 +95,8 @@ if [ "$DB_EXISTS" = "no" ]; then
     exit 6
 fi
 
+phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN")
+
 # ----------- CHECK -------------
 
 FROM_REPLACE1="http://$FROM_DOMAIN"
@@ -102,19 +105,13 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN"
 TO_REPLACE2="https://www.$FROM_DOMAIN"
 
 if [ $IT_IS_WP -eq 0 ]; then
-    if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then
-        echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/"
-        exit 7
-    fi
-    if [ ! -f "/usr/bin/php7.0" ]; then
-        echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0"
-        exit 8
-    fi
-else
-    if [ ! -f "/usr/local/bin/wp" ]; then
-        echo "=== Downloading latest wp-cli"
-        wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
-        chmod +x /usr/local/bin/wp
+    if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then
+        if [ ! -f "/usr/bin/git" ]; then
+            apt-get update > /dev/null 2>&1
+            apt-get -y install git > /dev/null 2>&1
+        fi
+        cd /root
+        git clone https://github.com/interconnectit/Search-Replace-DB.git
     fi
 fi
 
@@ -164,15 +161,15 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC
 
 if [ $IT_IS_WP -eq 0 ]; then
     echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME"
-    php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1"
+    php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1"
     echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME"
-    php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2"
+    php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2"
 else
     cd $SITE_FOLDER
     echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME"
-    sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid
+    /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
     echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME"
-    sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid
+    /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
 fi
 
 echo "===== DONE ===="
diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account
index d055e361..383fd26e 100644
--- a/bin/v-move-domain-and-database-to-account
+++ b/bin/v-move-domain-and-database-to-account
@@ -40,6 +40,10 @@ if [ "$owner" = "$user" ]; then
     exit
 fi
 
+USER_DATA=$VESTA/data/users/$owner
+is_object_unsuspended 'user' 'USER' "$owner"
+USER_DATA=$VESTA/data/users/$user
+
 USER_TO=$user
 
 #----------------------------------------------------------#
@@ -84,6 +88,56 @@ if [ $? -ne 0 ]; then
     RET=$E_NOTEXIST
 fi
 
+#----------------------------------------------------------#
+#               Update Wordfence WAF Path                  #
+#----------------------------------------------------------#
+
+filepath="/home/USER_TO/web/$domain/public_html/.user.ini"
+filename=$(basename $filepath)
+
+# Check if file exists
+if [ -f "$filepath" ]; then
+    echo "Updating $filename with new user path..."
+    
+    # Temporary file for modification
+    tmp_file=$(mktemp)
+    
+    # Change path from old USER to new USER_TO
+    sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
+    
+    # Check if replacement was successful and update file
+    if [ $? -eq 0 ]; then
+        mv "$tmp_file" "$filepath"
+        echo "$filename updated successfully."
+    else
+        echo "Failed to update $filename file."
+        rm "$tmp_file"  # Deletes temporary file
+    fi
+fi
+
+filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php"
+filename=$(basename $filepath)
+
+# Check if file exists
+if [ -f "$filepath" ]; then
+    echo "Updating $filename with new user path..."
+    
+    # Temporary file for modification
+    tmp_file=$(mktemp)
+    
+    # Change path from old USER to new USER_TO
+    sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
+    
+    # Check if replacement was successful and update file
+    if [ $? -eq 0 ]; then
+        mv "$tmp_file" "$filepath"
+        echo "$filename updated successfully."
+    else
+        echo "Failed to update $filename file."
+        rm "$tmp_file"  # Deletes temporary file
+    fi
+fi
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink
index 81561a97..ccd66b7c 100644
--- a/bin/v-move-folder-and-make-symlink
+++ b/bin/v-move-folder-and-make-symlink
@@ -19,6 +19,8 @@ fi
 FROMFOLDER=$1
 TOFOLDER=$2
 
+echo "Executing: v-move-folder-and-make-symlink $1 $2"
+
 # Includes
 source $VESTA/func/main.sh
 
@@ -26,6 +28,16 @@ source $VESTA/func/main.sh
 #                    Verifications                         #
 #----------------------------------------------------------#
 
+if [ -z "$FROMFOLDER" ]; then
+    echo "First parameter is empty, aborting"
+    exit 1
+fi
+
+if [ -z "$TOFOLDER" ]; then
+    echo "Second parameter is empty, aborting"
+    exit 1
+fi
+
 # Trimming the ending slash, just in case
 FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::')
 TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::')
@@ -66,19 +78,21 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
-rsync -a "$FROMFOLDER/" "$TOFOLDER/"
-# with slashes on the end of the path of both folders
-if [ "$?" -ne 0 ]; then
-    echo "Error happened, aborting"
-    exit 1
-fi
-
 if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then
     # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files
     chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1
     # with slashes on the end of the path of the folder
 fi
 
+# rsync -a "$FROMFOLDER/" "$TOFOLDER/"
+# with slashes on the end of the path of both folders
+
+mv "$FROMFOLDER" "$TOFOLDER"
+if [ "$?" -ne 0 ]; then
+    echo "Error happened, aborting"
+    exit 1
+fi
+
 rm -rf "$FROMFOLDER"
 # without slash on the end of the path of the folder
 
diff --git a/bin/v-php-func b/bin/v-php-func
index 0c789863..925cc91e 100644
--- a/bin/v-php-func
+++ b/bin/v-php-func
@@ -9,7 +9,7 @@
 #----------------------------------------------------------#
 
 
-if [ -p /dev/stdin ]; then
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
     STDIN=$(cat -)
     if [ ! -z "$STDIN" ]; then
         echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php "$@"
diff --git a/bin/v-restart-web b/bin/v-restart-web
index ab1afe6c..2b17ad9f 100755
--- a/bin/v-restart-web
+++ b/bin/v-restart-web
@@ -64,7 +64,9 @@ fi
 
 # Resart web system if reload didn't work
 if [ "$rc" -ne 0 ]; then
-    service $WEB_SYSTEM restart >/dev/null 2>&1
+    # service $WEB_SYSTEM restart >/dev/null 2>&1
+    systemctl reset-failed $WEB_SYSTEM
+    systemctl restart $WEB_SYSTEM >/dev/null 2>&1
     if [ $? -ne 0 ]; then
         send_email_report
         check_result $E_RESTART "$WEB_SYSTEM restart failed"
diff --git a/bin/v-restore-user b/bin/v-restore-user
index af451d88..a2dab574 100755
--- a/bin/v-restore-user
+++ b/bin/v-restore-user
@@ -417,6 +417,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
         # Restoring web domain data
         chown $user $tmpdir
         chmod u+w $HOMEDIR/$user/web/$domain
+        chmod 0755 $tmpdir/web/$domain
         sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
             -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
             2> $HOMEDIR/$user/web/$domain/restore_errors.log
@@ -618,6 +619,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
         if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
             chown $user $tmpdir
             chmod u+w $HOMEDIR/$user/mail/$domain_idn
+            chmod 0755 $tmpdir/mail/$domain
             sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
                 -C $HOMEDIR/$user/mail/$domain_idn/
             if [ "$?" -ne 0 ]; then
diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli
new file mode 100644
index 00000000..b1e4e6aa
--- /dev/null
+++ b/bin/v-run-wp-cli
@@ -0,0 +1,146 @@
+#!/bin/bash
+# info: Run WP CLI command for a specific domain
+# options: DOMAIN WP_CLI_COMMAND
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+wp_command=${@:2} 
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+VERBOSE_MODE=1
+
+check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+if [ ! -d "/home/$user" ]; then
+    echo "= User doesn't exist";
+    exit 1;
+fi
+
+if [[ "$wp_command" != core\ download* ]] && [[ "$wp_command" != core\ config* ]] && [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo '= Please install WordPress first.'
+    exit 1;
+fi
+
+wpcli=""
+
+if [ ! -f "/usr/local/bin/wp" ]; then
+    echo "= WP CLI is not installed. Installing..."
+    /usr/local/vesta/bin/v-install-wp-cli
+fi
+
+if [ -z "$USE_WP_CLI_MYVESTA" ]; then
+    if [ -f "/usr/local/bin/wp" ]; then
+        # Get current time and file ctime in seconds since epoch
+        current_time=$(date +%s)
+        file_ctime=$(stat -c %Z /usr/local/bin/wp)
+        # Calculate age in days
+        age_days=$(( (current_time - file_ctime) / 86400 ))
+        if [ "$age_days" -gt 30 ]; then
+            echo "= The /usr/local/bin/wp file is older than 30 days (based on CTime)."
+            echo "= Updating WP CLI..."
+            /usr/local/vesta/bin/v-install-wp-cli
+        fi
+    fi
+fi
+
+if [ -t 1 ]; then
+    output='terminal'
+else
+    output='file'
+fi
+
+if [ -f "/usr/local/bin/wp" ]; then
+    wpcli="/usr/local/bin/wp"
+    WP_CLI_PACKAGES_DIR=""
+fi
+
+if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then
+    wpcli="/usr/local/bin/wp-cli/php/boot-fs.php"
+    COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}')
+    echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS
+    WP_CLI_PACKAGES_DIR="WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages"
+fi
+
+if [ -z "$wpcli" ]; then
+    echo "= WP CLI is not installed. Please install it manually."
+    exit 1;
+fi
+
+mkdir -p /home/$user/.wp-cli
+chown $user:$user /home/$user/.wp-cli
+
+if [ -z "$PHP" ]; then
+    phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain")
+else
+    phpver=$PHP
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+cd /home/$USER/web/$domain/public_html
+
+if [ -z "$OPEN_BASEDIR" ]; then
+    OPEN_BASEDIR="/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin:/tmp"
+fi
+
+if [ -z "$DISABLE_FUNCTIONS" ]; then
+    DISABLE_FUNCTIONS="pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
+fi
+
+if [ -z "$SHOW_ERRORS" ]; then
+    sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log
+else
+    sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command
+fi
+
+return_code=$?
+
+if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then
+    rm /usr/local/bin/wp-cli/COLUMNS
+fi
+
+if [ -z "$SHOW_ERRORS" ]; then
+    if grep -q "PHP Fatal error" /home/$user/web/$domain/wp-cli-error.log || [ $return_code -ne 0 ]; then
+        cat /home/$user/web/$domain/wp-cli-error.log
+    fi
+fi
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit $return_code;
diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta
new file mode 100644
index 00000000..5947edfa
--- /dev/null
+++ b/bin/v-run-wp-cli-myvesta
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
+    echo "= myVesta WP CLI is not installed. Installing..."
+    /usr/local/vesta/bin/v-install-wp-cli-myvesta
+fi
+
+if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
+    # Get current time and file ctime in seconds since epoch
+    current_time=$(date +%s)
+    file_ctime=$(stat -c %Z /usr/local/bin/wp-cli/php/boot-fs.php)
+    # Calculate age in days
+    age_days=$(( (current_time - file_ctime) / 86400 ))
+    if [ "$age_days" -gt 30 ]; then
+        echo "= The /usr/local/bin/wp-cli/php/boot-fs.php file is older than 30 days (based on CTime)."
+        echo "= Updating myVesta WP CLI..."
+        /usr/local/vesta/bin/v-install-wp-cli-myvesta
+    fi
+fi
+
+USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@"
diff --git a/bin/v-sed b/bin/v-sed
index 9d1a82ee..16e8ad2b 100644
--- a/bin/v-sed
+++ b/bin/v-sed
@@ -9,13 +9,19 @@
 #----------------------------------------------------------#
 
 
-if [ -p /dev/stdin ]; then
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
     STDIN=$(cat -)
     if [ ! -z "$STDIN" ]; then
-        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@"
+        shift;
+        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@"
         exit $?
     fi
 fi
 
-php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@"
+if [ "$1" == "--stdin" ]; then
+    shift;
+    php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@"
+else
+    php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@"
+fi
 exit $?
diff --git a/bin/v-suspend-firewall-rule b/bin/v-suspend-firewall-rule
index 67f14cec..9191fed0 100755
--- a/bin/v-suspend-firewall-rule
+++ b/bin/v-suspend-firewall-rule
@@ -32,12 +32,21 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule"
 #                       Action                             #
 #----------------------------------------------------------#
 
+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Suspending rule
 update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes
 
 # Updating system firewall
 $BIN/v-update-firewall
 
+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    parse_object_kv_list_non_eval "$oldvalues"
+    if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
+        sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-suspend-web-domain b/bin/v-suspend-web-domain
index 7bd658ce..c9120122 100755
--- a/bin/v-suspend-web-domain
+++ b/bin/v-suspend-web-domain
@@ -17,6 +17,10 @@ domain=$2
 domain_idn=$2
 restart=$3
 
+if [ -z "$restart" ]; then
+    restart='yes'
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
@@ -80,12 +84,14 @@ fi
 update_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED' 'yes'
 increase_user_value "$user" '$SUSPENDED_WEB'
 
-# Restarting web server
-$BIN/v-restart-web $restart
-check_result $? "Web restart failed" >/dev/null
-
-$BIN/v-restart-proxy $restart
-check_result $? "Proxy restart failed" >/dev/null
+if [ "$restart" = "yes" ]; then
+    # Restarting web server
+    $BIN/v-restart-web $restart
+    check_result $? "Web restart failed" >/dev/null
+    
+    $BIN/v-restart-proxy $restart
+    check_result $? "Proxy restart failed" >/dev/null
+fi
 
 # Logging
 log_event "$OK" "$ARGUMENTS"
diff --git a/bin/v-unlock-wordpress b/bin/v-unlock-wordpress
index 1e2cccc6..4a2c42c3 100644
--- a/bin/v-unlock-wordpress
+++ b/bin/v-unlock-wordpress
@@ -58,6 +58,8 @@ chown -R $user:$user public_html/
 
 rm public_html/wp-content/uploads/.htaccess
 
+/usr/local/vesta/bin/v-fix-website-permissions $domain
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
diff --git a/bin/v-unsuspend-firewall-rule b/bin/v-unsuspend-firewall-rule
index be6320d4..f0e00c96 100755
--- a/bin/v-unsuspend-firewall-rule
+++ b/bin/v-unsuspend-firewall-rule
@@ -32,12 +32,25 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule"
 #                       Action                             #
 #----------------------------------------------------------#
 
+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Suspending rule
 update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no
 
 # Updating system firewall
 $BIN/v-update-firewall
 
+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    parse_object_kv_list_non_eval "$oldvalues"
+    if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
+        touch /etc/nginx/conf.d/block-firewall.conf
+        if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then
+            echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf
+            systemctl restart nginx
+        fi
+    fi
+fi
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-update-document-errors-files b/bin/v-update-document-errors-files
new file mode 100644
index 00000000..c044a80a
--- /dev/null
+++ b/bin/v-update-document-errors-files
@@ -0,0 +1,48 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html
+        chown $user:$user /home/$user/web/$domain/document_errors/*
+        chmod 644 /home/$user/web/$domain/document_errors/*
+    done
+
+done
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-update-firewall b/bin/v-update-firewall
index d3a46686..6d359f07 100755
--- a/bin/v-update-firewall
+++ b/bin/v-update-firewall
@@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp
 echo "$iptables -F INPUT" >> $tmp
 
 # Enabling stateful support
-if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then
+if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then
     str="$iptables -A INPUT -m state"
     str="$str --state ESTABLISHED,RELATED -j ACCEPT"
     echo "$str" >> $tmp
@@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then
 fi
 
 # Saving rules to the master iptables file
-if [ -d "/etc/sysconfig" ]; then
-    /sbin/iptables-save > /etc/sysconfig/iptables
-    if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
-        /sbin/chkconfig iptables on
-    fi
-else
+# if [ -d "/etc/sysconfig" ]; then
+#     /sbin/iptables-save > /etc/sysconfig/iptables
+#     if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
+#         /sbin/chkconfig iptables on
+#     fi
+# else
     /sbin/iptables-save > /etc/iptables.rules
     preup="/etc/network/if-pre-up.d/iptables"
     if [ ! -e "$preup" ]; then
@@ -178,7 +178,7 @@ else
         echo "exit 0" >> $preup
         chmod +x $preup
     fi
-fi
+# fi
 
 # Worarkound for OpenVZ
 if [ -e "/proc/vz/veinfo" ]; then
diff --git a/bin/v-update-mail-domain-disk b/bin/v-update-mail-domain-disk
index 451dbd37..be5502e7 100755
--- a/bin/v-update-mail-domain-disk
+++ b/bin/v-update-mail-domain-disk
@@ -49,7 +49,8 @@ dom_diks=0
 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do
     home_dir=$HOMEDIR/$user/mail/$domain/$account
     if [ -e "$home_dir" ]; then
-        udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+        cd $home_dir
+        udisk=$(nice -n 19 du -shm ./ | cut -f 1 )
     else
         udisk=0
     fi
diff --git a/bin/v-update-mail-domains-disk b/bin/v-update-mail-domains-disk
index ca93627f..807218e3 100755
--- a/bin/v-update-mail-domains-disk
+++ b/bin/v-update-mail-domains-disk
@@ -35,13 +35,14 @@ fi
 #----------------------------------------------------------#
 
 # Starting loop
-for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do
+for domain in $(list_objects 'mail' 'DOMAIN'); do
     dom_diks=0
-    accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT')
+    accounts=$(list_objects "mail/$domain" 'ACCOUNT')
     for account in $accounts; do
         home_dir=$HOMEDIR/$user/mail/$domain/$account
         if [ -e "$home_dir" ]; then
-            udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+            cd $home_dir
+            udisk=$(nice -n 19 du -shm ./ | cut -f 1 )
         else
             udisk=0
         fi
diff --git a/bin/v-update-sys-rrd-net b/bin/v-update-sys-rrd-net
index e9c642e4..d59eefd9 100755
--- a/bin/v-update-sys-rrd-net
+++ b/bin/v-update-sys-rrd-net
@@ -35,13 +35,15 @@ if [ ! -d "$RRD/net" ]; then
     mkdir $RRD/net
 fi
 
+find $RRD/net -name "veth*" -delete
+
 # Parsing network interfaces
 ndev=$(cat /proc/net/dev)
 ifaces=$(echo "$ndev" |grep : |cut -f 1 -d : | sed "s/ //g")
 
 # Parsing excludes
 if [ -z "$RRD_IFACE_EXCLUDE" ]; then
-    RRD_IFACE_EXCLUDE='lo'
+    RRD_IFACE_EXCLUDE='lo,'
 fi
 for exclude in $(echo ${RRD_IFACE_EXCLUDE//,/ }); do
     ifaces=$(echo "$ifaces" |grep -vw "$exclude" )
@@ -62,6 +64,8 @@ for iface in $ifaces; do
             RRA:MAX:0.5:6:700 \
             RRA:MAX:0.5:24:775 \
             RRA:MAX:0.5:288:797
+    else
+        touch $RRD/net/$iface.rrd
     fi
 
     # Parsing device stats
@@ -112,6 +116,8 @@ for iface in $ifaces; do
 
 done
 
+find $RRD/net -name "*.png" -mtime +1 -delete
+find $RRD/net -name "*.rrd" -mtime +1 -delete
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-update-web-domain-disk b/bin/v-update-web-domain-disk
index ac851b92..1bee4685 100755
--- a/bin/v-update-web-domain-disk
+++ b/bin/v-update-web-domain-disk
@@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then
     disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
 fi
 
+# Defining hdd home directory
+home_dir="/hdd$HOMEDIR/$user/web/$domain/"
+
+# Checking home directory exist
+if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
+    disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+    disk_usage=$(( disk_usage + disk_usage2 ))
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #
diff --git a/bin/v-update-web-domains-disk b/bin/v-update-web-domains-disk
index 5951f289..5ee58abf 100755
--- a/bin/v-update-web-domains-disk
+++ b/bin/v-update-web-domains-disk
@@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user"
 #----------------------------------------------------------#
 
 # Domain loop
-for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do
+for domain in $(list_objects 'web' 'DOMAIN'); do
     home_dir="$HOMEDIR/$user/web/$domain/"
     if [ -e "$home_dir" ]; then
         disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
     fi
+    home_dir="/hdd$HOMEDIR/$user/web/$domain/"
+    if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
+        disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+        disk_usage=$(( disk_usage + disk_usage2 ))
+    fi
     update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage"
 done
 
diff --git a/bin/v-whitelist-email-account b/bin/v-whitelist-email-account
new file mode 100644
index 00000000..4a6e6329
--- /dev/null
+++ b/bin/v-whitelist-email-account
@@ -0,0 +1,119 @@
+#!/bin/bash
+# info: Add a specific email address to SpamAssassin whitelist
+# usage: v-whitelist-email-account EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if an entry already exists in a file
+check_entry_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to check if a domain/email is already blacklisted
+check_blacklisted() {
+    local pattern=$1
+    local file=$2
+    grep -qE "blacklist_from.*${pattern}" "$file"
+}
+
+# Function to add an entry to a file
+add_entry_to_file() {
+    local entry=$1
+    local file=$2
+    echo "$entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 1 ]; then
+    echo "Usage: v-whitelist-email-account EMAIL"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+EMAIL=$1
+
+# Validate email format
+if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+    echo "Invalid email address format."
+    exit 1
+fi
+
+# Extract the domain from the email address
+DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}')
+
+# Prepare entries for SpamAssassin
+WHITELIST_ENTRY="whitelist_from $EMAIL"
+BLACKLIST_ENTRY_MAIN="*@${DOMAIN}"
+BLACKLIST_ENTRY_SUB="*.$DOMAIN"
+
+#----------------------------------------------------------#
+#                SpamAssassin Whitelist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+
+# Check if the email address or its domain is already blacklisted
+if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. It is already blacklisted."
+    exit 1
+fi
+
+if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted."
+    exit 1
+fi
+
+if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted."
+    exit 1
+fi
+
+# Add the email to whitelist if not already present
+if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then
+    add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"
+    echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE."
+fi
+
+# Restart SpamAssassin only if changes were made
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
diff --git a/bin/v-whitelist-email-domain b/bin/v-whitelist-email-domain
new file mode 100644
index 00000000..9d877ad4
--- /dev/null
+++ b/bin/v-whitelist-email-domain
@@ -0,0 +1,119 @@
+#!/bin/bash
+# info: Add a domain to SpamAssassin whitelist
+# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if a SpamAssassin whitelist entry already exists
+check_whitelist_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "whitelist_from $entry" "$file"
+}
+
+# Function to check if a domain/email is already blacklisted
+check_blacklist_exists() {
+    local domain=$1
+    local file=$2
+    grep -qE "blacklist_from.*${domain}$" "$file"
+}
+
+# Function to add whitelist entry to file
+add_whitelist_to_file() {
+    local entry=$1
+    local file=$2
+    echo "whitelist_from $entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DOMAIN=$1
+SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
+
+# Validate SUBDOMAIN parameter
+if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
+    echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
+    exit 1
+fi
+
+# Prepare entries for SpamAssassin
+WHITELIST_ENTRY_MAIN="*@${DOMAIN}"
+WHITELIST_ENTRY_SUB="*.$DOMAIN"
+BLACKLIST_ENTRY_MAIN="*@${DOMAIN}"
+BLACKLIST_ENTRY_SUB="*.$DOMAIN"
+
+#----------------------------------------------------------#
+#                SpamAssassin Whitelist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+
+# Check if the domain is already blacklisted
+if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $DOMAIN. It is already blacklisted."
+    exit 1
+fi
+
+# Add the main entry
+if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
+    echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
+fi
+
+# Add the subdomain entry if needed
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+        add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"
+        echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE."
+        SPAMASSASSIN_CHANGED=true
+    else
+        echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
+    fi
+fi
+
+# Restart SpamAssassin only if changes were made
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
diff --git a/func/bash-to-php-interpreter.php b/func/bash-to-php-interpreter.php
index 4c1e9dc5..b437c3c9 100644
--- a/func/bash-to-php-interpreter.php
+++ b/func/bash-to-php-interpreter.php
@@ -7,13 +7,22 @@ else $SHLVL=3;
 
 if (!isset($argv)) exit(5);
 
-stream_set_blocking(STDIN, false);
-$myvesta_stdin='';
-$myvesta_f = fopen( 'php://stdin', 'r' );
-while( $myvesta_line = fgets( $myvesta_f ) ) {
-    $myvesta_stdin .= $myvesta_line;
+$argv_start=1;
+$STDIN_ENABLED=false;
+if ($argv[1]=='--stdin') {
+    $STDIN_ENABLED=true;
+    $argv_start++;
+}
+
+$myvesta_stdin='';
+if ($STDIN_ENABLED==true) {
+    stream_set_blocking(STDIN, false);
+    $myvesta_f = fopen( 'php://stdin', 'r' );
+    while( $myvesta_line = fgets( $myvesta_f ) ) {
+        $myvesta_stdin .= $myvesta_line;
+    }
+    fclose( $myvesta_f );
 }
-fclose( $myvesta_f );
 
 include ("/usr/local/vesta/func/main.php");
 include ("/usr/local/vesta/func/string.php");
@@ -21,9 +30,9 @@ include ("/usr/local/vesta/func/string.php");
 $counter=count($argv);
 if ($counter<2) myvesta_throw_error(2, 'Function is missing');
 
-$func=$argv[1];
+$func=$argv[$argv_start];
 if (!function_exists($func)) {
-    $func="myvesta_".$argv[1];    
+    $func="myvesta_".$argv[$argv_start];    
     if (!function_exists($func)) myvesta_throw_error(2, 'Function does not exists');
 }
 
@@ -36,10 +45,12 @@ $params=array();
 $added=0;
 $stdin_content='';
 $myvesta_stdin_from_file='';
- $myvesta_stdin_return_not_found=false;
+$myvesta_stdin_return_not_found=false;
 if ($myvesta_stdin!='' && $insert_stdin_at_position===false) {$params[]=$myvesta_stdin; $added++;}
 
-for ($i=2; $i<$counter; $i++) {
+$argv_start++;
+
+for ($i=$argv_start; $i<$counter; $i++) {
     $argv[$i]=myvesta_fix_backslashes($argv[$i]);
     //if ($insert_stdin_at_position!==false && $myvesta_stdin=='') if ($insert_stdin_at_position==$added) {$stdin_content=$argv[$i]; $added++; continue;}
     $params[]=$argv[$i];
@@ -48,7 +59,7 @@ for ($i=2; $i<$counter; $i++) {
 //print_r($params); exit;
 
 if ($insert_stdin_at_position!=false) {
-    if ($myvesta_stdin=='') {
+    if ($myvesta_stdin=='' && isset($params[$insert_stdin_at_position])) {
         $file_or_stdin=$params[$insert_stdin_at_position];
         if (!file_exists($file_or_stdin)) {
             $myvesta_stdin_return_not_found=true;
diff --git a/func/db.sh b/func/db.sh
index 20230fec..7e4f4d97 100644
--- a/func/db.sh
+++ b/func/db.sh
@@ -29,6 +29,9 @@ mysql_connect() {
     mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1
     if [ '0' -ne "$?" ]; then
         if [ "$notify" != 'no' ]; then
+            subj="Error: Connection to $HOST failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
             echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\
                 $SENDMAIL -s "$subj" $email
         fi
@@ -55,10 +58,13 @@ mysql_query() {
 
 mysql_dump() {
     err="/tmp/e.mysql"
-    mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
+    mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err
     if [ '0' -ne "$?" ]; then
         rm -rf $tmpdir
         if [ "$notify" != 'no' ]; then
+            subj="Error: dump $database failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
             echo -e "Can't dump database $database\n$(cat $err)" |\
                 $SENDMAIL -s "$subj" $email
         fi
@@ -82,6 +88,9 @@ psql_connect() {
     psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql
     if [ '0' -ne "$?" ]; then
         if [ "$notify" != 'no' ]; then
+            subj="Error: Connection to $HOST failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
             echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\
                 $SENDMAIL -s "$subj" $email
         fi
@@ -103,6 +112,9 @@ psql_dump() {
     if [ '0' -ne "$?" ]; then
         rm -rf $tmpdir
         if [ "$notify" != 'no' ]; then
+            subj="Error: dump $database failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+            
             echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\
                 $SENDMAIL -s "$subj" $email
         fi
diff --git a/func/main.php b/func/main.php
index 22834d42..4628c92a 100644
--- a/func/main.php
+++ b/func/main.php
@@ -53,6 +53,7 @@ function myvesta_check_args ($requried_arguments, $arguments) {
     $argument_counter=count($argv);
     $argument_counter--;
     $argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]);
+    $command=$argv[0];
     // myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n");
     if ($argument_counter<$requried_arguments) {
         $arguments=str_replace(" ", "' '", $arguments);
diff --git a/func/main.sh b/func/main.sh
index 10de469a..4dfc087b 100644
--- a/func/main.sh
+++ b/func/main.sh
@@ -254,6 +254,9 @@ is_object_unsuspended() {
         spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'")
     fi
     if [ ! -z "$spnd" ]; then
+        if [ ! -z "$VERBOSE_MODE" ]; then
+            echo "Error: $(basename $1) $3 is suspended"
+        fi
         check_result $E_SUSPENDED "$(basename $1) $3 is suspended"
     fi
 }
@@ -359,6 +362,17 @@ search_objects() {
     IFS="$OLD_IFS"
 }
 
+# List objects
+list_objects() {
+    OLD_IFS="$IFS"
+    IFS=$'\n'
+    for line in $(cat $USER_DATA/$1.conf); do
+        eval $line
+        eval echo \$$2
+    done
+    IFS="$OLD_IFS"
+}
+
 # Get user value
 get_user_value() {
     grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}'
@@ -1143,3 +1157,105 @@ check_if_service_exists() {
         echo "0"
     fi
 }
+
+# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl.
+# Inspired by HestiaCP function and improved
+parse_object_kv_list_non_eval() {
+    # Let's combine all the parameters into one string, replace the new lines with a space
+    local str="${*//$'\n'/ }"
+    str=${str//\\\'/---QUOTE---}
+    str=${str//\\\"/---DQUOTE---}
+    local backup_str=$str
+
+    local key val match i length length_val prefix position cut
+    i=0
+    # Searching for key='value' blocks
+    # Loop until we find the next key='value'
+    while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do
+        key="${BASH_REMATCH[1]}"
+        val="${BASH_REMATCH[2]}"
+        match="${BASH_REMATCH[0]}"
+        length=${#match}
+        length_val=${#match}
+
+        # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number)
+        if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
+            check_result "$E_INVALID" "Invalid key format [$key]"
+        fi
+
+        # Declaring a global variable
+        val=${val/---QUOTE---/\\\'}
+        val=${val/---DQUOTE---/\\\"}
+        declare -g "$key"="$val"
+
+        # Let's remove the processed part from str to continue
+        prefix=${str%%"$key="*}
+        position=${#prefix}
+        cut=$((position + 1 + length_val))
+        str=${str:cut}
+        ((i++))
+        if [ $i -eq 100 ]; then
+            check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
+        fi
+    done
+
+    # Terminate function if we don't expect strings with double apostrophes
+    if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then
+        return;
+    fi
+
+    # Searching for key="value" blocks
+    str=$backup_str
+    i=0
+    # Loop until we find the next key="value"
+    while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do
+        key="${BASH_REMATCH[1]}"
+        val="${BASH_REMATCH[2]}"
+        match="${BASH_REMATCH[0]}"
+        length=${#match}
+        length_val=${#match}
+
+        # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number)
+        if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
+            check_result "$E_INVALID" "Invalid key format [$key]"
+        fi
+
+        # Declaring a global variable
+        val=${val/---QUOTE---/\\\'}
+        val=${val/---DQUOTE---/\\\"}
+        declare -g "$key"="$val"
+
+        # Let's remove the processed part from str to continue
+        prefix=${str%%"$key="*}
+        position=${#prefix}
+        cut=$((position + 1 + length_val))
+        str=${str:cut}
+        ((i++))
+        if [ $i -eq 100 ]; then
+            check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
+        fi
+    done
+}
+
+# Return OK (0) if domain is unsupended
+# Parameters:
+# $1 - user
+# $2 - domain
+return_ok_if_domain_is_unsuspended() {
+    spnd=$(grep "DOMAIN='$2'" /usr/local/vesta/data/users/$1/web.conf | grep "SUSPENDED='yes'")
+    if [ ! -z "$spnd" ]; then
+        return $E_SUSPENDED
+    fi
+    return $OK
+}
+
+# Return OK (0) if user is unsupended
+# Parameters:
+# $1 - user
+return_ok_if_user_is_unsuspended() {
+    spnd=$(cat /usr/local/vesta/data/users/$1/user.conf | grep "SUSPENDED='yes'")
+    if [ ! -z "$spnd" ]; then
+        return $E_SUSPENDED
+    fi
+    return $OK
+}
diff --git a/func/rebuild.sh b/func/rebuild.sh
index b4a5f73d..ae267e8b 100644
--- a/func/rebuild.sh
+++ b/func/rebuild.sh
@@ -610,6 +610,9 @@ rebuild_pgsql_database() {
     if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then
         echo "Error: postgresql config parsing failed"
         if [ ! -z "$SENDMAIL" ]; then
+            subj="Error: postgresql config parsing failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
             echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email
         fi
         log_event "$E_PARSING" "$ARGUMENTS"
@@ -621,6 +624,9 @@ rebuild_pgsql_database() {
     if [ '0' -ne "$?" ];  then
         echo "Error: Connection failed"
         if [ ! -z "$SENDMAIL" ]; then
+            subj="Error: Connection failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
             echo "Database connection to PostgreSQL host $HOST failed" |\
                 $SENDMAIL -s "$subj" $email
         fi
diff --git a/install/debian/10/exim/dnsbl.conf b/install/debian/10/exim/dnsbl.conf
index 5166b255..279bafcd 100644
--- a/install/debian/10/exim/dnsbl.conf
+++ b/install/debian/10/exim/dnsbl.conf
@@ -1,2 +1 @@
 bl.spamcop.net
-zen.spamhaus.org
diff --git a/install/debian/10/templates/web/awstats/awstats.tpl b/install/debian/10/templates/web/awstats/awstats.tpl
index 9a92e0fd..6bb51c50 100755
--- a/install/debian/10/templates/web/awstats/awstats.tpl
+++ b/install/debian/10/templates/web/awstats/awstats.tpl
@@ -24,7 +24,7 @@ PurgeLogFile=0
 ArchiveLogRecords=0
 KeepBackupOfHistoricFiles=1
 DefaultFile="index.php index.html"
-SkipHosts="127.0.0.1
+SkipHosts="127.0.0.1"
 SkipUserAgents=""
 SkipFiles=""
 SkipReferrersBlackList=""
diff --git a/install/debian/10/templates/web/nginx/private-hosting.sh b/install/debian/10/templates/web/nginx/private-hosting.sh
index abc9155d..eeed37ef 100755
--- a/install/debian/10/templates/web/nginx/private-hosting.sh
+++ b/install/debian/10/templates/web/nginx/private-hosting.sh
@@ -1,11 +1,11 @@
-#!/bin/bash
-# Changing public_html permission
-user="$1"
-domain="$2"
-ip="$3"
-home_dir="$4"
-docroot="$5"
-
-chmod 755 $docroot
-
-exit 0
+#!/bin/bash
+# Changing public_html permission
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+chmod 755 $docroot
+
+exit 0
diff --git a/install/debian/11/exim/dnsbl.conf b/install/debian/11/exim/dnsbl.conf
index 5166b255..279bafcd 100644
--- a/install/debian/11/exim/dnsbl.conf
+++ b/install/debian/11/exim/dnsbl.conf
@@ -1,2 +1 @@
 bl.spamcop.net
-zen.spamhaus.org
diff --git a/install/debian/11/exim/exim4.conf.template b/install/debian/11/exim/exim4.conf.template
index cbc2e75f..3f09a2e8 100644
--- a/install/debian/11/exim/exim4.conf.template
+++ b/install/debian/11/exim/exim4.conf.template
@@ -322,7 +322,7 @@ remote_smtp:
   dkim_private_key = DKIM_PRIVATE_KEY
   dkim_canon = relaxed
   dkim_strict = 0
-  hosts_try_fastopen = !*.l.google.com
+  hosts_try_fastopen = 
   hosts_try_chunking = !93.188.3.0/24
 
 procmail:
diff --git a/install/debian/11/exim/exim4.conf.template-RC b/install/debian/11/exim/exim4.conf.template-RC
index 5a4d0414..82b97d4e 100644
--- a/install/debian/11/exim/exim4.conf.template-RC
+++ b/install/debian/11/exim/exim4.conf.template-RC
@@ -353,7 +353,7 @@ remote_smtp:
   dkim_private_key = DKIM_PRIVATE_KEY
   dkim_canon = relaxed
   dkim_strict = 0
-  hosts_try_fastopen = !*.l.google.com
+  hosts_try_fastopen = 
   hosts_try_chunking = !93.188.3.0/24
 
 procmail:
diff --git a/install/debian/11/templates/web/awstats/awstats.tpl b/install/debian/11/templates/web/awstats/awstats.tpl
index 9a92e0fd..6bb51c50 100755
--- a/install/debian/11/templates/web/awstats/awstats.tpl
+++ b/install/debian/11/templates/web/awstats/awstats.tpl
@@ -24,7 +24,7 @@ PurgeLogFile=0
 ArchiveLogRecords=0
 KeepBackupOfHistoricFiles=1
 DefaultFile="index.php index.html"
-SkipHosts="127.0.0.1
+SkipHosts="127.0.0.1"
 SkipUserAgents=""
 SkipFiles=""
 SkipReferrersBlackList=""
diff --git a/install/debian/11/templates/web/nginx/private-hosting.sh b/install/debian/11/templates/web/nginx/private-hosting.sh
index abc9155d..eeed37ef 100755
--- a/install/debian/11/templates/web/nginx/private-hosting.sh
+++ b/install/debian/11/templates/web/nginx/private-hosting.sh
@@ -1,11 +1,11 @@
-#!/bin/bash
-# Changing public_html permission
-user="$1"
-domain="$2"
-ip="$3"
-home_dir="$4"
-docroot="$5"
-
-chmod 755 $docroot
-
-exit 0
+#!/bin/bash
+# Changing public_html permission
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+chmod 755 $docroot
+
+exit 0
diff --git a/install/debian/12/exim/dnsbl.conf b/install/debian/12/exim/dnsbl.conf
index 5166b255..279bafcd 100644
--- a/install/debian/12/exim/dnsbl.conf
+++ b/install/debian/12/exim/dnsbl.conf
@@ -1,2 +1 @@
 bl.spamcop.net
-zen.spamhaus.org
diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template
index e6abbe8e..15264797 100644
--- a/install/debian/12/exim/exim4.conf.template
+++ b/install/debian/12/exim/exim4.conf.template
@@ -13,6 +13,8 @@ add_environment=<; PATH=/bin:/usr/bin
 keep_environment=
 smtputf8_advertise_hosts =
 
+SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}
+
 #local_interfaces =  0.0.0.0
 #smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}}
 #smtp_banner = "$smtp_active_hostname ESMTP $tod_full"
@@ -109,16 +111,18 @@ acl_check_mail:
   deny    condition     = ${if eq{$sender_helo_name}{}}
           message       = HELO required before MAIL
 
-  drop    message       = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
+  drop    !authenticated = *
+          message       = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
           condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
-          condition     = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}}
           condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
           delay         = 45s
 
-  drop    condition     = ${if isip{$sender_helo_name}}
+  drop    !authenticated = *
+          condition     = ${if isip{$sender_helo_name}}
           message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
 
-  drop    condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+  drop    !authenticated = *
+          condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
           message       = $interface_address is _my_ address
 
   accept
@@ -143,6 +147,7 @@ acl_check_rcpt:
   
   warn    !authenticated = *
           hosts          = !+relay_from_hosts
+          condition     = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}}
           condition     = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
           set acl_m3    = yes
 
@@ -265,8 +270,11 @@ begin routers
 
 dnslookup:
   driver = dnslookup
-  domains = !+local_domains
-  transport = remote_smtp
+  # if outbound, and forwarding has been done, use an alternate transport
+  domains = ! +local_domains
+  transport = ${if eq {$local_part@$domain} \
+                      {$original_local_part@$original_domain} \
+                      {remote_smtp} {remote_forwarded_smtp}}
   no_more
 
 localuser_spam:
@@ -303,6 +311,23 @@ autoreplay:
   transport = userautoreply
   unseen
 
+inbound_srs:
+    driver = redirect
+    senders = :
+    domains = +local_domains
+    # detect inbound bounces which are converted to SRS, and decode them
+    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
+    data = $srs_recipient
+
+inbound_srs_failure:
+    driver = redirect
+    senders = :
+    domains = +local_domains
+    # detect inbound bounces which look converted to SRS but are invalid
+    condition = ${if inbound_srs {$local_part} {}}
+    allow_fail
+    data = :fail: Invalid SRS recipient address
+
 aliases:
   driver = redirect
   headers_add = X-redirected: yes
@@ -351,8 +376,23 @@ remote_smtp:
   dkim_private_key = DKIM_PRIVATE_KEY
   dkim_canon = relaxed
   dkim_strict = 0
-  hosts_try_fastopen = !*.l.google.com
+  hosts_try_fastopen = 
   hosts_try_chunking = !93.188.3.0/24
+  message_linelength_limit = 1G
+
+remote_forwarded_smtp:
+  driver = smtp
+  dkim_domain = DKIM_DOMAIN
+  dkim_selector = mail
+  dkim_private_key = DKIM_PRIVATE_KEY
+  dkim_canon = relaxed
+  dkim_strict = 0
+  hosts_try_fastopen = 
+  hosts_try_chunking = !93.188.3.0/24
+  message_linelength_limit = 1G
+  # modify the envelope from, for mails that we forward
+  max_rcpt = 1
+  return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
 
 procmail:
   driver = pipe
diff --git a/install/debian/12/exim/exim4.conf.template.without-srs b/install/debian/12/exim/exim4.conf.template.without-srs
new file mode 100644
index 00000000..78eda468
--- /dev/null
+++ b/install/debian/12/exim/exim4.conf.template.without-srs
@@ -0,0 +1,451 @@
+######################################################################
+#                                                                    #
+#          Exim configuration file for Vesta Control Panel           #
+#                                                                    #
+######################################################################
+
+#SPAMASSASSIN = yes
+#SPAM_SCORE = 50
+#CLAMD =  yes
+
+disable_ipv6=true
+add_environment=<; PATH=/bin:/usr/bin
+keep_environment=
+smtputf8_advertise_hosts =
+
+#local_interfaces =  0.0.0.0
+#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}}
+#smtp_banner = "$smtp_active_hostname ESMTP $tod_full"
+
+domainlist local_domains = dsearch;/etc/exim4/domains/
+domainlist relay_to_domains = dsearch;/etc/exim4/domains/
+hostlist relay_from_hosts = 127.0.0.1
+hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf
+hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf
+no_local_from_check
+untrusted_set_sender = *
+acl_smtp_connect = acl_check_spammers
+acl_smtp_mail = acl_check_mail
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+acl_smtp_mime = acl_check_mime
+
+LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15
+LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5
+LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40
+LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40
+
+recipients_max = 150
+recipients_max_reject = true
+
+# log_selector = +smtp_connection
+smtp_accept_max = 50
+smtp_accept_max_per_host = 4
+
+.ifdef SPAMASSASSIN
+spamd_address = 127.0.0.1 783
+.endif
+
+.ifdef CLAMD
+av_scanner = clamd: /var/run/clamav/clamd.ctl
+.endif
+
+tls_advertise_hosts = *
+tls_certificate = /usr/local/vesta/ssl/certificate.crt
+tls_privatekey = /usr/local/vesta/ssl/certificate.key
+
+daemon_smtp_ports = 25 : 465 : 587 : 2525
+tls_on_connect_ports = 465
+never_users = root
+host_lookup = *
+rfc1413_hosts = *
+rfc1413_query_timeout = 0s
+ignore_bounce_errors_after = 2d
+timeout_frozen_after = 7d
+
+DKIM_DOMAIN = ${lc:${domain:$h_from:}}
+DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem
+DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
+
+
+
+######################################################################
+#                       ACL CONFIGURATION                            #
+#         Specifies access control lists for incoming SMTP mail      #
+######################################################################
+
+acl_not_smtp = acl_not_smtp
+
+begin acl
+
+acl_not_smtp:
+  deny message = Too many recipients, limit is $acl_c_max_recipients recipients
+  set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}}
+  condition = ${if >{$rcpt_count}{$acl_c_max_recipients}}
+
+  deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id
+
+  warn ratelimit = 0 / 1h / strict / $authenticated_id
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+
+  warn    set acl_m3    = yes
+
+  accept
+
+acl_check_spammers:
+  accept  hosts         = +whitelist
+
+  drop    message       = Your host in blacklist on this server.
+          log_message   = Host in blacklist
+          hosts         = +spammers
+
+  accept
+
+
+acl_check_mail:
+  deny    condition     = ${if eq{$sender_helo_name}{}}
+          message       = HELO required before MAIL
+
+  drop    !authenticated = *
+          message       = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
+          condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
+          condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
+          delay         = 45s
+
+  drop    !authenticated = *
+          condition     = ${if isip{$sender_helo_name}}
+          message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
+
+  drop    !authenticated = *
+          condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+          message       = $interface_address is _my_ address
+
+  accept
+
+
+acl_check_rcpt:
+  accept  hosts         = :
+
+  deny message = Too many recipients, limit is $acl_c_max_recipients recipients
+  set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}}
+  condition = ${if >{$rcpt_count}{$acl_c_max_recipients}}
+
+  deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id
+
+  warn ratelimit = 0 / 1h / strict / $authenticated_id
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+
+  warn    set acl_m3    = no
+  
+  warn    !authenticated = *
+          hosts          = !+relay_from_hosts
+          condition     = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}}
+          condition     = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
+          set acl_m3    = yes
+
+  deny    message       = Restricted characters in address
+          domains       = +local_domains
+          local_parts   = ^[.] : ^.*[@%!/|]
+
+  deny    message       = Restricted characters in address
+          domains       = !+local_domains
+          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+  require verify        = sender
+
+  accept  hosts         = +relay_from_hosts
+          control       = submission
+
+  accept  authenticated = *
+          control       = submission/domain=
+
+  deny    message       = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
+          hosts         = !+whitelist
+          dnslists      = ${readfile {/etc/exim4/dnsbl.conf}{:}}
+
+  require message       = relay not permitted
+          domains       = +local_domains : +relay_to_domains
+
+  deny    message       = smtp auth requried
+         sender_domains = +local_domains
+         !authenticated = *
+
+  require verify        = recipient
+
+.ifdef CLAMD
+  warn    set acl_m0    = no
+
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}}
+          set acl_m0    = yes
+.endif
+
+.ifdef SPAMASSASSIN
+  warn    set acl_m1    = no
+
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
+          set acl_m1    = yes
+.endif
+
+  accept
+
+
+acl_check_data:
+
+  deny senders = /etc/exim4/deny_senders
+
+.ifdef CLAMD
+  deny   message        = Message contains a virus ($malware_name) and has been rejected
+         malware        = */defer_ok
+         condition      = ${if eq{$acl_m0}{yes}{yes}{no}}
+.endif
+
+.ifdef SPAMASSASSIN
+  warn   !authenticated = *
+         hosts          = !+relay_from_hosts
+         condition      = ${if < {$message_size}{600K}}
+         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
+         spam           = nobody:true/defer_ok
+         add_header     = X-Spam-Score: $spam_score_int
+         add_header     = X-Spam-Bar: $spam_bar
+         add_header     = X-Spam-Report: $spam_report
+         set acl_m2     = $spam_score_int
+
+  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
+         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
+         add_header     = X-Spam-Status: Yes
+         message        = SpamAssassin detected spam (from $sender_address to $recipients).
+.endif
+
+  accept
+
+
+acl_check_mime:
+  deny   message        = Blacklisted file extension detected
+         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}}
+
+  accept
+
+
+
+######################################################################
+#                   AUTHENTICATION CONFIGURATION                     #
+######################################################################
+begin authenticators
+
+dovecot_plain:
+  driver = dovecot
+  public_name = PLAIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+dovecot_login:
+  driver = dovecot
+  public_name = LOGIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+
+
+######################################################################
+#                      ROUTERS CONFIGURATION                         #
+#               Specifies how addresses are handled                  #
+######################################################################
+begin routers
+
+#smarthost:
+#  driver = manualroute
+#  domains = ! +local_domains
+#  transport = remote_smtp
+#  route_list = * smartrelay.vestacp.com
+#  no_more
+#  no_verify
+
+dnslookup:
+  driver = dnslookup
+  domains = !+local_domains
+  transport = remote_smtp
+  no_more
+
+localuser_spam:
+  driver = accept
+  transport = local_spam_delivery
+  condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}}
+
+userforward:
+  driver = redirect
+  check_local_user
+  file = $home/.forward
+  require_files = ${local_part}:+${home}/.forward
+  domains = +local_domains
+  allow_filter
+  no_verify
+  no_expn
+  check_ancestor
+  file_transport = address_file
+  pipe_transport = address_pipe
+  reply_transport = address_reply
+
+procmail:
+  driver = accept
+  check_local_user
+  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+  transport = procmail
+  no_verify
+
+autoreplay:
+  driver = accept
+  require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg
+  condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}}
+  retry_use_local_part
+  transport = userautoreply
+  unseen
+
+aliases:
+  driver = redirect
+  headers_add = X-redirected: yes
+  data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
+  require_files = /etc/exim4/domains/$domain/aliases
+  redirect_router = dnslookup
+  pipe_transport = address_pipe
+  unseen
+
+localuser_fwd_only:
+  driver = accept
+  transport = devnull
+  condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}
+
+localuser:
+  driver = accept
+  transport = local_delivery
+  condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}}
+
+catchall:
+  driver = redirect
+  headers_add = X-redirected: yes
+  require_files = /etc/exim4/domains/$domain/aliases
+  data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
+  file_transport = local_delivery
+  redirect_router = dnslookup
+
+terminate_alias:
+  driver = accept
+  transport = devnull
+  condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
+
+
+
+######################################################################
+#                      TRANSPORTS CONFIGURATION                      #
+######################################################################
+begin transports
+
+remote_smtp:
+  driver = smtp
+  #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}}
+  #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}"
+  dkim_domain = DKIM_DOMAIN
+  dkim_selector = mail
+  dkim_private_key = DKIM_PRIVATE_KEY
+  dkim_canon = relaxed
+  dkim_strict = 0
+  hosts_try_fastopen = 
+  hosts_try_chunking = !93.188.3.0/24
+  message_linelength_limit = 1G
+
+procmail:
+  driver = pipe
+  command = "/usr/bin/procmail -d $local_part"
+  return_path_add
+  delivery_date_add
+  envelope_to_add
+  user = $local_part
+  initgroups
+  return_output
+
+local_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
+  quota_warn_threshold = 75%
+
+local_spam_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
+  quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
+  quota_warn_threshold = 75%
+
+address_pipe:
+  driver = pipe
+  return_output
+
+address_file:
+  driver = appendfile
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+
+address_reply:
+  driver = autoreply
+
+userautoreply:
+  driver = autoreply
+  file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg
+  from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"
+  headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
+  subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
+  to = "${sender_address}"
+
+devnull:
+  driver = appendfile
+  file = /dev/null
+
+
+
+######################################################################
+#                      RETRY CONFIGURATION                           #
+######################################################################
+begin retry
+
+# Address or Domain    Error       Retries
+# -----------------    -----       -------
+*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+
+######################################################################
+#                      REWRITE CONFIGURATION                         #
+######################################################################
+begin rewrite
+
+
+
+######################################################################
diff --git a/install/debian/12/nginx/nginx.conf b/install/debian/12/nginx/nginx.conf
index 6d5e36ba..6efe2337 100644
--- a/install/debian/12/nginx/nginx.conf
+++ b/install/debian/12/nginx/nginx.conf
@@ -100,7 +100,7 @@ http {
 
     # SSL PCI Compliance
     ssl_session_cache   shared:SSL:10m;
-    ssl_protocols       TLSv1.1 TLSv1.2;
+    ssl_protocols       TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
 
diff --git a/install/debian/12/templates/web/awstats/awstats.tpl b/install/debian/12/templates/web/awstats/awstats.tpl
index 9a92e0fd..6bb51c50 100755
--- a/install/debian/12/templates/web/awstats/awstats.tpl
+++ b/install/debian/12/templates/web/awstats/awstats.tpl
@@ -24,7 +24,7 @@ PurgeLogFile=0
 ArchiveLogRecords=0
 KeepBackupOfHistoricFiles=1
 DefaultFile="index.php index.html"
-SkipHosts="127.0.0.1
+SkipHosts="127.0.0.1"
 SkipUserAgents=""
 SkipFiles=""
 SkipReferrersBlackList=""
diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl
index 79e55a26..8e636db3 100644
--- a/install/debian/12/templates/web/nginx/force-https-legacy.stpl
+++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/force-https-public.stpl b/install/debian/12/templates/web/nginx/force-https-public.stpl
index ac422df6..a7609b13 100644
--- a/install/debian/12/templates/web/nginx/force-https-public.stpl
+++ b/install/debian/12/templates/web/nginx/force-https-public.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl
index 7e0e71d1..2db9a06e 100644
--- a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl
+++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/force-https.stpl b/install/debian/12/templates/web/nginx/force-https.stpl
index 33fab443..55f41002 100644
--- a/install/debian/12/templates/web/nginx/force-https.stpl
+++ b/install/debian/12/templates/web/nginx/force-https.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.stpl b/install/debian/12/templates/web/nginx/hosting-legacy.stpl
index a34b4bf1..efdd3b87 100644
--- a/install/debian/12/templates/web/nginx/hosting-legacy.stpl
+++ b/install/debian/12/templates/web/nginx/hosting-legacy.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
     
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/hosting-public.stpl b/install/debian/12/templates/web/nginx/hosting-public.stpl
index ac422df6..a7609b13 100644
--- a/install/debian/12/templates/web/nginx/hosting-public.stpl
+++ b/install/debian/12/templates/web/nginx/hosting-public.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl
index 7e0e71d1..2db9a06e 100644
--- a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl
+++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/hosting.stpl b/install/debian/12/templates/web/nginx/hosting.stpl
index 755caadf..5745311e 100644
--- a/install/debian/12/templates/web/nginx/hosting.stpl
+++ b/install/debian/12/templates/web/nginx/hosting.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/private-force-https.stpl b/install/debian/12/templates/web/nginx/private-force-https.stpl
index 64094fb8..bf805683 100644
--- a/install/debian/12/templates/web/nginx/private-force-https.stpl
+++ b/install/debian/12/templates/web/nginx/private-force-https.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/12/templates/web/nginx/private-hosting.sh b/install/debian/12/templates/web/nginx/private-hosting.sh
index abc9155d..eeed37ef 100755
--- a/install/debian/12/templates/web/nginx/private-hosting.sh
+++ b/install/debian/12/templates/web/nginx/private-hosting.sh
@@ -1,11 +1,11 @@
-#!/bin/bash
-# Changing public_html permission
-user="$1"
-domain="$2"
-ip="$3"
-home_dir="$4"
-docroot="$5"
-
-chmod 755 $docroot
-
-exit 0
+#!/bin/bash
+# Changing public_html permission
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+chmod 755 $docroot
+
+exit 0
diff --git a/install/debian/12/templates/web/nginx/private-hosting.stpl b/install/debian/12/templates/web/nginx/private-hosting.stpl
index fd9471bd..8e5b3f7b 100644
--- a/install/debian/12/templates/web/nginx/private-hosting.stpl
+++ b/install/debian/12/templates/web/nginx/private-hosting.stpl
@@ -1,5 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2;
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
     server_name %domain_idn% %alias_idn%;
 
     ssl_certificate      %ssl_pem%;
diff --git a/install/debian/13/apache2/apache2.conf b/install/debian/13/apache2/apache2.conf
new file mode 100644
index 00000000..2be3e50d
--- /dev/null
+++ b/install/debian/13/apache2/apache2.conf
@@ -0,0 +1,95 @@
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+#	/etc/apache2/
+#	|-- apache2.conf
+#	|	`--  ports.conf
+#	|-- mods-enabled
+#	|	|-- *.load
+#	|	`-- *.conf
+#	|-- conf.d
+#	|	`-- *
+
+# Global configuration
+PidFile ${APACHE_PID_FILE}
+Timeout 900
+ProxyTimeout 900
+KeepAlive Off
+MaxKeepAliveRequests 100
+KeepAliveTimeout 10
+
+<IfModule mpm_prefork_module>
+    StartServers          8
+    MinSpareServers       5
+    MaxSpareServers      20
+    ServerLimit         256
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+<IfModule mpm_worker_module>
+    StartServers          2
+    MinSpareThreads      25
+    MaxSpareThreads      75 
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+<IfModule mpm_event_module>
+    StartServers          2
+    MinSpareThreads      25
+    MaxSpareThreads      75 
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+#User www-data
+#Group www-data
+
+AccessFileName .htaccess
+
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+    Satisfy all
+</Files>
+
+DefaultType None
+HostnameLookups Off
+
+ErrorLog ${APACHE_LOG_DIR}/error.log
+LogLevel warn
+
+# Include module configuration:
+Include mods-enabled/*.load
+Include mods-enabled/*.conf
+
+# Include list of ports to listen on and which to use for name based vhosts
+Include ports.conf
+
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+LogFormat "%b" bytes
+
+Include conf.d/
+
+# Include the virtual host configurations:
+#Include sites-enabled/
+
+ErrorDocument 403 /error/403.html
+ErrorDocument 404 /error/404.html
+ErrorDocument 500 /error/50x.html
+ErrorDocument 501 /error/50x.html
+ErrorDocument 502 /error/50x.html
+ErrorDocument 503 /error/50x.html
+ErrorDocument 506 /error/50x.html
diff --git a/install/debian/13/apache2/status.conf b/install/debian/13/apache2/status.conf
new file mode 100644
index 00000000..0d82a356
--- /dev/null
+++ b/install/debian/13/apache2/status.conf
@@ -0,0 +1,8 @@
+Listen 127.0.0.1:8081
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow from 127.0.0.1
+    # Allow from all
+</Location>
diff --git a/install/debian/13/bind/named.conf b/install/debian/13/bind/named.conf
new file mode 100644
index 00000000..ed6ece88
--- /dev/null
+++ b/install/debian/13/bind/named.conf
@@ -0,0 +1,12 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
+
diff --git a/install/debian/13/clamav/clamd.conf b/install/debian/13/clamav/clamd.conf
new file mode 100644
index 00000000..c636b6d3
--- /dev/null
+++ b/install/debian/13/clamav/clamd.conf
@@ -0,0 +1,61 @@
+#Automatically Generated by clamav-base postinst
+#To reconfigure clamd run #dpkg-reconfigure clamav-base
+#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
+LocalSocket /var/run/clamav/clamd.ctl
+FixStaleSocket true
+LocalSocketGroup clamav
+LocalSocketMode 666
+# TemporaryDirectory is not set to its default /tmp here to make overriding
+# the default with environment variables TMPDIR/TMP/TEMP possible
+User clamav
+# AllowSupplementaryGroups true
+ScanMail true
+ScanArchive true
+ArchiveBlockEncrypted false
+MaxDirectoryRecursion 15
+FollowDirectorySymlinks false
+FollowFileSymlinks false
+ReadTimeout 180
+MaxThreads 12
+MaxConnectionQueueLength 15
+LogSyslog false
+LogFacility LOG_LOCAL6
+LogClean true
+LogVerbose true
+PidFile /var/run/clamav/clamd.pid
+DatabaseDirectory /var/lib/clamav
+SelfCheck 3600
+Foreground false
+Debug false
+ScanPE true
+ScanOLE2 true
+ScanHTML true
+ExitOnOOM false
+LeaveTemporaryFiles false
+AlgorithmicDetection true
+ScanELF true
+IdleTimeout 30
+PhishingSignatures true
+PhishingScanURLs true
+PhishingAlwaysBlockSSLMismatch false
+PhishingAlwaysBlockCloak false
+DetectPUA false
+ScanPartialMessages false
+HeuristicScanPrecedence false
+StructuredDataDetection false
+CommandReadTimeout 5
+SendBufTimeout 200
+MaxQueue 100
+ExtendedDetectionInfo true
+OLE2BlockMacros false
+StreamMaxLength 2M
+MaxFileSize 2M
+LogFile /var/log/clamav/clamav.log
+LogTime true
+LogFileUnlock false
+LogFileMaxSize 0
+Bytecode true
+BytecodeSecurity TrustSigned
+BytecodeTimeout 60000
+OfficialDatabaseOnly false
+CrossFilesystems true
diff --git a/install/debian/13/deb_signing.key b/install/debian/13/deb_signing.key
new file mode 100644
index 00000000..d279abbd
--- /dev/null
+++ b/install/debian/13/deb_signing.key
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6
+sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ
+RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj
+4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O
+JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT
+kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq
+aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR
+leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e
+++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j
+b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI
+BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5
+HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy
+UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3
+olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY
+lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6
+bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+
+DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo
+znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93
+3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG
+rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/
+USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71
+mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G
+EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm
+0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg
+coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy
+fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr
+7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA
+EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ
+EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof
+lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3
+m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G
+fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ
+hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2
+N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx
+JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA
+zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da
+qiC8NLvRaE3PVkma9Q==
+=RAbI
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/install/debian/13/dovecot/conf.d/10-auth.conf b/install/debian/13/dovecot/conf.d/10-auth.conf
new file mode 100644
index 00000000..dfcc8311
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,4 @@
+disable_plaintext_auth = no
+auth_verbose = yes
+auth_mechanisms = plain login
+!include auth-passwdfile.conf.ext
diff --git a/install/debian/13/dovecot/conf.d/10-logging.conf b/install/debian/13/dovecot/conf.d/10-logging.conf
new file mode 100644
index 00000000..a5f207d5
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/10-logging.conf
@@ -0,0 +1 @@
+log_path = /var/log/dovecot.log
diff --git a/install/debian/13/dovecot/conf.d/10-mail.conf b/install/debian/13/dovecot/conf.d/10-mail.conf
new file mode 100644
index 00000000..55313419
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/10-mail.conf
@@ -0,0 +1,4 @@
+mail_privileged_group = mail
+mail_access_groups = mail
+mail_location = maildir:%h/mail/%d/%n
+pop3_uidl_format = %08Xu%08Xv
diff --git a/install/debian/13/dovecot/conf.d/10-master.conf b/install/debian/13/dovecot/conf.d/10-master.conf
new file mode 100644
index 00000000..a75a9aaa
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/10-master.conf
@@ -0,0 +1,29 @@
+service imap-login {
+  inet_listener imap {
+  }
+  inet_listener imaps {
+  }
+}
+
+service pop3-login {
+  inet_listener pop3 {
+  }
+  inet_listener pop3s {
+  }
+}
+
+
+service imap {
+}
+
+service pop3 {
+}
+
+service auth {
+  unix_listener auth-client {
+    group = mail
+    mode = 0660
+    user = dovecot
+  }
+  user = dovecot
+}
diff --git a/install/debian/13/dovecot/conf.d/10-ssl.conf b/install/debian/13/dovecot/conf.d/10-ssl.conf
new file mode 100644
index 00000000..3aaff6ee
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/10-ssl.conf
@@ -0,0 +1,3 @@
+ssl = yes
+ssl_cert = </usr/local/vesta/ssl/certificate.crt
+ssl_key = </usr/local/vesta/ssl/certificate.key
diff --git a/install/debian/13/dovecot/conf.d/15-mailboxes.conf b/install/debian/13/dovecot/conf.d/15-mailboxes.conf
new file mode 100644
index 00000000..9014bdab
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/15-mailboxes.conf
@@ -0,0 +1,30 @@
+## Mailbox definitions
+##
+
+
+# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
+namespace inbox {
+  inbox = yes
+  mailbox Drafts {
+    special_use = \Drafts
+    auto = subscribe
+  }
+
+  mailbox Junk {
+    special_use = \Junk
+    auto = subscribe
+  }
+
+  mailbox Trash {
+    special_use = \Trash
+    auto = subscribe
+  }
+
+  mailbox Sent {
+    special_use = \Sent
+    auto = subscribe
+  }
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+}
diff --git a/install/debian/13/dovecot/conf.d/20-imap.conf b/install/debian/13/dovecot/conf.d/20-imap.conf
new file mode 100644
index 00000000..4f6e058b
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/20-imap.conf
@@ -0,0 +1,58 @@
+##
+## IMAP specific settings
+##
+
+protocol imap {
+  # Maximum IMAP command line length. Some clients generate very long command
+  # lines with huge mailboxes, so you may need to raise this if you get
+  # "Too long argument" or "IMAP command line too large" errors often.
+  #imap_max_line_length = 64k
+
+  # Maximum number of IMAP connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  mail_max_userip_connections = 50
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+
+  # IMAP logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #imap_logout_format = bytes=%i/%o
+
+  # Override the IMAP CAPABILITY response. If the value begins with '+',
+  # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+  #imap_capability = 
+
+  # How long to wait between "OK Still here" notifications when client is
+  # IDLEing.
+  #imap_idle_notify_interval = 2 mins
+
+  # ID field names and values to send to clients. Using * as the value makes
+  # Dovecot use the default value. The following fields have default values
+  # currently: name, version, os, os-version, support-url, support-email.
+  #imap_id_send = 
+
+  # ID fields sent by client to log. * means everything.
+  #imap_id_log =
+
+  # Workarounds for various client bugs:
+  #   delay-newmail:
+  #     Send EXISTS/RECENT new mail notifications only when replying to NOOP
+  #     and CHECK commands. Some clients ignore them otherwise, for example OSX
+  #     Mail (<v2.1). Outlook Express breaks more badly though, without this it
+  #     may show user "Message no longer in server" errors. Note that OE6 still
+  #     breaks even with this workaround if synchronization is set to
+  #     "Headers Only".
+  #   tb-extra-mailbox-sep:
+  #     Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+  #     adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+  #     ignore the extra '/' instead of treating it as invalid mailbox name.
+  #   tb-lsub-flags:
+  #     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+  #     This makes Thunderbird realize they aren't selectable and show them
+  #     greyed out, instead of only later giving "not selectable" popup error.
+  #
+  # The list is space-separated.
+  #imap_client_workarounds = 
+}
diff --git a/install/debian/13/dovecot/conf.d/20-pop3.conf b/install/debian/13/dovecot/conf.d/20-pop3.conf
new file mode 100644
index 00000000..8c376996
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/20-pop3.conf
@@ -0,0 +1,91 @@
+##
+## POP3 specific settings
+##
+
+protocol pop3 {
+  # Don't try to set mails non-recent or seen with POP3 sessions. This is
+  # mostly intended to reduce disk I/O. With maildir it doesn't move files
+  # from new/ to cur/, with mbox it doesn't write Status-header.
+  #pop3_no_flag_updates = no
+
+  # Support LAST command which exists in old POP3 specs, but has been removed
+  # from new ones. Some clients still wish to use this though. Enabling this
+  # makes RSET command clear all \Seen flags from messages.
+  #pop3_enable_last = no
+
+  # If mail has X-UIDL header, use it as the mail's UIDL.
+  #pop3_reuse_xuidl = no
+
+  # Keep the mailbox locked for the entire POP3 session.
+  #pop3_lock_session = no
+
+  # POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
+  # Many POP3 servers violate this by returning the sizes with LF linefeeds,
+  # because it's faster to get. When this setting is enabled, Dovecot still
+  # tries to do the right thing first, but if that requires opening the
+  # message, it fallbacks to the easier (but incorrect) size.
+  #pop3_fast_size_lookups = no
+
+  # POP3 UIDL (unique mail identifier) format to use. You can use following
+  # variables, along with the variable modifiers described in
+  # doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
+  #
+  #  %v - Mailbox's IMAP UIDVALIDITY
+  #  %u - Mail's IMAP UID
+  #  %m - MD5 sum of the mailbox headers in hex (mbox only)
+  #  %f - filename (maildir only)
+  #  %g - Mail's GUID
+  #
+  # If you want UIDL compatibility with other POP3 servers, use:
+  #  UW's ipop3d         : %08Xv%08Xu
+  #  Courier             : %f or %v-%u (both might be used simultaneosly)
+  #  Cyrus (<= 2.1.3)    : %u
+  #  Cyrus (>= 2.1.4)    : %v.%u
+  #  Dovecot v0.99.x     : %v.%u
+  #  tpop3d              : %Mf
+  #
+  # Note that Outlook 2003 seems to have problems with %v.%u format which was
+  # Dovecot's default, so if you're building a new server it would be a good
+  # idea to change this. %08Xu%08Xv should be pretty fail-safe.
+  #
+  #pop3_uidl_format = %08Xu%08Xv
+
+  # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
+  # won't change those UIDLs. Currently this works only with Maildir.
+  #pop3_save_uidl = no
+
+  # What to do about duplicate UIDLs if they exist?
+  #   allow: Show duplicates to clients.
+  #   rename: Append a temporary -2, -3, etc. counter after the UIDL.
+  #pop3_uidl_duplicates = allow
+
+  # POP3 logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #  %t - number of TOP commands
+  #  %p - number of bytes sent to client as a result of TOP command
+  #  %r - number of RETR commands
+  #  %b - number of bytes sent to client as a result of RETR command
+  #  %d - number of deleted messages
+  #  %m - number of messages (before deletion)
+  #  %s - mailbox size in bytes (before deletion)
+  #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
+  #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+
+  # Maximum number of POP3 connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  mail_max_userip_connections = 50
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+
+  # Workarounds for various client bugs:
+  #   outlook-no-nuls:
+  #     Outlook and Outlook Express hang if mails contain NUL characters.
+  #     This setting replaces them with 0x80 character.
+  #   oe-ns-eoh:
+  #     Outlook Express and Netscape Mail breaks if end of headers-line is
+  #     missing. This option simply sends it if it's missing.
+  # The list is space-separated.
+  #pop3_client_workarounds = 
+}
diff --git a/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext
new file mode 100644
index 00000000..75e6e115
--- /dev/null
+++ b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext
@@ -0,0 +1,9 @@
+passdb {
+  driver = passwd-file
+  args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd
+}
+
+userdb {
+  driver = passwd-file
+  args = username_format=%n /etc/exim4/domains/%d/passwd
+}
diff --git a/install/debian/13/dovecot/dovecot.conf b/install/debian/13/dovecot/dovecot.conf
new file mode 100644
index 00000000..0a855351
--- /dev/null
+++ b/install/debian/13/dovecot/dovecot.conf
@@ -0,0 +1,4 @@
+protocols = imap pop3
+listen = *, ::
+base_dir = /var/run/dovecot/
+!include conf.d/*.conf
diff --git a/install/debian/13/exim/deny_senders b/install/debian/13/exim/deny_senders
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/install/debian/13/exim/deny_senders
@@ -0,0 +1 @@
+
diff --git a/install/debian/13/exim/dnsbl.conf b/install/debian/13/exim/dnsbl.conf
new file mode 100644
index 00000000..279bafcd
--- /dev/null
+++ b/install/debian/13/exim/dnsbl.conf
@@ -0,0 +1 @@
+bl.spamcop.net
diff --git a/install/debian/13/exim/exim4.conf.template b/install/debian/13/exim/exim4.conf.template
new file mode 100644
index 00000000..15264797
--- /dev/null
+++ b/install/debian/13/exim/exim4.conf.template
@@ -0,0 +1,487 @@
+######################################################################
+#                                                                    #
+#          Exim configuration file for Vesta Control Panel           #
+#                                                                    #
+######################################################################
+
+#SPAMASSASSIN = yes
+#SPAM_SCORE = 50
+#CLAMD =  yes
+
+disable_ipv6=true
+add_environment=<; PATH=/bin:/usr/bin
+keep_environment=
+smtputf8_advertise_hosts =
+
+SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}
+
+#local_interfaces =  0.0.0.0
+#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}}
+#smtp_banner = "$smtp_active_hostname ESMTP $tod_full"
+
+domainlist local_domains = dsearch;/etc/exim4/domains/
+domainlist relay_to_domains = dsearch;/etc/exim4/domains/
+hostlist relay_from_hosts = 127.0.0.1
+hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf
+hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf
+no_local_from_check
+untrusted_set_sender = *
+acl_smtp_connect = acl_check_spammers
+acl_smtp_mail = acl_check_mail
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+acl_smtp_mime = acl_check_mime
+
+LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15
+LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5
+LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40
+LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40
+
+recipients_max = 150
+recipients_max_reject = true
+
+# log_selector = +smtp_connection
+smtp_accept_max = 50
+smtp_accept_max_per_host = 4
+
+.ifdef SPAMASSASSIN
+spamd_address = 127.0.0.1 783
+.endif
+
+.ifdef CLAMD
+av_scanner = clamd: /var/run/clamav/clamd.ctl
+.endif
+
+tls_advertise_hosts = *
+tls_certificate = /usr/local/vesta/ssl/certificate.crt
+tls_privatekey = /usr/local/vesta/ssl/certificate.key
+
+daemon_smtp_ports = 25 : 465 : 587 : 2525
+tls_on_connect_ports = 465
+never_users = root
+host_lookup = *
+rfc1413_hosts = *
+rfc1413_query_timeout = 0s
+ignore_bounce_errors_after = 2d
+timeout_frozen_after = 7d
+
+DKIM_DOMAIN = ${lc:${domain:$h_from:}}
+DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem
+DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
+
+
+
+######################################################################
+#                       ACL CONFIGURATION                            #
+#         Specifies access control lists for incoming SMTP mail      #
+######################################################################
+
+acl_not_smtp = acl_not_smtp
+
+begin acl
+
+acl_not_smtp:
+  deny message = Too many recipients, limit is $acl_c_max_recipients recipients
+  set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}}
+  condition = ${if >{$rcpt_count}{$acl_c_max_recipients}}
+
+  deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id
+
+  warn ratelimit = 0 / 1h / strict / $authenticated_id
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+
+  warn    set acl_m3    = yes
+
+  accept
+
+acl_check_spammers:
+  accept  hosts         = +whitelist
+
+  drop    message       = Your host in blacklist on this server.
+          log_message   = Host in blacklist
+          hosts         = +spammers
+
+  accept
+
+
+acl_check_mail:
+  deny    condition     = ${if eq{$sender_helo_name}{}}
+          message       = HELO required before MAIL
+
+  drop    !authenticated = *
+          message       = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
+          condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
+          condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
+          delay         = 45s
+
+  drop    !authenticated = *
+          condition     = ${if isip{$sender_helo_name}}
+          message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
+
+  drop    !authenticated = *
+          condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+          message       = $interface_address is _my_ address
+
+  accept
+
+
+acl_check_rcpt:
+  accept  hosts         = :
+
+  deny message = Too many recipients, limit is $acl_c_max_recipients recipients
+  set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}}
+  condition = ${if >{$rcpt_count}{$acl_c_max_recipients}}
+
+  deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id
+
+  warn ratelimit = 0 / 1h / strict / $authenticated_id
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+
+  warn    set acl_m3    = no
+  
+  warn    !authenticated = *
+          hosts          = !+relay_from_hosts
+          condition     = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}}
+          condition     = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
+          set acl_m3    = yes
+
+  deny    message       = Restricted characters in address
+          domains       = +local_domains
+          local_parts   = ^[.] : ^.*[@%!/|]
+
+  deny    message       = Restricted characters in address
+          domains       = !+local_domains
+          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+  require verify        = sender
+
+  accept  hosts         = +relay_from_hosts
+          control       = submission
+
+  accept  authenticated = *
+          control       = submission/domain=
+
+  deny    message       = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
+          hosts         = !+whitelist
+          dnslists      = ${readfile {/etc/exim4/dnsbl.conf}{:}}
+
+  require message       = relay not permitted
+          domains       = +local_domains : +relay_to_domains
+
+  deny    message       = smtp auth requried
+         sender_domains = +local_domains
+         !authenticated = *
+
+  require verify        = recipient
+
+.ifdef CLAMD
+  warn    set acl_m0    = no
+
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}}
+          set acl_m0    = yes
+.endif
+
+.ifdef SPAMASSASSIN
+  warn    set acl_m1    = no
+
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
+          set acl_m1    = yes
+.endif
+
+  accept
+
+
+acl_check_data:
+
+  deny senders = /etc/exim4/deny_senders
+
+.ifdef CLAMD
+  deny   message        = Message contains a virus ($malware_name) and has been rejected
+         malware        = */defer_ok
+         condition      = ${if eq{$acl_m0}{yes}{yes}{no}}
+.endif
+
+.ifdef SPAMASSASSIN
+  warn   !authenticated = *
+         hosts          = !+relay_from_hosts
+         condition      = ${if < {$message_size}{600K}}
+         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
+         spam           = nobody:true/defer_ok
+         add_header     = X-Spam-Score: $spam_score_int
+         add_header     = X-Spam-Bar: $spam_bar
+         add_header     = X-Spam-Report: $spam_report
+         set acl_m2     = $spam_score_int
+
+  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
+         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
+         add_header     = X-Spam-Status: Yes
+         message        = SpamAssassin detected spam (from $sender_address to $recipients).
+.endif
+
+  accept
+
+
+acl_check_mime:
+  deny   message        = Blacklisted file extension detected
+         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}}
+
+  accept
+
+
+
+######################################################################
+#                   AUTHENTICATION CONFIGURATION                     #
+######################################################################
+begin authenticators
+
+dovecot_plain:
+  driver = dovecot
+  public_name = PLAIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+dovecot_login:
+  driver = dovecot
+  public_name = LOGIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+
+
+######################################################################
+#                      ROUTERS CONFIGURATION                         #
+#               Specifies how addresses are handled                  #
+######################################################################
+begin routers
+
+#smarthost:
+#  driver = manualroute
+#  domains = ! +local_domains
+#  transport = remote_smtp
+#  route_list = * smartrelay.vestacp.com
+#  no_more
+#  no_verify
+
+dnslookup:
+  driver = dnslookup
+  # if outbound, and forwarding has been done, use an alternate transport
+  domains = ! +local_domains
+  transport = ${if eq {$local_part@$domain} \
+                      {$original_local_part@$original_domain} \
+                      {remote_smtp} {remote_forwarded_smtp}}
+  no_more
+
+localuser_spam:
+  driver = accept
+  transport = local_spam_delivery
+  condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}}
+
+userforward:
+  driver = redirect
+  check_local_user
+  file = $home/.forward
+  require_files = ${local_part}:+${home}/.forward
+  domains = +local_domains
+  allow_filter
+  no_verify
+  no_expn
+  check_ancestor
+  file_transport = address_file
+  pipe_transport = address_pipe
+  reply_transport = address_reply
+
+procmail:
+  driver = accept
+  check_local_user
+  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+  transport = procmail
+  no_verify
+
+autoreplay:
+  driver = accept
+  require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg
+  condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}}
+  retry_use_local_part
+  transport = userautoreply
+  unseen
+
+inbound_srs:
+    driver = redirect
+    senders = :
+    domains = +local_domains
+    # detect inbound bounces which are converted to SRS, and decode them
+    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
+    data = $srs_recipient
+
+inbound_srs_failure:
+    driver = redirect
+    senders = :
+    domains = +local_domains
+    # detect inbound bounces which look converted to SRS but are invalid
+    condition = ${if inbound_srs {$local_part} {}}
+    allow_fail
+    data = :fail: Invalid SRS recipient address
+
+aliases:
+  driver = redirect
+  headers_add = X-redirected: yes
+  data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
+  require_files = /etc/exim4/domains/$domain/aliases
+  redirect_router = dnslookup
+  pipe_transport = address_pipe
+  unseen
+
+localuser_fwd_only:
+  driver = accept
+  transport = devnull
+  condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}
+
+localuser:
+  driver = accept
+  transport = local_delivery
+  condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}}
+
+catchall:
+  driver = redirect
+  headers_add = X-redirected: yes
+  require_files = /etc/exim4/domains/$domain/aliases
+  data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
+  file_transport = local_delivery
+  redirect_router = dnslookup
+
+terminate_alias:
+  driver = accept
+  transport = devnull
+  condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
+
+
+
+######################################################################
+#                      TRANSPORTS CONFIGURATION                      #
+######################################################################
+begin transports
+
+remote_smtp:
+  driver = smtp
+  #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}}
+  #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}"
+  dkim_domain = DKIM_DOMAIN
+  dkim_selector = mail
+  dkim_private_key = DKIM_PRIVATE_KEY
+  dkim_canon = relaxed
+  dkim_strict = 0
+  hosts_try_fastopen = 
+  hosts_try_chunking = !93.188.3.0/24
+  message_linelength_limit = 1G
+
+remote_forwarded_smtp:
+  driver = smtp
+  dkim_domain = DKIM_DOMAIN
+  dkim_selector = mail
+  dkim_private_key = DKIM_PRIVATE_KEY
+  dkim_canon = relaxed
+  dkim_strict = 0
+  hosts_try_fastopen = 
+  hosts_try_chunking = !93.188.3.0/24
+  message_linelength_limit = 1G
+  # modify the envelope from, for mails that we forward
+  max_rcpt = 1
+  return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
+
+procmail:
+  driver = pipe
+  command = "/usr/bin/procmail -d $local_part"
+  return_path_add
+  delivery_date_add
+  envelope_to_add
+  user = $local_part
+  initgroups
+  return_output
+
+local_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
+  quota_warn_threshold = 75%
+
+local_spam_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
+  quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
+  quota_warn_threshold = 75%
+
+address_pipe:
+  driver = pipe
+  return_output
+
+address_file:
+  driver = appendfile
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+
+address_reply:
+  driver = autoreply
+
+userautoreply:
+  driver = autoreply
+  file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg
+  from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"
+  headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
+  subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
+  to = "${sender_address}"
+
+devnull:
+  driver = appendfile
+  file = /dev/null
+
+
+
+######################################################################
+#                      RETRY CONFIGURATION                           #
+######################################################################
+begin retry
+
+# Address or Domain    Error       Retries
+# -----------------    -----       -------
+*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+
+######################################################################
+#                      REWRITE CONFIGURATION                         #
+######################################################################
+begin rewrite
+
+
+
+######################################################################
diff --git a/install/debian/13/exim/exim4.conf.template.without-srs b/install/debian/13/exim/exim4.conf.template.without-srs
new file mode 100644
index 00000000..78eda468
--- /dev/null
+++ b/install/debian/13/exim/exim4.conf.template.without-srs
@@ -0,0 +1,451 @@
+######################################################################
+#                                                                    #
+#          Exim configuration file for Vesta Control Panel           #
+#                                                                    #
+######################################################################
+
+#SPAMASSASSIN = yes
+#SPAM_SCORE = 50
+#CLAMD =  yes
+
+disable_ipv6=true
+add_environment=<; PATH=/bin:/usr/bin
+keep_environment=
+smtputf8_advertise_hosts =
+
+#local_interfaces =  0.0.0.0
+#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}}
+#smtp_banner = "$smtp_active_hostname ESMTP $tod_full"
+
+domainlist local_domains = dsearch;/etc/exim4/domains/
+domainlist relay_to_domains = dsearch;/etc/exim4/domains/
+hostlist relay_from_hosts = 127.0.0.1
+hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf
+hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf
+no_local_from_check
+untrusted_set_sender = *
+acl_smtp_connect = acl_check_spammers
+acl_smtp_mail = acl_check_mail
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+acl_smtp_mime = acl_check_mime
+
+LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15
+LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5
+LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40
+LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40
+
+recipients_max = 150
+recipients_max_reject = true
+
+# log_selector = +smtp_connection
+smtp_accept_max = 50
+smtp_accept_max_per_host = 4
+
+.ifdef SPAMASSASSIN
+spamd_address = 127.0.0.1 783
+.endif
+
+.ifdef CLAMD
+av_scanner = clamd: /var/run/clamav/clamd.ctl
+.endif
+
+tls_advertise_hosts = *
+tls_certificate = /usr/local/vesta/ssl/certificate.crt
+tls_privatekey = /usr/local/vesta/ssl/certificate.key
+
+daemon_smtp_ports = 25 : 465 : 587 : 2525
+tls_on_connect_ports = 465
+never_users = root
+host_lookup = *
+rfc1413_hosts = *
+rfc1413_query_timeout = 0s
+ignore_bounce_errors_after = 2d
+timeout_frozen_after = 7d
+
+DKIM_DOMAIN = ${lc:${domain:$h_from:}}
+DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem
+DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
+
+
+
+######################################################################
+#                       ACL CONFIGURATION                            #
+#         Specifies access control lists for incoming SMTP mail      #
+######################################################################
+
+acl_not_smtp = acl_not_smtp
+
+begin acl
+
+acl_not_smtp:
+  deny message = Too many recipients, limit is $acl_c_max_recipients recipients
+  set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}}
+  condition = ${if >{$rcpt_count}{$acl_c_max_recipients}}
+
+  deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id
+
+  warn ratelimit = 0 / 1h / strict / $authenticated_id
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+
+  warn    set acl_m3    = yes
+
+  accept
+
+acl_check_spammers:
+  accept  hosts         = +whitelist
+
+  drop    message       = Your host in blacklist on this server.
+          log_message   = Host in blacklist
+          hosts         = +spammers
+
+  accept
+
+
+acl_check_mail:
+  deny    condition     = ${if eq{$sender_helo_name}{}}
+          message       = HELO required before MAIL
+
+  drop    !authenticated = *
+          message       = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
+          condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
+          condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
+          delay         = 45s
+
+  drop    !authenticated = *
+          condition     = ${if isip{$sender_helo_name}}
+          message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
+
+  drop    !authenticated = *
+          condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+          message       = $interface_address is _my_ address
+
+  accept
+
+
+acl_check_rcpt:
+  accept  hosts         = :
+
+  deny message = Too many recipients, limit is $acl_c_max_recipients recipients
+  set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}}
+  condition = ${if >{$rcpt_count}{$acl_c_max_recipients}}
+
+  deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id
+
+  warn ratelimit = 0 / 1h / strict / $authenticated_id
+  set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
+  log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
+
+  warn    set acl_m3    = no
+  
+  warn    !authenticated = *
+          hosts          = !+relay_from_hosts
+          condition     = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}}
+          condition     = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
+          set acl_m3    = yes
+
+  deny    message       = Restricted characters in address
+          domains       = +local_domains
+          local_parts   = ^[.] : ^.*[@%!/|]
+
+  deny    message       = Restricted characters in address
+          domains       = !+local_domains
+          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+  require verify        = sender
+
+  accept  hosts         = +relay_from_hosts
+          control       = submission
+
+  accept  authenticated = *
+          control       = submission/domain=
+
+  deny    message       = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
+          hosts         = !+whitelist
+          dnslists      = ${readfile {/etc/exim4/dnsbl.conf}{:}}
+
+  require message       = relay not permitted
+          domains       = +local_domains : +relay_to_domains
+
+  deny    message       = smtp auth requried
+         sender_domains = +local_domains
+         !authenticated = *
+
+  require verify        = recipient
+
+.ifdef CLAMD
+  warn    set acl_m0    = no
+
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}}
+          set acl_m0    = yes
+.endif
+
+.ifdef SPAMASSASSIN
+  warn    set acl_m1    = no
+
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
+          set acl_m1    = yes
+.endif
+
+  accept
+
+
+acl_check_data:
+
+  deny senders = /etc/exim4/deny_senders
+
+.ifdef CLAMD
+  deny   message        = Message contains a virus ($malware_name) and has been rejected
+         malware        = */defer_ok
+         condition      = ${if eq{$acl_m0}{yes}{yes}{no}}
+.endif
+
+.ifdef SPAMASSASSIN
+  warn   !authenticated = *
+         hosts          = !+relay_from_hosts
+         condition      = ${if < {$message_size}{600K}}
+         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
+         spam           = nobody:true/defer_ok
+         add_header     = X-Spam-Score: $spam_score_int
+         add_header     = X-Spam-Bar: $spam_bar
+         add_header     = X-Spam-Report: $spam_report
+         set acl_m2     = $spam_score_int
+
+  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
+         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
+         add_header     = X-Spam-Status: Yes
+         message        = SpamAssassin detected spam (from $sender_address to $recipients).
+.endif
+
+  accept
+
+
+acl_check_mime:
+  deny   message        = Blacklisted file extension detected
+         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}}
+
+  accept
+
+
+
+######################################################################
+#                   AUTHENTICATION CONFIGURATION                     #
+######################################################################
+begin authenticators
+
+dovecot_plain:
+  driver = dovecot
+  public_name = PLAIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+dovecot_login:
+  driver = dovecot
+  public_name = LOGIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+
+
+######################################################################
+#                      ROUTERS CONFIGURATION                         #
+#               Specifies how addresses are handled                  #
+######################################################################
+begin routers
+
+#smarthost:
+#  driver = manualroute
+#  domains = ! +local_domains
+#  transport = remote_smtp
+#  route_list = * smartrelay.vestacp.com
+#  no_more
+#  no_verify
+
+dnslookup:
+  driver = dnslookup
+  domains = !+local_domains
+  transport = remote_smtp
+  no_more
+
+localuser_spam:
+  driver = accept
+  transport = local_spam_delivery
+  condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}}
+
+userforward:
+  driver = redirect
+  check_local_user
+  file = $home/.forward
+  require_files = ${local_part}:+${home}/.forward
+  domains = +local_domains
+  allow_filter
+  no_verify
+  no_expn
+  check_ancestor
+  file_transport = address_file
+  pipe_transport = address_pipe
+  reply_transport = address_reply
+
+procmail:
+  driver = accept
+  check_local_user
+  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+  transport = procmail
+  no_verify
+
+autoreplay:
+  driver = accept
+  require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg
+  condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}}
+  retry_use_local_part
+  transport = userautoreply
+  unseen
+
+aliases:
+  driver = redirect
+  headers_add = X-redirected: yes
+  data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
+  require_files = /etc/exim4/domains/$domain/aliases
+  redirect_router = dnslookup
+  pipe_transport = address_pipe
+  unseen
+
+localuser_fwd_only:
+  driver = accept
+  transport = devnull
+  condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}
+
+localuser:
+  driver = accept
+  transport = local_delivery
+  condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}}
+
+catchall:
+  driver = redirect
+  headers_add = X-redirected: yes
+  require_files = /etc/exim4/domains/$domain/aliases
+  data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
+  file_transport = local_delivery
+  redirect_router = dnslookup
+
+terminate_alias:
+  driver = accept
+  transport = devnull
+  condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
+
+
+
+######################################################################
+#                      TRANSPORTS CONFIGURATION                      #
+######################################################################
+begin transports
+
+remote_smtp:
+  driver = smtp
+  #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}}
+  #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}"
+  dkim_domain = DKIM_DOMAIN
+  dkim_selector = mail
+  dkim_private_key = DKIM_PRIVATE_KEY
+  dkim_canon = relaxed
+  dkim_strict = 0
+  hosts_try_fastopen = 
+  hosts_try_chunking = !93.188.3.0/24
+  message_linelength_limit = 1G
+
+procmail:
+  driver = pipe
+  command = "/usr/bin/procmail -d $local_part"
+  return_path_add
+  delivery_date_add
+  envelope_to_add
+  user = $local_part
+  initgroups
+  return_output
+
+local_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
+  quota_warn_threshold = 75%
+
+local_spam_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
+  quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
+  quota_warn_threshold = 75%
+
+address_pipe:
+  driver = pipe
+  return_output
+
+address_file:
+  driver = appendfile
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+
+address_reply:
+  driver = autoreply
+
+userautoreply:
+  driver = autoreply
+  file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg
+  from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"
+  headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
+  subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
+  to = "${sender_address}"
+
+devnull:
+  driver = appendfile
+  file = /dev/null
+
+
+
+######################################################################
+#                      RETRY CONFIGURATION                           #
+######################################################################
+begin retry
+
+# Address or Domain    Error       Retries
+# -----------------    -----       -------
+*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+
+######################################################################
+#                      REWRITE CONFIGURATION                         #
+######################################################################
+begin rewrite
+
+
+
+######################################################################
diff --git a/install/debian/13/exim/spam-blocks.conf b/install/debian/13/exim/spam-blocks.conf
new file mode 100644
index 00000000..e69de29b
diff --git a/install/debian/13/fail2ban/action.d/vesta.conf b/install/debian/13/fail2ban/action.d/vesta.conf
new file mode 100644
index 00000000..0edfc349
--- /dev/null
+++ b/install/debian/13/fail2ban/action.d/vesta.conf
@@ -0,0 +1,9 @@
+# Fail2Ban configuration file for vesta
+
+[Definition]
+
+actionstart = /usr/local/vesta/bin/v-add-firewall-chain <name>
+actionstop = /usr/local/vesta/bin/v-delete-firewall-chain <name>
+actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-<name>[ \t]'
+actionban = /usr/local/vesta/bin/v-add-firewall-ban <ip> <name>
+actionunban = /usr/local/vesta/bin/v-delete-firewall-ban <ip> <name>
diff --git a/install/debian/13/fail2ban/filter.d/vesta.conf b/install/debian/13/fail2ban/filter.d/vesta.conf
new file mode 100644
index 00000000..36ec1001
--- /dev/null
+++ b/install/debian/13/fail2ban/filter.d/vesta.conf
@@ -0,0 +1,10 @@
+# Fail2Ban filter for unsuccessful Vesta authentication attempts
+#
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex =  .* <HOST> failed to login
+ignoreregex =
+
diff --git a/install/debian/13/fail2ban/jail.local b/install/debian/13/fail2ban/jail.local
new file mode 100644
index 00000000..eccea068
--- /dev/null
+++ b/install/debian/13/fail2ban/jail.local
@@ -0,0 +1,39 @@
+[ssh-iptables]
+enabled  = true
+filter   = sshd
+action   = vesta[name=SSH]
+logpath  = /var/log/auth.log
+maxretry = 5
+
+[vsftpd-iptables]
+enabled  = false
+filter   = vsftpd
+action   = vesta[name=FTP]
+logpath  = /var/log/vsftpd.log
+maxretry = 5
+
+[exim-iptables]
+enabled = true
+filter  = exim
+action  = vesta[name=MAIL]
+logpath = /var/log/exim4/mainlog
+
+[dovecot-iptables]
+enabled = true
+filter  = dovecot
+action  = vesta[name=MAIL]
+logpath = /var/log/dovecot.log
+
+[mysqld-iptables]
+enabled  = false
+filter   = mysqld-auth
+action   = vesta[name=DB]
+logpath  = /var/log/mysql.log
+maxretry = 5
+
+[vesta-iptables]
+enabled = true
+filter  = vesta
+action  = vesta[name=VESTA]
+logpath = /var/log/vesta/auth.log
+maxretry = 5
diff --git a/install/debian/13/firewall/ports.conf b/install/debian/13/firewall/ports.conf
new file mode 100644
index 00000000..b730d012
--- /dev/null
+++ b/install/debian/13/firewall/ports.conf
@@ -0,0 +1,17 @@
+PROTOCOL='TCP' PORT='20'
+PROTOCOL='TCP' PORT='21'
+PROTOCOL='TCP' PORT='22'
+PROTOCOL='TCP' PORT='25'
+PROTOCOL='TCP' PORT='53'
+PROTOCOL='UDP' PORT='53'
+PROTOCOL='TCP' PORT='80'
+PROTOCOL='TCP' PORT='443'
+PROTOCOL='TCP' PORT='110'
+PROTOCOL='UDP' PORT='123'
+PROTOCOL='TCP' PORT='143'
+PROTOCOL='TCP' PORT='3306'
+PROTOCOL='TCP' PORT='5432'
+PROTOCOL='TCP' PORT='8080'
+PROTOCOL='TCP' PORT='8433'
+PROTOCOL='TCP' PORT='8083'
+PROTOCOL='TCP' PORT='12000:12100'
diff --git a/install/debian/13/firewall/rules.conf b/install/debian/13/firewall/rules.conf
new file mode 100644
index 00000000..6da5a1c4
--- /dev/null
+++ b/install/debian/13/firewall/rules.conf
@@ -0,0 +1,11 @@
+RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16'
+RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='yes' TIME='07:40:16' DATE='2014-05-25'
+RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24'
+RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16'
diff --git a/install/debian/13/logrotate/apache2 b/install/debian/13/logrotate/apache2
new file mode 100644
index 00000000..27629d0d
--- /dev/null
+++ b/install/debian/13/logrotate/apache2
@@ -0,0 +1,19 @@
+/var/log/apache2/*.log /var/log/apache2/domains/*log {
+        weekly
+        missingok
+        rotate 52
+        compress
+        delaycompress
+        notifempty
+        create 640 root adm
+        sharedscripts
+        postrotate
+                /etc/init.d/apache2 reload > /dev/null || true
+                [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
+        endscript
+        prerotate
+                if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+                        run-parts /etc/logrotate.d/httpd-prerotate; \
+                fi; \
+        endscript
+}
diff --git a/install/debian/13/logrotate/dovecot b/install/debian/13/logrotate/dovecot
new file mode 100644
index 00000000..ac4fd6e9
--- /dev/null
+++ b/install/debian/13/logrotate/dovecot
@@ -0,0 +1,12 @@
+/var/log/dovecot*.log {
+  weekly
+  rotate 4
+  missingok
+  notifempty
+  compress
+  delaycompress
+  sharedscripts
+  postrotate
+    doveadm log reopen
+  endscript
+}
diff --git a/install/debian/13/logrotate/nginx b/install/debian/13/logrotate/nginx
new file mode 100644
index 00000000..d667f213
--- /dev/null
+++ b/install/debian/13/logrotate/nginx
@@ -0,0 +1,13 @@
+/var/log/nginx/*log /var/log/nginx/domains/*log {
+        daily
+        missingok
+        rotate 52
+        compress
+        delaycompress
+        notifempty
+        create 640 nginx adm
+        sharedscripts
+        postrotate
+                [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
+        endscript
+}
diff --git a/install/debian/13/logrotate/vesta b/install/debian/13/logrotate/vesta
new file mode 100644
index 00000000..027a3439
--- /dev/null
+++ b/install/debian/13/logrotate/vesta
@@ -0,0 +1,7 @@
+/usr/local/vesta/log/*.log {
+    missingok
+    notifempty
+    size 30k
+    yearly
+    create 0600 root root
+}
diff --git a/install/debian/13/mysql/my-large.cnf b/install/debian/13/mysql/my-large.cnf
new file mode 100644
index 00000000..b056c316
--- /dev/null
+++ b/install/debian/13/mysql/my-large.cnf
@@ -0,0 +1,51 @@
+[client]
+default-character-set=utf8mb4
+port=3306
+socket=/var/run/mysqld/mysqld.sock
+
+[mysqld_safe]
+socket=/var/run/mysqld/mysqld.sock
+
+[mysql]
+default-character-set=utf8mb4
+
+[mysqld]
+collation-server = utf8mb4_unicode_520_ci
+init-connect='SET NAMES utf8mb4'
+character-set-server = utf8mb4
+user=mysql
+pid-file=/var/run/mysqld/mysqld.pid
+socket=/var/run/mysqld/mysqld.sock
+port=3306
+basedir=/usr
+datadir=/var/lib/mysql
+tmpdir=/tmp
+lc-messages-dir=/usr/share/mysql
+log_error=/var/log/mysql/error.log
+
+symbolic-links=0
+
+skip-external-locking
+key_buffer_size = 256M
+max_allowed_packet = 32M
+table_open_cache = 256
+sort_buffer_size = 1M
+read_buffer_size = 1M
+read_rnd_buffer_size = 4M
+myisam_sort_buffer_size = 64M
+thread_cache_size = 8
+query_cache_size= 16M
+thread_concurrency = 8
+
+#innodb_use_native_aio = 0
+innodb_file_per_table
+
+max_connections=200
+max_user_connections=50
+wait_timeout=10
+interactive_timeout=50
+long_query_time=5
+
+sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
+
+!includedir /etc/mysql/conf.d/
diff --git a/install/debian/13/mysql/my-medium.cnf b/install/debian/13/mysql/my-medium.cnf
new file mode 100644
index 00000000..33aa04c2
--- /dev/null
+++ b/install/debian/13/mysql/my-medium.cnf
@@ -0,0 +1,49 @@
+[client]
+default-character-set=utf8mb4
+port=3306
+socket=/var/run/mysqld/mysqld.sock
+
+[mysqld_safe]
+socket=/var/run/mysqld/mysqld.sock
+
+[mysql]
+default-character-set=utf8mb4
+
+[mysqld]
+collation-server = utf8mb4_unicode_520_ci
+init-connect='SET NAMES utf8mb4'
+character-set-server = utf8mb4
+user=mysql
+pid-file=/var/run/mysqld/mysqld.pid
+socket=/var/run/mysqld/mysqld.sock
+port=3306
+basedir=/usr
+datadir=/var/lib/mysql
+tmpdir=/tmp
+lc-messages-dir=/usr/share/mysql
+log_error=/var/log/mysql/error.log
+
+symbolic-links=0
+  
+skip-external-locking
+key_buffer_size = 16M
+max_allowed_packet = 16M
+table_open_cache = 64
+sort_buffer_size = 512K
+net_buffer_length = 8K
+read_buffer_size = 256K
+read_rnd_buffer_size = 512K
+myisam_sort_buffer_size = 8M
+
+#innodb_use_native_aio = 0
+innodb_file_per_table
+
+max_connections=70
+max_user_connections=30
+wait_timeout=10
+interactive_timeout=50
+long_query_time=5
+
+sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
+
+!includedir /etc/mysql/conf.d/
diff --git a/install/debian/13/mysql/my-small.cnf b/install/debian/13/mysql/my-small.cnf
new file mode 100644
index 00000000..857f48ce
--- /dev/null
+++ b/install/debian/13/mysql/my-small.cnf
@@ -0,0 +1,49 @@
+[client]
+default-character-set=utf8mb4
+port=3306
+socket=/var/run/mysqld/mysqld.sock
+
+[mysqld_safe]
+socket=/var/run/mysqld/mysqld.sock
+
+[mysql]
+default-character-set=utf8mb4
+
+[mysqld]
+collation-server = utf8mb4_unicode_520_ci
+init-connect='SET NAMES utf8mb4'
+character-set-server = utf8mb4
+user=mysql
+pid-file=/var/run/mysqld/mysqld.pid
+socket=/var/run/mysqld/mysqld.sock
+port=3306
+basedir=/usr
+datadir=/var/lib/mysql
+tmpdir=/tmp
+lc-messages-dir=/usr/share/mysql
+log_error=/var/log/mysql/error.log
+
+symbolic-links=0
+
+skip-external-locking
+key_buffer_size = 16K
+max_allowed_packet = 1M
+table_open_cache = 4
+sort_buffer_size = 64K
+read_buffer_size = 256K
+read_rnd_buffer_size = 256K
+net_buffer_length = 2K
+thread_stack = 240K
+
+#innodb_use_native_aio = 0
+innodb_file_per_table
+
+max_connections=30
+max_user_connections=20
+wait_timeout=10
+interactive_timeout=50
+long_query_time=5
+
+sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
+
+!includedir /etc/mysql/conf.d/
diff --git a/install/debian/13/nginx/nginx.conf b/install/debian/13/nginx/nginx.conf
new file mode 100644
index 00000000..6efe2337
--- /dev/null
+++ b/install/debian/13/nginx/nginx.conf
@@ -0,0 +1,140 @@
+# Server globals
+user                    www-data;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+timer_resolution         50ms; #In order to free some CPU cycles
+error_log               /var/log/nginx/error.log crit;
+pid                     /var/run/nginx.pid;
+
+
+# Worker config
+events {
+        worker_connections  1024;
+        use                 epoll;
+        multi_accept        on;
+}
+
+
+http {
+    # Main settings
+    sendfile                        on;
+    tcp_nopush                      on;
+    tcp_nodelay                     on;
+    client_header_timeout           1m;
+    client_body_timeout             1m;
+    client_header_buffer_size       2k;
+    client_body_buffer_size         256k;
+    client_max_body_size            256m;
+    large_client_header_buffers     4   8k;
+    send_timeout                    30;
+    keepalive_timeout               60 60;
+    reset_timedout_connection       on;
+    server_tokens                   off;
+    server_name_in_redirect         off;
+    server_names_hash_max_size      512;
+    server_names_hash_bucket_size   512;
+
+
+    # Log format
+    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
+                        '"$status" $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+    log_format  bytes   '$body_bytes_sent';
+    #access_log          /var/log/nginx/access.log main;
+    access_log off;
+
+
+    # Mime settings
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+
+    # Compression
+    gzip                on;
+    gzip_comp_level     9;
+    gzip_min_length     512;
+    gzip_buffers        8 64k;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
+    gzip_proxied        any;
+    gzip_disable        "MSIE [1-6]\.";
+
+    # Proxy settings
+    proxy_redirect      off;
+    proxy_set_header    Host            $host;
+    proxy_set_header    X-Real-IP       $remote_addr;
+    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass_header   Set-Cookie;
+    proxy_connect_timeout   900;
+    proxy_send_timeout  900;
+    proxy_read_timeout  900;
+    proxy_buffer_size   128k;
+    proxy_buffers   4 256k;
+    proxy_busy_buffers_size   256k;
+
+
+    # Cloudflare https://www.cloudflare.com/ips
+    set_real_ip_from 173.245.48.0/20;
+    set_real_ip_from 103.21.244.0/22;
+    set_real_ip_from 103.22.200.0/22;
+    set_real_ip_from 103.31.4.0/22;
+    set_real_ip_from 104.16.0.0/13;
+    set_real_ip_from 104.24.0.0/14;
+    set_real_ip_from 141.101.64.0/18;
+    set_real_ip_from 108.162.192.0/18;
+    set_real_ip_from 190.93.240.0/20;
+    set_real_ip_from 188.114.96.0/20;
+    set_real_ip_from 197.234.240.0/22;
+    set_real_ip_from 198.41.128.0/17;
+    set_real_ip_from 162.158.0.0/15;
+    set_real_ip_from 172.64.0.0/13;
+    set_real_ip_from 131.0.72.0/22;
+    set_real_ip_from 2400:cb00::/32;
+    set_real_ip_from 2606:4700::/32;
+    set_real_ip_from 2803:f800::/32;
+    set_real_ip_from 2405:b500::/32;
+    set_real_ip_from 2405:8100::/32;
+    set_real_ip_from 2a06:98c0::/29;
+    set_real_ip_from 2c0f:f248::/32;
+    real_ip_header     CF-Connecting-IP;
+
+
+    # SSL PCI Compliance
+    ssl_session_cache   shared:SSL:10m;
+    ssl_protocols       TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+
+
+    # Error pages
+    error_page          403          /error/403.html;
+    error_page          404          /error/404.html;
+    error_page          502 503 504  /error/50x.html;
+
+
+    # Cache settings
+    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
+    proxy_cache_key "$host$request_uri $cookie_user";
+    proxy_temp_path  /var/cache/nginx/temp;
+    proxy_ignore_headers Expires Cache-Control;
+    proxy_cache_use_stale error timeout invalid_header http_502;
+    proxy_cache_valid any 1d;
+
+
+    # Cache bypass
+    map $http_cookie $no_cache {
+        default 0;
+        ~SESS 1;
+        ~wordpress_logged_in 1;
+    }
+
+
+    # File cache settings
+    open_file_cache          max=10000 inactive=30s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   off;
+
+
+    # Wildcard include
+    include             /etc/nginx/conf.d/*.conf;
+}
diff --git a/install/debian/13/nginx/phpmyadmin.inc b/install/debian/13/nginx/phpmyadmin.inc
new file mode 100644
index 00000000..cdfc93c4
--- /dev/null
+++ b/install/debian/13/nginx/phpmyadmin.inc
@@ -0,0 +1,18 @@
+location /phpmyadmin {
+    alias /usr/share/phpmyadmin;
+
+    location ~ /(libraries|setup) {
+        return 404;
+    }
+
+    location ~ ^/phpmyadmin/(.*\.php)$ {
+        alias /usr/share/phpmyadmin/$1;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+    }
+    location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
+        root /usr/share/;
+    }
+}
diff --git a/install/debian/13/nginx/phppgadmin.inc b/install/debian/13/nginx/phppgadmin.inc
new file mode 100644
index 00000000..47cfcf4e
--- /dev/null
+++ b/install/debian/13/nginx/phppgadmin.inc
@@ -0,0 +1,11 @@
+location /phppgadmin {
+    alias /usr/share/phppgadmin;
+
+    location ~ ^/phppgadmin/(.*\.php)$ {
+        alias /usr/share/phppgadmin/$1;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+    }
+}
diff --git a/install/debian/13/nginx/status.conf b/install/debian/13/nginx/status.conf
new file mode 100644
index 00000000..c0bcd069
--- /dev/null
+++ b/install/debian/13/nginx/status.conf
@@ -0,0 +1,9 @@
+server {
+    listen       127.0.0.1:8084 default;
+    server_name  _;
+    server_name_in_redirect  off;
+    location / {
+        stub_status on;
+        access_log   off;
+   }
+}
diff --git a/install/debian/13/nginx/webmail.inc b/install/debian/13/nginx/webmail.inc
new file mode 100644
index 00000000..768c9049
--- /dev/null
+++ b/install/debian/13/nginx/webmail.inc
@@ -0,0 +1,15 @@
+location /webmail {
+    alias /var/lib/roundcube;
+
+    location ~ /(config|temp|logs) {
+        return 404;
+    }
+
+    location ~ ^/webmail/(.*\.php)$ {
+        alias /var/lib/roundcube/$1;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+    }
+}
diff --git a/install/debian/13/packages/default.pkg b/install/debian/13/packages/default.pkg
new file mode 100644
index 00000000..cd1cbba1
--- /dev/null
+++ b/install/debian/13/packages/default.pkg
@@ -0,0 +1,18 @@
+WEB_TEMPLATE='PHP-FPM-82'
+PROXY_TEMPLATE='hosting'
+DNS_TEMPLATE='default'
+WEB_DOMAINS='unlimited'
+WEB_ALIASES='unlimited'
+DNS_DOMAINS='unlimited'
+DNS_RECORDS='unlimited'
+MAIL_DOMAINS='unlimited'
+MAIL_ACCOUNTS='unlimited'
+DATABASES='unlimited'
+CRON_JOBS='unlimited'
+DISK_QUOTA='unlimited'
+BANDWIDTH='unlimited'
+NS='YOURHOSTNAME1,YOURHOSTNAME2'
+SHELL='nologin'
+BACKUPS='2'
+TIME='18:00:00'
+DATE='2017-12-28'
diff --git a/install/debian/13/pga/config.inc.php b/install/debian/13/pga/config.inc.php
new file mode 100644
index 00000000..1eec9776
--- /dev/null
+++ b/install/debian/13/pga/config.inc.php
@@ -0,0 +1,159 @@
+<?php
+
+    /**
+     * Central phpPgAdmin configuration.  As a user you may modify the
+     * settings here for your particular configuration.
+     *
+     * $Id: config.inc.php-dist,v 1.55 2008/02/18 21:10:31 xzilla Exp $
+     */
+
+    // An example server.  Create as many of these as you wish,
+    // indexed from zero upwards.
+
+    // Display name for the server on the login screen
+    $conf['servers'][0]['desc'] = 'PostgreSQL';
+
+    // Hostname or IP address for server.  Use '' for UNIX domain socket.
+    // use 'localhost' for TCP/IP connection on this computer
+    $conf['servers'][0]['host'] = 'localhost';
+
+    // Database port on server (5432 is the PostgreSQL default)
+    $conf['servers'][0]['port'] = 5432;
+
+    // Database SSL mode
+    // Possible options: disable, allow, prefer, require
+    // To require SSL on older servers use option: legacy
+    // To ignore the SSL mode, use option: unspecified
+    $conf['servers'][0]['sslmode'] = 'allow';
+
+    // Change the default database only if you cannot connect to template1.
+    // For a PostgreSQL 8.1+ server, you can set this to 'postgres'.
+    $conf['servers'][0]['defaultdb'] = 'template1';
+
+    // Specify the path to the database dump utilities for this server.
+    // You can set these to '' if no dumper is available.
+    $conf['servers'][0]['pg_dump_path'] = '/usr/bin/pg_dump';
+    $conf['servers'][0]['pg_dumpall_path'] = '/usr/bin/pg_dumpall';
+
+    // Slony (www.slony.info) support?
+    $conf['servers'][0]['slony_support'] = false;
+    // Specify the path to the Slony SQL scripts (where slony1_base.sql is located, etc.)
+    // No trailing slash.
+    $conf['servers'][0]['slony_sql'] = '/usr/share/pgsql';
+
+    // Example for a second server (PostgreSQL for Windows)
+    //$conf['servers'][1]['desc'] = 'Test Server';
+    //$conf['servers'][1]['host'] = '127.0.0.1';
+    //$conf['servers'][1]['port'] = 5432;
+    //$conf['servers'][1]['sslmode'] = 'allow';
+    //$conf['servers'][1]['defaultdb'] = 'template1';
+    //$conf['servers'][1]['pg_dump_path'] = 'C:\\Program Files\\PostgreSQL\\8.0\\bin\\pg_dump.exe';
+    //$conf['servers'][1]['pg_dumpall_path'] = 'C:\\Program Files\\PostgreSQL\\8.0\\bin\\pg_dumpall.exe';
+    //$conf['servers'][1]['slony_support'] = false;
+    //$conf['servers'][1]['slony_sql'] = 'C:\\Program Files\\PostgreSQL\\8.0\\share';
+
+
+    // Example of groups definition.
+    // Groups allow administrators to logicaly group servers together under group nodes in the left browser tree
+    //
+    // The group '0' description
+    //$conf['srv_groups'][0]['desc'] = 'group one';
+    //
+    // Add here servers indexes belonging to the group '0' seperated by comma
+    //$conf['srv_groups'][0]['servers'] = '0,1,2'; 
+    //
+    // A server can belong to multi groups
+    //$conf['srv_groups'][1]['desc'] = 'group two';
+    //$conf['srv_groups'][1]['servers'] = '3,1';
+
+
+    // Default language. E.g.: 'english', 'polish', etc.  See lang/ directory
+    // for all possibilities. If you specify 'auto' (the default) it will use 
+    // your browser preference.
+    $conf['default_lang'] = 'auto';
+
+    // AutoComplete uses AJAX interaction to list foreign key values 
+    // on insert fields. It currently only works on single column 
+    // foreign keys. You can choose one of the following values:
+    // 'default on' enables AutoComplete and turns it on by default.
+    // 'default off' enables AutoComplete but turns it off by default.
+    // 'disable' disables AutoComplete.
+    $conf['autocomplete'] = 'default on';
+
+    // If extra login security is true, then logins via phpPgAdmin with no
+    // password or certain usernames (pgsql, postgres, root, administrator)
+    // will be denied. Only set this false once you have read the FAQ and
+    // understand how to change PostgreSQL's pg_hba.conf to enable
+    // passworded local connections.
+    $conf['extra_login_security'] = true;
+
+    // Only show owned databases?
+    // Note: This will simply hide other databases in the list - this does
+    // not in any way prevent your users from seeing other database by
+    // other means. (e.g. Run 'SELECT * FROM pg_database' in the SQL area.)
+    $conf['owned_only'] = false;
+
+    // Display comments on objects?  Comments are a good way of documenting
+    // a database, but they do take up space in the interface.
+    $conf['show_comments'] = true;
+
+    // Display "advanced" objects? Setting this to true will show 
+    // aggregates, types, operators, operator classes, conversions, 
+    // languages and casts in phpPgAdmin. These objects are rarely 
+    // administered and can clutter the interface.
+    $conf['show_advanced'] = false;
+
+    // Display "system" objects?
+    $conf['show_system'] = false;
+
+    // Display reports feature?  For this feature to work, you must
+    // install the reports database as explained in the INSTALL file.
+    $conf['show_reports'] = true;
+
+    // Database and table for reports
+    $conf['reports_db'] = 'phppgadmin';
+    $conf['reports_schema'] = 'public';
+    $conf['reports_table'] = 'ppa_reports';
+
+    // Only show owned reports?
+    // Note: This does not prevent people from accessing other reports by
+    // other means.
+    $conf['owned_reports_only'] = false;
+
+    // Minimum length users can set their password to.
+    $conf['min_password_length'] = 1;
+
+    // Width of the left frame in pixels (object browser)
+    $conf['left_width'] = 200;
+
+    // Which look & feel theme to use
+    $conf['theme'] = 'default';
+
+    // Show OIDs when browsing tables?
+    $conf['show_oids'] = false;
+
+    // Max rows to show on a page when browsing record sets
+    $conf['max_rows'] = 30;
+
+    // Max chars of each field to display by default in browse mode
+    $conf['max_chars'] = 50;
+
+    // Send XHTML strict headers?
+    $conf['use_xhtml_strict'] = false;
+
+    // Base URL for PostgreSQL documentation.
+    // '%s', if present, will be replaced with the PostgreSQL version
+    // (e.g. 8.4 )
+    $conf['help_base'] = 'http://www.postgresql.org/docs/%s/interactive/';
+
+    // Configuration for ajax scripts
+    // Time in seconds. If set to 0, refreshing data using ajax will be disabled (locks and activity pages)
+    $conf['ajax_refresh'] = 3;
+
+    /*****************************************
+     * Don't modify anything below this line *
+     *****************************************/
+
+    $conf['version'] = 19;
+
+?>
diff --git a/install/debian/13/pga/phppgadmin.conf b/install/debian/13/pga/phppgadmin.conf
new file mode 100644
index 00000000..f39247d6
--- /dev/null
+++ b/install/debian/13/pga/phppgadmin.conf
@@ -0,0 +1,31 @@
+Alias /phppgadmin /usr/share/phppgadmin
+
+<Directory /usr/share/phppgadmin>
+
+DirectoryIndex index.php
+AllowOverride None
+
+order deny,allow
+deny from all
+allow from 127.0.0.0/255.0.0.0 ::1/128
+allow from all
+
+<IfModule mod_php5.c>
+  php_flag magic_quotes_gpc Off
+  php_flag track_vars On
+  php_value include_path .
+</IfModule>
+<IfModule !mod_php5.c>
+  <IfModule mod_actions.c>
+    <IfModule mod_cgi.c>
+      AddType application/x-httpd-php .php
+      Action application/x-httpd-php /cgi-bin/php
+    </IfModule>
+    <IfModule mod_cgid.c>
+      AddType application/x-httpd-php .php
+      Action application/x-httpd-php /cgi-bin/php
+    </IfModule>
+  </IfModule>
+</IfModule>
+
+</Directory>
diff --git a/install/debian/13/php-fpm/www.conf b/install/debian/13/php-fpm/www.conf
new file mode 100644
index 00000000..3c87f33c
--- /dev/null
+++ b/install/debian/13/php-fpm/www.conf
@@ -0,0 +1,11 @@
+[www]
+listen = 127.0.0.1:9000
+listen.allowed_clients = 127.0.0.1
+
+user = www-data
+group = www-data
+
+pm = ondemand
+pm.max_children = 2
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
diff --git a/install/debian/13/php/php7.3-dedi.patch b/install/debian/13/php/php7.3-dedi.patch
new file mode 100644
index 00000000..c044e002
--- /dev/null
+++ b/install/debian/13/php/php7.3-dedi.patch
@@ -0,0 +1,78 @@
+--- /etc/php/7.3/fpm/php.ini.orig	2019-07-18 16:11:18.856589963 +0200
++++ /etc/php/7.3/fpm/php.ini	2019-07-18 17:45:51.000000000 +0200
+@@ -312,7 +312,8 @@
+ ; This directive allows you to disable certain functions for security reasons.
+ ; It receives a comma-delimited list of function names.
+ ; http://php.net/disable-functions
+-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen
+ 
+ ; This directive allows you to disable certain classes for security reasons.
+ ; It receives a comma-delimited list of class names.
+@@ -399,11 +400,11 @@
+ ;max_input_nesting_level = 64
+ 
+ ; How many GET/POST/COOKIE input variables may be accepted
+-;max_input_vars = 1000
++max_input_vars = 6000
+ 
+ ; Maximum amount of memory a script may consume (128MB)
+ ; http://php.net/memory-limit
+-memory_limit = 128M
++memory_limit = 256M
+ 
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ ; Error handling and logging ;
+@@ -690,7 +691,7 @@
+ ; Its value may be 0 to disable the limit. It is ignored if POST data reading
+ ; is disabled through enable_post_data_reading.
+ ; http://php.net/post-max-size
+-post_max_size = 8M
++post_max_size = 60M
+ 
+ ; Automatically add files before PHP document.
+ ; http://php.net/auto-prepend-file
+@@ -842,7 +843,7 @@
+ 
+ ; Maximum allowed size for uploaded files.
+ ; http://php.net/upload-max-filesize
+-upload_max_filesize = 2M
++upload_max_filesize = 50M
+ 
+ ; Maximum number of files that can be uploaded via a single request
+ max_file_uploads = 20
+@@ -1087,7 +1088,7 @@
+ 
+ ; The path to a log file that will log all mail() calls. Log entries include
+ ; the full path of the script, line number, To address and headers.
+-;mail.log =
++mail.log = /var/log/php-mail.log
+ ; Log mail to syslog (Event Log on Windows).
+ ;mail.log = syslog
+ 
+@@ -1791,20 +1792,20 @@
+ 
+ [opcache]
+ ; Determines if Zend OPCache is enabled
+-;opcache.enable=1
++opcache.enable=1
+ 
+ ; Determines if Zend OPCache is enabled for the CLI version of PHP
+-;opcache.enable_cli=0
++opcache.enable_cli=0
+ 
+ ; The OPcache shared memory storage size.
+-;opcache.memory_consumption=128
++opcache.memory_consumption=2048
+ 
+ ; The amount of memory for interned strings in Mbytes.
+ ;opcache.interned_strings_buffer=8
+ 
+ ; The maximum number of keys (scripts) in the OPcache hash table.
+ ; Only numbers between 200 and 1000000 are allowed.
+-;opcache.max_accelerated_files=10000
++opcache.max_accelerated_files=100000
+ 
+ ; The maximum percentage of "wasted" memory until a restart is scheduled.
+ ;opcache.max_wasted_percentage=5
diff --git a/install/debian/13/php/php7.3-vps.patch b/install/debian/13/php/php7.3-vps.patch
new file mode 100644
index 00000000..803b93e8
--- /dev/null
+++ b/install/debian/13/php/php7.3-vps.patch
@@ -0,0 +1,78 @@
+--- /etc/php/7.3/fpm/php.ini.orig	2019-07-18 16:11:18.856589963 +0200
++++ /etc/php/7.3/fpm/php.ini	2019-07-18 17:45:51.000000000 +0200
+@@ -312,7 +312,8 @@
+ ; This directive allows you to disable certain functions for security reasons.
+ ; It receives a comma-delimited list of function names.
+ ; http://php.net/disable-functions
+-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen
+ 
+ ; This directive allows you to disable certain classes for security reasons.
+ ; It receives a comma-delimited list of class names.
+@@ -399,11 +400,11 @@
+ ;max_input_nesting_level = 64
+ 
+ ; How many GET/POST/COOKIE input variables may be accepted
+-;max_input_vars = 1000
++max_input_vars = 6000
+ 
+ ; Maximum amount of memory a script may consume (128MB)
+ ; http://php.net/memory-limit
+-memory_limit = 128M
++memory_limit = 256M
+ 
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ ; Error handling and logging ;
+@@ -690,7 +691,7 @@
+ ; Its value may be 0 to disable the limit. It is ignored if POST data reading
+ ; is disabled through enable_post_data_reading.
+ ; http://php.net/post-max-size
+-post_max_size = 8M
++post_max_size = 60M
+ 
+ ; Automatically add files before PHP document.
+ ; http://php.net/auto-prepend-file
+@@ -842,7 +843,7 @@
+ 
+ ; Maximum allowed size for uploaded files.
+ ; http://php.net/upload-max-filesize
+-upload_max_filesize = 2M
++upload_max_filesize = 50M
+ 
+ ; Maximum number of files that can be uploaded via a single request
+ max_file_uploads = 20
+@@ -1087,7 +1088,7 @@
+ 
+ ; The path to a log file that will log all mail() calls. Log entries include
+ ; the full path of the script, line number, To address and headers.
+-;mail.log =
++mail.log = /var/log/php-mail.log
+ ; Log mail to syslog (Event Log on Windows).
+ ;mail.log = syslog
+ 
+@@ -1791,20 +1792,20 @@
+ 
+ [opcache]
+ ; Determines if Zend OPCache is enabled
+-;opcache.enable=1
++opcache.enable=1
+ 
+ ; Determines if Zend OPCache is enabled for the CLI version of PHP
+-;opcache.enable_cli=0
++opcache.enable_cli=0
+ 
+ ; The OPcache shared memory storage size.
+-;opcache.memory_consumption=128
++opcache.memory_consumption=512
+ 
+ ; The amount of memory for interned strings in Mbytes.
+ ;opcache.interned_strings_buffer=8
+ 
+ ; The maximum number of keys (scripts) in the OPcache hash table.
+ ; Only numbers between 200 and 1000000 are allowed.
+-;opcache.max_accelerated_files=10000
++opcache.max_accelerated_files=100000
+ 
+ ; The maximum percentage of "wasted" memory until a restart is scheduled.
+ ;opcache.max_wasted_percentage=5
diff --git a/install/debian/13/php/php7.4-dedi.patch b/install/debian/13/php/php7.4-dedi.patch
new file mode 100644
index 00000000..3e5bd2fb
--- /dev/null
+++ b/install/debian/13/php/php7.4-dedi.patch
@@ -0,0 +1,78 @@
+--- /etc/php/7.4/fpm/php.ini.orig	2021-07-16 16:12:30.027464762 +0200
++++ /etc/php/7.4/fpm/php.ini	2021-07-16 16:25:15.000000000 +0200
+@@ -309,7 +309,8 @@
+ ; This directive allows you to disable certain functions.
+ ; It receives a comma-delimited list of function names.
+ ; http://php.net/disable-functions
+-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen
+ 
+ ; This directive allows you to disable certain classes.
+ ; It receives a comma-delimited list of class names.
+@@ -402,11 +403,11 @@
+ ;max_input_nesting_level = 64
+ 
+ ; How many GET/POST/COOKIE input variables may be accepted
+-;max_input_vars = 1000
++max_input_vars = 6000
+ 
+ ; Maximum amount of memory a script may consume
+ ; http://php.net/memory-limit
+-memory_limit = 128M
++memory_limit = 256M
+ 
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ ; Error handling and logging ;
+@@ -691,7 +692,7 @@
+ ; Its value may be 0 to disable the limit. It is ignored if POST data reading
+ ; is disabled through enable_post_data_reading.
+ ; http://php.net/post-max-size
+-post_max_size = 8M
++post_max_size = 60M
+ 
+ ; Automatically add files before PHP document.
+ ; http://php.net/auto-prepend-file
+@@ -843,7 +844,7 @@
+ 
+ ; Maximum allowed size for uploaded files.
+ ; http://php.net/upload-max-filesize
+-upload_max_filesize = 2M
++upload_max_filesize = 50M
+ 
+ ; Maximum number of files that can be uploaded via a single request
+ max_file_uploads = 20
+@@ -1089,7 +1090,7 @@
+ 
+ ; The path to a log file that will log all mail() calls. Log entries include
+ ; the full path of the script, line number, To address and headers.
+-;mail.log =
++mail.log = /var/log/php-mail.log
+ ; Log mail to syslog (Event Log on Windows).
+ ;mail.log = syslog
+ 
+@@ -1766,20 +1767,20 @@
+ 
+ [opcache]
+ ; Determines if Zend OPCache is enabled
+-;opcache.enable=1
++opcache.enable=1
+ 
+ ; Determines if Zend OPCache is enabled for the CLI version of PHP
+-;opcache.enable_cli=0
++opcache.enable_cli=0
+ 
+ ; The OPcache shared memory storage size.
+-;opcache.memory_consumption=128
++opcache.memory_consumption=2048
+ 
+ ; The amount of memory for interned strings in Mbytes.
+ ;opcache.interned_strings_buffer=8
+ 
+ ; The maximum number of keys (scripts) in the OPcache hash table.
+ ; Only numbers between 200 and 1000000 are allowed.
+-;opcache.max_accelerated_files=10000
++opcache.max_accelerated_files=100000
+ 
+ ; The maximum percentage of "wasted" memory until a restart is scheduled.
+ ;opcache.max_wasted_percentage=5
diff --git a/install/debian/13/php/php7.4-vps.patch b/install/debian/13/php/php7.4-vps.patch
new file mode 100644
index 00000000..7c52d402
--- /dev/null
+++ b/install/debian/13/php/php7.4-vps.patch
@@ -0,0 +1,78 @@
+--- /etc/php/7.4/fpm/php.ini.orig	2021-07-16 16:12:30.027464762 +0200
++++ /etc/php/7.4/fpm/php.ini	2021-07-16 16:24:26.000000000 +0200
+@@ -309,7 +309,8 @@
+ ; This directive allows you to disable certain functions.
+ ; It receives a comma-delimited list of function names.
+ ; http://php.net/disable-functions
+-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen
+ 
+ ; This directive allows you to disable certain classes.
+ ; It receives a comma-delimited list of class names.
+@@ -402,11 +403,11 @@
+ ;max_input_nesting_level = 64
+ 
+ ; How many GET/POST/COOKIE input variables may be accepted
+-;max_input_vars = 1000
++max_input_vars = 6000
+ 
+ ; Maximum amount of memory a script may consume
+ ; http://php.net/memory-limit
+-memory_limit = 128M
++memory_limit = 256M
+ 
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ ; Error handling and logging ;
+@@ -691,7 +692,7 @@
+ ; Its value may be 0 to disable the limit. It is ignored if POST data reading
+ ; is disabled through enable_post_data_reading.
+ ; http://php.net/post-max-size
+-post_max_size = 8M
++post_max_size = 60M
+ 
+ ; Automatically add files before PHP document.
+ ; http://php.net/auto-prepend-file
+@@ -843,7 +844,7 @@
+ 
+ ; Maximum allowed size for uploaded files.
+ ; http://php.net/upload-max-filesize
+-upload_max_filesize = 2M
++upload_max_filesize = 50M
+ 
+ ; Maximum number of files that can be uploaded via a single request
+ max_file_uploads = 20
+@@ -1089,7 +1090,7 @@
+ 
+ ; The path to a log file that will log all mail() calls. Log entries include
+ ; the full path of the script, line number, To address and headers.
+-;mail.log =
++mail.log = /var/log/php-mail.log
+ ; Log mail to syslog (Event Log on Windows).
+ ;mail.log = syslog
+ 
+@@ -1766,20 +1767,20 @@
+ 
+ [opcache]
+ ; Determines if Zend OPCache is enabled
+-;opcache.enable=1
++opcache.enable=1
+ 
+ ; Determines if Zend OPCache is enabled for the CLI version of PHP
+-;opcache.enable_cli=0
++opcache.enable_cli=0
+ 
+ ; The OPcache shared memory storage size.
+-;opcache.memory_consumption=128
++opcache.memory_consumption=512
+ 
+ ; The amount of memory for interned strings in Mbytes.
+ ;opcache.interned_strings_buffer=8
+ 
+ ; The maximum number of keys (scripts) in the OPcache hash table.
+ ; Only numbers between 200 and 1000000 are allowed.
+-;opcache.max_accelerated_files=10000
++opcache.max_accelerated_files=100000
+ 
+ ; The maximum percentage of "wasted" memory until a restart is scheduled.
+ ;opcache.max_wasted_percentage=5
diff --git a/install/debian/13/pma/apache.conf b/install/debian/13/pma/apache.conf
new file mode 100644
index 00000000..2a8f69e2
--- /dev/null
+++ b/install/debian/13/pma/apache.conf
@@ -0,0 +1,42 @@
+# phpMyAdmin default Apache configuration
+
+Alias /phpmyadmin /usr/share/phpmyadmin
+
+<Directory /usr/share/phpmyadmin>
+	Options FollowSymLinks
+	DirectoryIndex index.php
+
+	<IfModule mod_php5.c>
+		AddType application/x-httpd-php .php
+
+		php_flag magic_quotes_gpc Off
+		php_flag track_vars On
+		php_flag register_globals Off
+		php_admin_flag allow_url_fopen Off
+		php_value include_path .
+		php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
+		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
+	</IfModule>
+
+</Directory>
+
+# Authorize for setup
+<Directory /usr/share/phpmyadmin/setup>
+    <IfModule mod_authn_file.c>
+    AuthType Basic
+    AuthName "phpMyAdmin Setup"
+    AuthUserFile /etc/phpmyadmin/htpasswd.setup
+    </IfModule>
+    Require valid-user
+</Directory>
+
+# Disallow web access to directories that don't need it
+<Directory /usr/share/phpmyadmin/libraries>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+<Directory /usr/share/phpmyadmin/setup/lib>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+
diff --git a/install/debian/13/pma/config.inc.php b/install/debian/13/pma/config.inc.php
new file mode 100644
index 00000000..eafc6d67
--- /dev/null
+++ b/install/debian/13/pma/config.inc.php
@@ -0,0 +1,146 @@
+<?php
+/**
+ * Debian local configuration file
+ *
+ * This file overrides the settings made by phpMyAdmin interactive setup
+ * utility.
+ *
+ * For example configuration see
+ *   /usr/share/doc/phpmyadmin/examples/config.sample.inc.php
+ * or
+ *   /usr/share/doc/phpmyadmin/examples/config.manyhosts.inc.php
+ *
+ * NOTE: do not add security sensitive data to this file (like passwords)
+ * unless you really know what you're doing. If you do, any user that can
+ * run PHP or CGI on your webserver will be able to read them. If you still
+ * want to do this, make sure to properly secure the access to this file
+ * (also on the filesystem level).
+ */
+
+function check_file_access($path)
+{
+    if (is_readable($path)) {
+        return true;
+    } else {
+        error_log(
+            'phpmyadmin: Failed to load ' . $path
+            . ' Check group www-data has read access and open_basedir restrictions.'
+        );
+        return false;
+    }
+}
+
+// Load secret generated on postinst
+if (check_file_access('/var/lib/phpmyadmin/blowfish_secret.inc.php')) {
+    require('/var/lib/phpmyadmin/blowfish_secret.inc.php');
+}
+
+// Load autoconf local config
+if (check_file_access('/var/lib/phpmyadmin/config.inc.php')) {
+    require('/var/lib/phpmyadmin/config.inc.php');
+}
+
+/**
+ * Server(s) configuration
+ */
+$i = 0;
+// The $cfg['Servers'] array starts with $cfg['Servers'][1].  Do not use $cfg['Servers'][0].
+// You can disable a server config entry by setting host to ''.
+$i++;
+
+/**
+ * Read configuration from dbconfig-common
+ * You can regenerate it using: dpkg-reconfigure -plow phpmyadmin
+ */
+if (check_file_access('/etc/phpmyadmin/config-db.php')) {
+    require('/etc/phpmyadmin/config-db.php');
+}
+
+/* Configure according to dbconfig-common if enabled */
+if (!empty($dbname)) {
+    /* Authentication type */
+    $cfg['Servers'][$i]['auth_type'] = 'cookie';
+    /* Server parameters */
+    if (empty($dbserver)) $dbserver = 'localhost';
+    $cfg['Servers'][$i]['host'] = $dbserver;
+
+    if (!empty($dbport) || $dbserver != 'localhost') {
+        $cfg['Servers'][$i]['connect_type'] = 'tcp';
+        $cfg['Servers'][$i]['port'] = $dbport;
+    }
+    //$cfg['Servers'][$i]['compress'] = false;
+    /* Select mysqli if your server has it */
+    $cfg['Servers'][$i]['extension'] = 'mysqli';
+    /* Optional: User for advanced features */
+    $cfg['Servers'][$i]['controluser'] = $dbuser;
+    $cfg['Servers'][$i]['controlpass'] = $dbpass;
+    /* Optional: Advanced phpMyAdmin features */
+    $cfg['Servers'][$i]['pmadb'] = $dbname;
+    $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
+    $cfg['Servers'][$i]['relation'] = 'pma__relation';
+    $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
+    $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
+    $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
+    $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
+    $cfg['Servers'][$i]['history'] = 'pma__history';
+    $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
+    $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
+    $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
+    $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
+    $cfg['Servers'][$i]['recent'] = 'pma__recent';
+
+    /* Uncomment the following to enable logging in to passwordless accounts,
+     * after taking note of the associated security risks. */
+    // $cfg['Servers'][$i]['AllowNoPassword'] = TRUE;
+
+    /* Advance to next server for rest of config */
+    $i++;
+}
+
+/* Authentication type */
+//$cfg['Servers'][$i]['auth_type'] = 'cookie';
+/* Server parameters */
+//$cfg['Servers'][$i]['host'] = 'localhost';
+//$cfg['Servers'][$i]['connect_type'] = 'tcp';
+//$cfg['Servers'][$i]['compress'] = false;
+/* Select mysqli if your server has it */
+//$cfg['Servers'][$i]['extension'] = 'mysql';
+/* Optional: User for advanced features */
+// $cfg['Servers'][$i]['controluser'] = 'pma';
+// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
+
+/* Storage database and tables */
+// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
+// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
+// $cfg['Servers'][$i]['relation'] = 'pma_relation';
+// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';
+// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
+// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
+// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';
+// $cfg['Servers'][$i]['history'] = 'pma_history';
+// $cfg['Servers'][$i]['table_uiprefs'] = 'pma_table_uiprefs';
+// $cfg['Servers'][$i]['tracking'] = 'pma_tracking';
+// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';
+// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';
+// $cfg['Servers'][$i]['recent'] = 'pma_recent';
+/* Uncomment the following to enable logging in to passwordless accounts,
+ * after taking note of the associated security risks. */
+// $cfg['Servers'][$i]['AllowNoPassword'] = TRUE;
+
+/*
+ * End of servers configuration
+ */
+
+/*
+ * Directories for saving/loading files from server
+ */
+$cfg['UploadDir'] = '';
+$cfg['SaveDir'] = '';
+
+/* Support additional configurations */
+foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
+{
+    include($filename);
+}
+
+
diff --git a/install/debian/13/pma/create_tables.sql b/install/debian/13/pma/create_tables.sql
new file mode 100644
index 00000000..3583a6ed
--- /dev/null
+++ b/install/debian/13/pma/create_tables.sql
@@ -0,0 +1,385 @@
+-- --------------------------------------------------------
+-- SQL Commands to set up the pmadb as described in the documentation.
+--
+-- This file is meant for use with MySQL 5 and above!
+--
+-- This script expects the user pma to already be existing. If we would put a
+-- line here to create him too many users might just use this script and end
+-- up with having the same password for the controluser.
+--
+-- This user "pma" must be defined in config.inc.php (controluser/controlpass)
+--
+-- Please don't forget to set up the tablenames in config.inc.php
+--
+
+-- --------------------------------------------------------
+
+--
+-- Database : `phpmyadmin`
+--
+CREATE DATABASE IF NOT EXISTS `phpmyadmin`
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+USE phpmyadmin;
+
+-- --------------------------------------------------------
+
+--
+-- Privileges
+--
+-- (activate this statement if necessary)
+-- GRANT SELECT, INSERT, DELETE, UPDATE, ALTER ON `phpmyadmin`.* TO
+--    'pma'@localhost;
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__usergroups`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__usergroups` (
+  `usergroup` varchar(64) NOT NULL,
+  `tab` varchar(64) NOT NULL,
+  `allowed` enum('Y','N') NOT NULL DEFAULT 'N',
+  PRIMARY KEY (`usergroup`,`tab`,`allowed`)
+)
+  COMMENT='User groups with configured menu items'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__designer_coords`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__designer_coords` (
+  `db_name` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `table_name` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `x` int(11) DEFAULT NULL,
+  `y` int(11) DEFAULT NULL,
+  `v` tinyint(4) DEFAULT NULL,
+  `h` tinyint(4) DEFAULT NULL,
+  PRIMARY KEY (`db_name`,`table_name`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Table coordinates for Designer';
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__bookmark`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__bookmark` (
+  `id` int(11) NOT NULL auto_increment,
+  `dbase` varchar(255) NOT NULL default '',
+  `user` varchar(255) NOT NULL default '',
+  `label` varchar(255) COLLATE utf8_general_ci NOT NULL default '',
+  `query` text NOT NULL,
+  PRIMARY KEY  (`id`)
+)
+  COMMENT='Bookmarks'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__column_info`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__column_info` (
+  `id` int(5) unsigned NOT NULL auto_increment,
+  `db_name` varchar(64) NOT NULL default '',
+  `table_name` varchar(64) NOT NULL default '',
+  `column_name` varchar(64) NOT NULL default '',
+  `comment` varchar(255) COLLATE utf8_general_ci NOT NULL default '',
+  `mimetype` varchar(255) COLLATE utf8_general_ci NOT NULL default '',
+  `transformation` varchar(255) NOT NULL default '',
+  `transformation_options` varchar(255) NOT NULL default '',
+  `input_transformation` varchar(255) NOT NULL default '',
+  `input_transformation_options` varchar(255) NOT NULL default '',
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `db_name` (`db_name`,`table_name`,`column_name`)
+)
+  COMMENT='Column information for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__history`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__history` (
+  `id` bigint(20) unsigned NOT NULL auto_increment,
+  `username` varchar(64) NOT NULL default '',
+  `db` varchar(64) NOT NULL default '',
+  `table` varchar(64) NOT NULL default '',
+  `timevalue` timestamp NOT NULL default CURRENT_TIMESTAMP,
+  `sqlquery` text NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `username` (`username`,`db`,`table`,`timevalue`)
+)
+  COMMENT='SQL history for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__pdf_pages`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__pdf_pages` (
+  `db_name` varchar(64) NOT NULL default '',
+  `page_nr` int(10) unsigned NOT NULL auto_increment,
+  `page_descr` varchar(50) COLLATE utf8_general_ci NOT NULL default '',
+  PRIMARY KEY  (`page_nr`),
+  KEY `db_name` (`db_name`)
+)
+  COMMENT='PDF relation pages for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__recent`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__recent` (
+  `username` varchar(64) NOT NULL,
+  `tables` text NOT NULL,
+  PRIMARY KEY (`username`)
+)
+  COMMENT='Recently accessed tables'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__favorite`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__favorite` (
+  `username` varchar(64) NOT NULL,
+  `tables` text NOT NULL,
+  PRIMARY KEY (`username`)
+)
+  COMMENT='Favorite tables'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__table_uiprefs`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__table_uiprefs` (
+  `username` varchar(64) NOT NULL,
+  `db_name` varchar(64) NOT NULL,
+  `table_name` varchar(64) NOT NULL,
+  `prefs` text NOT NULL,
+  `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  PRIMARY KEY (`username`,`db_name`,`table_name`)
+)
+  COMMENT='Tables'' UI preferences'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__relation`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__relation` (
+  `master_db` varchar(64) NOT NULL default '',
+  `master_table` varchar(64) NOT NULL default '',
+  `master_field` varchar(64) NOT NULL default '',
+  `foreign_db` varchar(64) NOT NULL default '',
+  `foreign_table` varchar(64) NOT NULL default '',
+  `foreign_field` varchar(64) NOT NULL default '',
+  PRIMARY KEY  (`master_db`,`master_table`,`master_field`),
+  KEY `foreign_field` (`foreign_db`,`foreign_table`)
+)
+  COMMENT='Relation table'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__table_coords`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__table_coords` (
+  `db_name` varchar(64) NOT NULL default '',
+  `table_name` varchar(64) NOT NULL default '',
+  `pdf_page_number` int(11) NOT NULL default '0',
+  `x` float unsigned NOT NULL default '0',
+  `y` float unsigned NOT NULL default '0',
+  PRIMARY KEY  (`db_name`,`table_name`,`pdf_page_number`)
+)
+  COMMENT='Table coordinates for phpMyAdmin PDF output'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__table_info`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__table_info` (
+  `db_name` varchar(64) NOT NULL default '',
+  `table_name` varchar(64) NOT NULL default '',
+  `display_field` varchar(64) NOT NULL default '',
+  PRIMARY KEY  (`db_name`,`table_name`)
+)
+  COMMENT='Table information for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__tracking`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__tracking` (
+  `db_name` varchar(64) NOT NULL,
+  `table_name` varchar(64) NOT NULL,
+  `version` int(10) unsigned NOT NULL,
+  `date_created` datetime NOT NULL,
+  `date_updated` datetime NOT NULL,
+  `schema_snapshot` text NOT NULL,
+  `schema_sql` text,
+  `data_sql` longtext,
+  `tracking` set('UPDATE','REPLACE','INSERT','DELETE','TRUNCATE','CREATE DATABASE','ALTER DATABASE','DROP DATABASE','CREATE TABLE','ALTER TABLE','RENAME TABLE','DROP TABLE','CREATE INDEX','DROP INDEX','CREATE VIEW','ALTER VIEW','DROP VIEW') default NULL,
+  `tracking_active` int(1) unsigned NOT NULL default '1',
+  PRIMARY KEY  (`db_name`,`table_name`,`version`)
+)
+  COMMENT='Database changes tracking for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__userconfig`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__userconfig` (
+  `username` varchar(64) NOT NULL,
+  `timevalue` timestamp NOT NULL default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  `config_data` text NOT NULL,
+  PRIMARY KEY  (`username`)
+)
+  COMMENT='User preferences storage for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__users`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__users` (
+  `username` varchar(64) NOT NULL,
+  `usergroup` varchar(64) NOT NULL,
+  PRIMARY KEY (`username`,`usergroup`)
+)
+  COMMENT='Users and their assignments to user groups'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__usergroups`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__usergroups` (
+  `usergroup` varchar(64) NOT NULL,
+  `tab` varchar(64) NOT NULL,
+  `allowed` enum('Y','N') NOT NULL DEFAULT 'N',
+  PRIMARY KEY (`usergroup`,`tab`,`allowed`)
+)
+  COMMENT='User groups with configured menu items'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__navigationhiding`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__navigationhiding` (
+  `username` varchar(64) NOT NULL,
+  `item_name` varchar(64) NOT NULL,
+  `item_type` varchar(64) NOT NULL,
+  `db_name` varchar(64) NOT NULL,
+  `table_name` varchar(64) NOT NULL,
+  PRIMARY KEY (`username`,`item_name`,`item_type`,`db_name`,`table_name`)
+)
+  COMMENT='Hidden items of navigation tree'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__savedsearches`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__savedsearches` (
+  `id` int(5) unsigned NOT NULL auto_increment,
+  `username` varchar(64) NOT NULL default '',
+  `db_name` varchar(64) NOT NULL default '',
+  `search_name` varchar(64) NOT NULL default '',
+  `search_data` text NOT NULL,
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `u_savedsearches_username_dbname` (`username`,`db_name`,`search_name`)
+)
+  COMMENT='Saved searches'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__central_columns`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__central_columns` (
+  `db_name` varchar(64) NOT NULL,
+  `col_name` varchar(64) NOT NULL,
+  `col_type` varchar(64) NOT NULL,
+  `col_length` text,
+  `col_collation` varchar(64) NOT NULL,
+  `col_isNull` boolean NOT NULL,
+  `col_extra` varchar(255) default '',
+  `col_default` text,
+  PRIMARY KEY (`db_name`,`col_name`)
+)
+  COMMENT='Central list of columns'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__designer_settings`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__designer_settings` (
+  `username` varchar(64) NOT NULL,
+  `settings_data` text NOT NULL,
+  PRIMARY KEY (`username`)
+)
+  COMMENT='Settings related to Designer'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__export_templates`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__export_templates` (
+  `id` int(5) unsigned NOT NULL AUTO_INCREMENT,
+  `username` varchar(64) NOT NULL,
+  `export_type` varchar(10) NOT NULL,
+  `template_name` varchar(64) NOT NULL,
+  `template_data` text NOT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `u_user_type_template` (`username`,`export_type`,`template_name`)
+)
+  COMMENT='Saved export templates'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
\ No newline at end of file
diff --git a/install/debian/13/pma/pma.sh b/install/debian/13/pma/pma.sh
new file mode 100644
index 00000000..f04f3f8e
--- /dev/null
+++ b/install/debian/13/pma/pma.sh
@@ -0,0 +1,167 @@
+#!/bin/bash
+# 
+# phpmyadmin-fixer
+#
+# Fixes for phpmyadmin (configuration storage and some extended features)
+#
+# Original Version by Pavel Galkin (https://skurudo.ru)
+# https://github.com/skurudo/phpmyadmin-fixer
+#
+# Changed some lines to fit to Hestia Configuration.
+#
+
+# Defining password-gen function
+gen_pass() {
+    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+    LENGTH=10
+    while [ ${n:=1} -le $LENGTH ]; do
+        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
+        let n+=1
+    done
+    echo "$PASS"
+}
+
+PASS=$(gen_pass)
+
+#ubuntu phpmyadmin path
+pmapath1="/etc/phpmyadmin/config.inc.php"
+pmapath2="/usr/share/phpmyadmin/config.sample.inc.php"
+
+#delete old and paste new value 
+sed -i '/pmadb/d' $pmapath1
+sed -i '/controluser/d' $pmapath1
+sed -i '/bookmarktable/d' $pmapath1
+sed -i '/relation/d' $pmapath1
+sed -i '/userconfig/d' $pmapath1
+sed -i '/table_info/d' $pmapath1
+sed -i '/column_info/d' $pmapath1
+sed -i '/history/d' $pmapath1
+sed -i '/recent/d' $pmapath1
+sed -i '/table_uiprefs/d' $pmapath1
+sed -i '/tracking/d' $pmapath1
+sed -i '/table_coords/d' $pmapath1
+sed -i '/pdf_pages/d' $pmapath1
+sed -i '/designer_coords/d' $pmapath1
+sed -i '/controlpass/d' $pmapath1
+sed -i '/\$i = 1; /d' $pmapath1
+echo "\$i = 1;" >> $pmapath1
+sed -i '/savedsearches/d' $pmapath1
+sed -i '/navigationhiding/d' $pmapath1
+sed -i '/users/d' $pmapath1
+sed -i '/controlpass/d' $pmapath1
+sed -i '/favorite/d' $pmapath1
+sed -i '/usergroups/d' $pmapath1
+sed -i '/central_columns/d' $pmapath1
+sed -i '/designer_settings/d' $pmapath1
+sed -i '/export_templates/d' $pmapath1
+echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1
+
+sed -i '/pmadb/d' $pmapath2
+sed -i '/controluser/d' $pmapath2
+sed -i '/bookmarktable/d' $pmapath2
+sed -i '/relation/d' $pmapath2
+sed -i '/userconfig/d' $pmapath2
+sed -i '/table_info/d' $pmapath2
+sed -i '/column_info/d' $pmapath2
+sed -i '/history/d' $pmapath2
+sed -i '/recent/d' $pmapath2
+sed -i '/table_uiprefs/d' $pmapath2
+sed -i '/tracking/d' $pmapath2
+sed -i '/table_coords/d' $pmapath2
+sed -i '/pdf_pages/d' $pmapath2
+sed -i '/designer_coords/d' $pmapath2
+sed -i '/controlpass/d' $pmapath2
+sed -i '/savedsearches/d' $pmapath2
+sed -i '/navigationhiding/d' $pmapath2
+sed -i '/users/d' $pmapath2
+sed -i '/controlpass/d' $pmapath2
+sed -i '/favorite/d' $pmapath2
+sed -i '/usergroups/d' $pmapath2
+sed -i '/central_columns/d' $pmapath2
+sed -i '/designer_settings/d' $pmapath2
+sed -i '/export_templates/d' $pmapath2
+echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2
+
+#SOME WORK with DATABASE (table / user)
+PMADB=phpmyadmin
+PMAUSER=pma
+
+#DROP USER and TABLE
+mysql -uroot <<MYSQL_PMA1
+DROP USER IF EXISTS '$PMAUSER'@'localhost';
+DROP DATABASE IF EXISTS $PMADB;
+FLUSH PRIVILEGES;
+MYSQL_PMA1
+
+#CREATE PMA USER
+mysql -uroot <<MYSQL_PMA2
+CREATE USER '$PMAUSER'@'localhost' IDENTIFIED BY '$PASS';
+CREATE DATABASE $PMADB;
+MYSQL_PMA2
+
+#GRANT PMA USE SOME RIGHTS
+if [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then
+# MariaDB
+mysql -uroot <<MYSQL_PMA3
+USE $PMADB;
+GRANT USAGE ON $PMADB.* TO '$PMAUSER'@'localhost' IDENTIFIED BY '$PASS';
+GRANT ALL PRIVILEGES ON $PMADB.* TO '$PMAUSER'@'localhost';
+FLUSH PRIVILEGES;
+MYSQL_PMA3
+else
+# MySQL8
+mysql -uroot <<MYSQL_PMA3
+USE $PMADB;
+GRANT ALL ON $PMADB.* TO '$PMAUSER'@'localhost';
+FLUSH PRIVILEGES;
+MYSQL_PMA3
+fi
+
+#MYSQL DB and TABLES ADDITION
+mysql -uroot < /root/phpmyadmin/create_tables.sql
diff --git a/install/debian/13/postgresql/pg_hba.conf b/install/debian/13/postgresql/pg_hba.conf
new file mode 100644
index 00000000..1ba43941
--- /dev/null
+++ b/install/debian/13/postgresql/pg_hba.conf
@@ -0,0 +1,11 @@
+# "local" is for Unix domain socket connections only
+local   all         all                               ident
+
+# IPv4 local connections:
+host    all         all         127.0.0.1/32          md5
+
+# IPv6 local connections:
+host    all         all         ::1/128               md5
+
+# Others
+host    all         all         0.0.0.0/0             md5
diff --git a/install/debian/13/proftpd/proftpd.conf b/install/debian/13/proftpd/proftpd.conf
new file mode 100644
index 00000000..4e7f798f
--- /dev/null
+++ b/install/debian/13/proftpd/proftpd.conf
@@ -0,0 +1,38 @@
+ServerName                      "FTP"
+ServerIdent                     on "FTP Server ready."
+ServerAdmin                     root@localhost
+DefaultServer                   on
+DefaultRoot                  ~ !adm
+
+Include /etc/proftpd/tls.conf
+
+<IfModule mod_vroot.c>
+    VRootEngine                 on
+    VRootAlias                  /etc/security/pam_env.conf etc/security/pam_env.conf
+</IfModule>
+
+AuthPAMConfig                   proftpd
+AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
+UseReverseDNS                   off
+User                            proftpd
+Group                           nogroup
+MaxInstances                    100
+UseSendfile                     off
+LogFormat                       default "%h %l %u %t \"%r\" %s %b"
+LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
+ListOptions                     -a
+RequireValidShell               off
+PassivePorts                    12000 12100
+TransferLog                     /var/log/proftpd/xferlog
+SystemLog                       /var/log/proftpd/proftpd.log
+
+<Global>
+  Umask                         002
+  <IfModule mod_ident.c>
+    IdentLookups                  off
+  </IfModule>
+  AllowOverwrite                yes
+  <Limit ALL SITE_CHMOD>
+    AllowAll
+  </Limit>
+</Global>
diff --git a/install/debian/13/proftpd/tls.conf b/install/debian/13/proftpd/tls.conf
new file mode 100644
index 00000000..9da0017b
--- /dev/null
+++ b/install/debian/13/proftpd/tls.conf
@@ -0,0 +1,63 @@
+#
+# Proftpd sample configuration for FTPS connections.
+#
+# Note that FTPS impose some limitations in NAT traversing.
+# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
+# for more information.
+#
+<IfModule mod_dso.c>
+    # If mod_tls was built as a shared/DSO module, load it
+    LoadModule mod_tls.c
+</IfModule>
+<IfModule mod_tls.c>
+TLSEngine                               on
+TLSLog                                  /var/log/proftpd/tls.log
+# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2
+TLSProtocol                             TLSv1.1 TLSv1.2
+#
+# Server SSL certificate. You can generate a self-signed certificate using
+# a command like:
+#
+# openssl req -x509 -newkey rsa:1024 \
+#          -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
+#          -nodes -days 365
+#
+# The proftpd.key file must be readable by root only. The other file can be
+# readable by anyone.
+#
+# chmod 0600 /etc/ssl/private/proftpd.key
+# chmod 0640 /etc/ssl/private/proftpd.key
+#
+TLSRSACertificateFile                   /usr/local/vesta/ssl/certificate.crt
+TLSRSACertificateKeyFile                /usr/local/vesta/ssl/certificate.key
+#
+# CA the server trusts...
+#TLSCACertificateFile                    /etc/ssl/certs/CA.pem
+# ...or avoid CA cert and be verbose
+#TLSOptions                      NoCertRequest EnableDiags
+# ... or the same with relaxed session use for some clients (e.g. FireFtp)
+#TLSOptions                      NoCertRequest EnableDiags NoSessionReuseRequired
+#
+#
+# Per default drop connection if client tries to start a renegotiate
+# This is a fix for CVE-2009-3555 but could break some clients.
+#
+#TLSOptions                                                     AllowClientRenegotiations
+#
+TLSOptions                       NoSessionReuseRequired AllowClientRenegotiations
+# Authenticate clients that want to use FTP over TLS?
+#
+#TLSVerifyClient                         off
+#
+# Are clients required to use FTP over TLS when talking to this server?
+#
+TLSRequired                             off
+#
+# Allow SSL/TLS renegotiations when the client requests them, but
+# do not force the renegotations.  Some clients do not support
+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+# clients will close the data connection, or there will be a timeout
+# on an idle data connection.
+#
+TLSRenegotiate                          required off
+</IfModule>
diff --git a/install/debian/13/roundcube/apache.conf b/install/debian/13/roundcube/apache.conf
new file mode 100644
index 00000000..a0c87bcc
--- /dev/null
+++ b/install/debian/13/roundcube/apache.conf
@@ -0,0 +1,40 @@
+Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
+Alias /roundcube /var/lib/roundcube
+Alias /webmail /var/lib/roundcube
+
+# Access to tinymce files
+<Directory "/usr/share/tinymce/www/">
+      Options Indexes MultiViews FollowSymLinks
+      AllowOverride None
+      Order allow,deny
+      allow from all
+</Directory>
+
+<Directory /var/lib/roundcube/>
+  Options +FollowSymLinks
+  # This is needed to parse /var/lib/roundcube/.htaccess. See its
+  # content before setting AllowOverride to None.
+  AllowOverride All
+  order allow,deny
+  allow from all
+</Directory>
+
+# Protecting basic directories:
+<Directory /var/lib/roundcube/config>
+        Options -FollowSymLinks
+        AllowOverride None
+</Directory>
+
+<Directory /var/lib/roundcube/temp>
+        Options -FollowSymLinks
+        AllowOverride None
+	Order allow,deny
+	Deny from all
+</Directory>
+
+<Directory /var/lib/roundcube/logs>
+        Options -FollowSymLinks
+        AllowOverride None
+	Order allow,deny
+	Deny from all
+</Directory>
diff --git a/install/debian/13/roundcube/config.inc.php b/install/debian/13/roundcube/config.inc.php
new file mode 100644
index 00000000..0c82b1bc
--- /dev/null
+++ b/install/debian/13/roundcube/config.inc.php
@@ -0,0 +1,33 @@
+<?php
+
+// Password Plugin options
+// -----------------------
+// A driver to use for password change. Default: "sql".
+// See README file for list of supported driver names.
+$rcmail_config['password_driver'] = 'vesta';
+
+// Require the new password to be a certain length.
+// set to blank to allow passwords of any length
+$rcmail_config['password_minimum_length'] = 6;
+
+// Require the new password to contain a letter and punctuation character
+// Change to false to remove this check.
+$rcmail_config['password_require_nonalpha'] = false;
+
+// Enables logging of password changes into logs/password
+$rcmail_config['password_log'] = false;
+
+// Comma-separated list of login exceptions for which password change
+// will be not available (no Password tab in Settings)
+$rcmail_config['password_login_exceptions'] = null;
+
+
+// By default domains in variables are using unicode.
+// Enable this option to use punycoded names
+$rcmail_config['password_idn_ascii'] = false;
+
+// Vesta Driver options
+// -----------------------
+// Control Panel host
+$rcmail_config['password_vesta_host'] = 'localhost';
+$rcmail_config['password_vesta_port'] = '8083';
diff --git a/install/debian/13/roundcube/db.inc.php b/install/debian/13/roundcube/db.inc.php
new file mode 100644
index 00000000..5268a309
--- /dev/null
+++ b/install/debian/13/roundcube/db.inc.php
@@ -0,0 +1,66 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | Configuration file for database access                                |
+ |                                                                       |
+ | This file is part of the RoundCube Webmail client                     |
+ | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
+ | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+
+*/
+
+$rcmail_config = array();
+
+// PEAR database DSN for read/write operations
+// format is db_provider://user:password@host/database 
+
+$rcmail_config['db_dsnw'] = 'mysql://roundcube:%password%@localhost/roundcube';
+// postgres example: 'pgsql://roundcube:pass@localhost/roundcubemail';
+
+// PEAR database DSN for read only operations (if empty write database will be used)
+// useful for database replication
+$rcmail_config['db_dsnr'] = '';
+
+// database backend to use (only db or mdb2 are supported)
+//$rcmail_config['db_backend'] = 'mdb2';
+
+// maximum length of a query in bytes
+$rcmail_config['db_max_length'] = 512000;  // 500K
+
+// use persistent db-connections
+// beware this will not "always" work as expected
+// see: http://www.php.net/manual/en/features.persistent-connections.php
+$rcmail_config['db_persistent'] = FALSE;
+
+
+// you can define specific table names used to store webmail data
+$rcmail_config['db_table_users'] = 'users';
+
+$rcmail_config['db_table_identities'] = 'identities';
+
+$rcmail_config['db_table_contacts'] = 'contacts';
+
+$rcmail_config['db_table_session'] = 'session';
+
+$rcmail_config['db_table_cache'] = 'cache';
+
+$rcmail_config['db_table_messages'] = 'messages';
+
+
+// you can define specific sequence names used in PostgreSQL
+$rcmail_config['db_sequence_users'] = 'user_ids';
+
+$rcmail_config['db_sequence_identities'] = 'identity_ids';
+
+$rcmail_config['db_sequence_contacts'] = 'contact_ids';
+
+$rcmail_config['db_sequence_cache'] = 'cache_ids';
+
+$rcmail_config['db_sequence_messages'] = 'message_ids';
+
+
+// end db config file
+?>
diff --git a/install/debian/13/roundcube/main.inc.php b/install/debian/13/roundcube/main.inc.php
new file mode 100644
index 00000000..91f32000
--- /dev/null
+++ b/install/debian/13/roundcube/main.inc.php
@@ -0,0 +1,850 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | Main configuration file                                               |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+
+*/
+
+$rcmail_config = array();
+
+// ----------------------------------
+// LOGGING/DEBUGGING
+// ----------------------------------
+
+// system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace
+$rcmail_config['debug_level'] = 1;
+
+// log driver:  'syslog' or 'file'.
+$rcmail_config['log_driver'] = 'file';
+
+// date format for log entries
+// (read http://php.net/manual/en/function.date.php for all format characters)  
+$rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';
+
+// Syslog ident string to use, if using the 'syslog' log driver.
+$rcmail_config['syslog_id'] = 'roundcube';
+
+// Syslog facility to use, if using the 'syslog' log driver.
+// For possible values see installer or http://php.net/manual/en/function.openlog.php
+$rcmail_config['syslog_facility'] = LOG_USER;
+
+// Log sent messages to <log_dir>/sendmail or to syslog
+$rcmail_config['smtp_log'] = true;
+
+// Log successful logins to <log_dir>/userlogins or to syslog
+$rcmail_config['log_logins'] = false;
+
+// Log session authentication errors to <log_dir>/session or to syslog
+$rcmail_config['log_session'] = false;
+
+// Log SQL queries to <log_dir>/sql or to syslog
+$rcmail_config['sql_debug'] = false;
+
+// Log IMAP conversation to <log_dir>/imap or to syslog
+$rcmail_config['imap_debug'] = false;
+
+// Log LDAP conversation to <log_dir>/ldap or to syslog
+$rcmail_config['ldap_debug'] = false;
+
+// Log SMTP conversation to <log_dir>/smtp or to syslog
+$rcmail_config['smtp_debug'] = false;
+
+// ----------------------------------
+// IMAP
+// ----------------------------------
+
+// the mail host chosen to perform the log-in
+// leave blank to show a textbox at login, give a list of hosts
+// to display a pulldown menu or set one host as string.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// Supported replacement variables:
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %s - domain name after the '@' from e-mail address provided at login screen
+// For example %n = mail.domain.tld, %d = domain.tld
+$rcmail_config['default_host'] = 'localhost';
+
+// TCP port used for IMAP connections
+$rcmail_config['default_port'] = 143;
+
+// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
+// best server supported one)
+$rcmail_config['imap_auth_type'] = null;
+
+// If you know your imap's folder delimiter, you can specify it here.
+// Otherwise it will be determined automatically
+$rcmail_config['imap_delimiter'] = null;
+
+// If IMAP server doesn't support NAMESPACE extension, but you're
+// using shared folders or personal root folder is non-empty, you'll need to
+// set these options. All can be strings or arrays of strings.
+// Folders need to be ended with directory separator, e.g. "INBOX."
+// (special directory "~" is an exception to this rule)
+// These can be used also to overwrite server's namespaces
+$rcmail_config['imap_ns_personal'] = null;
+$rcmail_config['imap_ns_other']    = null;
+$rcmail_config['imap_ns_shared']   = null;
+
+// By default IMAP capabilities are readed after connection to IMAP server
+// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list
+// after login. Set to True if you've got this case.
+$rcmail_config['imap_force_caps'] = false;
+
+// By default list of subscribed folders is determined using LIST-EXTENDED
+// extension if available. Some servers (dovecot 1.x) returns wrong results
+// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225
+// Enable this option to force LSUB command usage instead.
+$rcmail_config['imap_force_lsub'] = false;
+
+// Some server configurations (e.g. Courier) doesn't list folders in all namespaces
+// Enable this option to force listing of folders in all namespaces
+$rcmail_config['imap_force_ns'] = false;
+
+// IMAP connection timeout, in seconds. Default: 0 (no limit)
+$rcmail_config['imap_timeout'] = 0;
+
+// Optional IMAP authentication identifier to be used as authorization proxy
+$rcmail_config['imap_auth_cid'] = null;
+
+// Optional IMAP authentication password to be used for imap_auth_cid
+$rcmail_config['imap_auth_pw'] = null;
+
+// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'.
+$rcmail_config['imap_cache'] = null;
+
+// Enables messages cache. Only 'db' cache is supported.
+$rcmail_config['messages_cache'] = false;
+
+
+// ----------------------------------
+// SMTP
+// ----------------------------------
+
+// SMTP server host (for sending mails).
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// If left blank, the PHP mail() function is used
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %d = domain.tld
+$rcmail_config['smtp_server'] = '';
+
+// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
+// deprecated SSL over SMTP (aka SMTPS))
+$rcmail_config['smtp_port'] = 25;
+
+// SMTP username (if required) if you use %u as the username Roundcube
+// will use the current username for login
+$rcmail_config['smtp_user'] = '';
+
+// SMTP password (if required) if you use %p as the password Roundcube
+// will use the current user's password for login
+$rcmail_config['smtp_pass'] = '';
+
+// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
+// best server supported one)
+$rcmail_config['smtp_auth_type'] = '';
+
+// Optional SMTP authentication identifier to be used as authorization proxy
+$rcmail_config['smtp_auth_cid'] = null;
+
+// Optional SMTP authentication password to be used for smtp_auth_cid
+$rcmail_config['smtp_auth_pw'] = null;
+
+// SMTP HELO host 
+// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages 
+// Leave this blank and you will get the server variable 'server_name' or 
+// localhost if that isn't defined. 
+$rcmail_config['smtp_helo_host'] = '';
+
+// SMTP connection timeout, in seconds. Default: 0 (no limit)
+$rcmail_config['smtp_timeout'] = 0;
+
+// ----------------------------------
+// SYSTEM
+// ----------------------------------
+include_once("/etc/roundcube/debian-db-roundcube.php");
+
+
+// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
+// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
+$rcmail_config['enable_installer'] = false;
+
+// provide an URL where a user can get support for this Roundcube installation
+// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
+$rcmail_config['support_url'] = '';
+
+// replace Roundcube logo with this image
+// specify an URL relative to the document root of this Roundcube installation
+$rcmail_config['skin_logo'] = null;
+
+// automatically create a new Roundcube user when log-in the first time.
+// a new user will be created once the IMAP login succeeds.
+// set to false if only registered users can use this service
+$rcmail_config['auto_create_user'] = true;
+
+// use this folder to store log files (must be writeable for apache user)
+// This is used by the 'file' log driver.
+$rcmail_config['log_dir'] = '/var/log/roundcubemail/';
+
+// use this folder to store temp files (must be writeable for apache user)
+$rcmail_config['temp_dir'] = '/tmp';
+
+// lifetime of message cache
+// possible units: s, m, h, d, w
+$rcmail_config['message_cache_lifetime'] = '10d';
+
+// enforce connections over https
+// with this option enabled, all non-secure connections will be redirected.
+// set the port for the ssl connection as value of this option if it differs from the default 443
+$rcmail_config['force_https'] = true;
+
+// tell PHP that it should work as under secure connection
+// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
+// e.g. when you're running Roundcube behind a https proxy
+// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
+$rcmail_config['use_https'] = false;
+
+// Allow browser-autocompletion on login form.
+// 0 - disabled, 1 - username and host only, 2 - username, host, password
+$rcmail_config['login_autocomplete'] = 0;
+
+// Forces conversion of logins to lower case.
+// 0 - disabled, 1 - only domain part, 2 - domain and local part.
+// If users authentication is not case-sensitive this must be enabled.
+// After enabling it all user records need to be updated, e.g. with query:
+// UPDATE users SET username = LOWER(username);
+$rcmail_config['login_lc'] = 0;
+
+// Includes should be interpreted as PHP files
+$rcmail_config['skin_include_php'] = false;
+
+// display software version on login screen
+$rcmail_config['display_version'] = false;
+
+// Session lifetime in minutes
+// must be greater than 'keep_alive'/60
+$rcmail_config['session_lifetime'] = 10;
+
+// session domain: .example.org
+$rcmail_config['session_domain'] = '';
+
+// session name. Default: 'roundcube_sessid'
+$rcmail_config['session_name'] = null;
+
+// Backend to use for session storage. Can either be 'db' (default) or 'memcache'
+// If set to memcache, a list of servers need to be specified in 'memcache_hosts'
+// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed
+$rcmail_config['session_storage'] = 'db';
+
+// Use these hosts for accessing memcached
+// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file
+$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' );
+
+// check client IP in session athorization
+$rcmail_config['ip_check'] = false;
+
+// check referer of incoming requests
+$rcmail_config['referer_check'] = false;
+
+// X-Frame-Options HTTP header value sent to prevent from Clickjacking.
+// Possible values: sameorigin|deny. Set to false in order to disable sending them
+$rcmail_config['x_frame_options'] = 'sameorigin';
+
+// this key is used to encrypt the users imap password which is stored
+// in the session record (and the client cookie if remember password is enabled).
+// please provide a string of exactly 24 chars.
+$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r';
+
+// Automatically add this domain to user names for login
+// Only for IMAP servers that require full e-mail addresses for login
+// Specify an array with 'host' => 'domain' values to support multiple hosts
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %d = domain.tld
+$rcmail_config['username_domain'] = '';
+
+// This domain will be used to form e-mail addresses of new users
+// Specify an array with 'host' => 'domain' values to support multiple hosts
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %d = domain.tld
+$rcmail_config['mail_domain'] = '';
+
+// Password charset.
+// Use it if your authentication backend doesn't support UTF-8.
+// Defaults to ISO-8859-1 for backward compatibility
+$rcmail_config['password_charset'] = 'ISO-8859-1';
+
+// How many seconds must pass between emails sent by a user
+$rcmail_config['sendmail_delay'] = 0;
+
+// Maximum number of recipients per message. Default: 0 (no limit)
+$rcmail_config['max_recipients'] = 0; 
+
+// Maximum allowednumber of members of an address group. Default: 0 (no limit)
+// If 'max_recipients' is set this value should be less or equal
+$rcmail_config['max_group_members'] = 0; 
+
+// add this user-agent to message headers when sending
+$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION;
+
+// use this name to compose page titles
+$rcmail_config['product_name'] = 'Roundcube Webmail';
+
+// try to load host-specific configuration
+// see http://trac.roundcube.net/wiki/Howto_Config for more details
+$rcmail_config['include_host_config'] = false;
+
+// path to a text file which will be added to each sent message
+// paths are relative to the Roundcube root folder
+$rcmail_config['generic_message_footer'] = '';
+
+// path to a text file which will be added to each sent HTML message
+// paths are relative to the Roundcube root folder
+$rcmail_config['generic_message_footer_html'] = '';
+
+// add a received header to outgoing mails containing the creators IP and hostname
+$rcmail_config['http_received_header'] = false;
+
+// Whether or not to encrypt the IP address and the host name
+// these could, in some circles, be considered as sensitive information;
+// however, for the administrator, these could be invaluable help
+// when tracking down issues.
+$rcmail_config['http_received_header_encrypt'] = false;
+
+// This string is used as a delimiter for message headers when sending
+// a message via mail() function. Leave empty for auto-detection
+$rcmail_config['mail_header_delimiter'] = NULL;
+
+// number of chars allowed for line when wrapping text.
+// text wrapping is done when composing/sending messages
+$rcmail_config['line_length'] = 72;
+
+// send plaintext messages as format=flowed
+$rcmail_config['send_format_flowed'] = true;
+
+// don't allow these settings to be overriden by the user
+$rcmail_config['dont_override'] = array();
+
+// Set identities access level:
+// 0 - many identities with possibility to edit all params
+// 1 - many identities with possibility to edit all params but not email address
+// 2 - one identity with possibility to edit all params
+// 3 - one identity with possibility to edit all params but not email address
+$rcmail_config['identities_level'] = 0;
+
+// Mimetypes supported by the browser.
+// attachments of these types will open in a preview window
+// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf'
+$rcmail_config['client_mimetypes'] = null;  # null == default
+
+// mime magic database
+$rcmail_config['mime_magic'] = null;
+
+// path to imagemagick identify binary
+$rcmail_config['im_identify_path'] = null;
+
+// path to imagemagick convert binary
+$rcmail_config['im_convert_path'] = null;
+
+// maximum size of uploaded contact photos in pixel
+$rcmail_config['contact_photo_size'] = 160;
+
+// Enable DNS checking for e-mail address validation
+$rcmail_config['email_dns_check'] = false;
+
+// ----------------------------------
+// PLUGINS
+// ----------------------------------
+
+// List of active plugins (in plugins/ directory)
+$rcmail_config['plugins'] = array('password');
+
+// ----------------------------------
+// USER INTERFACE
+// ----------------------------------
+
+// default messages sort column. Use empty value for default server's sorting, 
+// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc'
+$rcmail_config['message_sort_col'] = '';
+
+// default messages sort order
+$rcmail_config['message_sort_order'] = 'DESC';
+
+// These cols are shown in the message list. Available cols are:
+// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority'
+$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment');
+
+// the default locale setting (leave empty for auto-detection)
+// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
+$rcmail_config['language'] = null;
+
+// use this format for date display (date or strftime format)
+$rcmail_config['date_format'] = 'Y-m-d';
+
+// give this choice of date formats to the user to select from
+$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y');
+
+// use this format for time display (date or strftime format)
+$rcmail_config['time_format'] = 'H:i';
+
+// give this choice of time formats to the user to select from
+$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A');
+
+// use this format for short date display (derived from date_format and time_format)
+$rcmail_config['date_short'] = 'D H:i';
+
+// use this format for detailed date/time formatting (derived from date_format and time_format)
+$rcmail_config['date_long'] = 'Y-m-d H:i';
+
+// store draft message is this mailbox
+// leave blank if draft messages should not be stored
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['drafts_mbox'] = 'Drafts';
+
+// store spam messages in this mailbox
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['junk_mbox'] = 'Spam';
+
+// store sent message is this mailbox
+// leave blank if sent messages should not be stored
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['sent_mbox'] = 'Sent';
+
+// move messages to this folder when deleting them
+// leave blank if they should be deleted directly
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['trash_mbox'] = 'Trash';
+
+// display these folders separately in the mailbox list.
+// these folders will also be displayed with localized names
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash');
+$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash');
+
+// automatically create the above listed default folders on first login
+$rcmail_config['create_default_folders'] = true;
+
+// protect the default folders from renames, deletes, and subscription changes
+$rcmail_config['protect_default_folders'] = true;
+
+// if in your system 0 quota means no limit set this option to true 
+$rcmail_config['quota_zero_as_unlimited'] = false;
+
+// Make use of the built-in spell checker. It is based on GoogieSpell.
+// Since Google only accepts connections over https your PHP installatation
+// requires to be compiled with Open SSL support
+$rcmail_config['enable_spellcheck'] = true;
+
+// Enables spellchecker exceptions dictionary.
+// Setting it to 'shared' will make the dictionary shared by all users.
+$rcmail_config['spellcheck_dictionary'] = false;
+
+// Set the spell checking engine. 'googie' is the default. 'pspell' is also available,
+// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here.
+$rcmail_config['spellcheck_engine'] = 'googie';
+
+// For a locally installed Nox Spell Server, please specify the URI to call it.
+// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72
+// Leave empty to use the Google spell checking service, what means
+// that the message content will be sent to Google in order to check spelling
+$rcmail_config['spellcheck_uri'] = '';
+
+// These languages can be selected for spell checking.
+// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch');
+// Leave empty for default set of available language.
+$rcmail_config['spellcheck_languages'] = NULL;
+
+// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE)
+$rcmail_config['spellcheck_ignore_caps'] = false;
+
+// Makes that words with numbers will be ignored (e.g. g00gle)
+$rcmail_config['spellcheck_ignore_nums'] = false;
+
+// Makes that words with symbols will be ignored (e.g. g@@gle)
+$rcmail_config['spellcheck_ignore_syms'] = false;
+
+// Use this char/string to separate recipients when composing a new message
+$rcmail_config['recipients_separator'] = ',';
+
+// don't let users set pagesize to more than this value if set
+$rcmail_config['max_pagesize'] = 200;
+
+// Minimal value of user's 'keep_alive' setting (in seconds)
+// Must be less than 'session_lifetime'
+$rcmail_config['min_keep_alive'] = 60;
+
+// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option.
+// By default refresh time is set to 1 second. You can set this value to true
+// or any integer value indicating number of seconds.
+$rcmail_config['upload_progress'] = false;
+
+// Specifies for how many seconds the Undo button will be available
+// after object delete action. Currently used with supporting address book sources.
+// Setting it to 0, disables the feature.
+$rcmail_config['undo_timeout'] = 0;
+
+// ----------------------------------
+// ADDRESSBOOK SETTINGS
+// ----------------------------------
+
+// This indicates which type of address book to use. Possible choises:
+// 'sql' (default) and 'ldap'.
+// If set to 'ldap' then it will look at using the first writable LDAP
+// address book as the primary address book and it will not display the
+// SQL address book in the 'Address Book' view.
+$rcmail_config['address_book_type'] = 'sql';
+
+// In order to enable public ldap search, configure an array like the Verisign
+// example further below. if you would like to test, simply uncomment the example.
+// Array key must contain only safe characters, ie. a-zA-Z0-9_
+$rcmail_config['ldap_public'] = array();
+
+// If you are going to use LDAP for individual address books, you will need to 
+// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it.
+//
+// The recommended directory structure for LDAP is to store all the address book entries
+// under the users main entry, e.g.:
+//
+//  o=root
+//   ou=people
+//    uid=user@domain
+//  mail=contact@contactdomain
+//
+// So the base_dn would be uid=%fu,ou=people,o=root
+// The bind_dn would be the same as based_dn or some super user login.
+/* 
+ * example config for Verisign directory
+ *
+$rcmail_config['ldap_public']['Verisign'] = array(
+  'name'          => 'Verisign.com',
+  // Replacement variables supported in host names:
+  // %h - user's IMAP hostname
+  // %n - http hostname ($_SERVER['SERVER_NAME'])
+  // %d - domain (http hostname without the first part)
+  // %z - IMAP domain (IMAP hostname without the first part)
+  // For example %n = mail.domain.tld, %d = domain.tld
+  'hosts'         => array('directory.verisign.com'),
+  'port'          => 389,
+  'use_tls'	      => false,
+  'ldap_version'  => 3,       // using LDAPv3
+  'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
+  // %fu - The full username provided, assumes the username is an email
+  //       address, uses the username_domain value if not an email address.
+  // %u  - The username prior to the '@'.
+  // %d  - The domain name after the '@'.
+  // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
+  // %dn - DN found by ldap search when search_filter/search_base_dn are used
+  'base_dn'       => '',
+  'bind_dn'       => '',
+  'bind_pass'     => '',
+  // It's possible to bind for an individual address book
+  // The login name is used to search for the DN to bind with
+  'search_base_dn' => '',
+  'search_filter'  => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'
+  // DN and password to bind as before searching for bind DN, if anonymous search is not allowed
+  'search_bind_dn' => '',
+  'search_bind_pw' => '',
+  // Default for %dn variable if search doesn't return DN value
+  'search_dn_default' => '',
+  // Optional authentication identifier to be used as SASL authorization proxy
+  // bind_dn need to be empty
+  'auth_cid'       => '',
+  // SASL authentication method (for proxy auth), e.g. DIGEST-MD5
+  'auth_method'    => '',
+  // Indicates if the addressbook shall be hidden from the list.
+  // With this option enabled you can still search/view contacts.
+  'hidden'        => false,
+  // Indicates if the addressbook shall not list contacts but only allows searching.
+  'searchonly'    => false,
+  // Indicates if we can write to the LDAP directory or not.
+  // If writable is true then these fields need to be populated:
+  // LDAP_Object_Classes, required_fields, LDAP_rdn
+  'writable'       => false,
+  // To create a new contact these are the object classes to specify
+  // (or any other classes you wish to use).
+  'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
+  // The RDN field that is used for new entries, this field needs
+  // to be one of the search_fields, the base of base_dn is appended
+  // to the RDN to insert into the LDAP directory.
+  'LDAP_rdn'       => 'cn',
+  // The required fields needed to build a new contact as required by
+  // the object classes (can include additional fields not required by the object classes).
+  'required_fields' => array('cn', 'sn', 'mail'),
+  'search_fields'   => array('mail', 'cn'),  // fields to search in
+  // mapping of contact fields to directory attributes
+  //   for every attribute one can specify the number of values (limit) allowed.
+  //   default is 1, a wildcard * means unlimited
+  'fieldmap' => array(
+    // Roundcube  => LDAP:limit
+    'name'        => 'cn',
+    'surname'     => 'sn',
+    'firstname'   => 'givenName',
+    'title'       => 'title',
+    'email'       => 'mail:*',
+    'phone:home'  => 'homePhone',
+    'phone:work'  => 'telephoneNumber',
+    'phone:mobile' => 'mobile',
+    'phone:pager' => 'pager',
+    'street'      => 'street',
+    'zipcode'     => 'postalCode',
+    'region'      => 'st',
+    'locality'    => 'l',
+// if you uncomment country, you need to modify 'sub_fields' above
+//    'country'     => 'c',
+    'department'  => 'departmentNumber',
+    'notes'       => 'description',
+// these currently don't work:
+//    'phone:workfax' => 'facsimileTelephoneNumber',
+//    'photo'        => 'jpegPhoto',
+//    'organization' => 'o',
+//    'manager'      => 'manager',
+//    'assistant'    => 'secretary',
+  ),
+  // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country'
+  'sub_fields' => array(),
+  'sort'          => 'cn',    // The field to sort the listing by.
+  'scope'         => 'sub',   // search mode: sub|base|list
+  'filter'        => '(objectClass=inetOrgPerson)',      // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
+  'fuzzy_search'  => true,    // server allows wildcard search
+  'vlv'           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
+  'numsub_filter' => '(objectClass=organizationalUnit)',   // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting
+  'sizelimit'     => '0',     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
+  'timelimit'     => '0',     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
+  'referrals'     => true|false,  // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
+
+  // definition for contact groups (uncomment if no groups are supported)
+  // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above)
+  // if the groups base_dn is empty, the contact base_dn is used for the groups as well
+  // -> in this case, assure that groups and contacts are separated due to the concernig filters! 
+  'groups'        => array(
+    'base_dn'     => '',
+    'scope'       => 'sub',   // search mode: sub|base|list
+    'filter'      => '(objectClass=groupOfNames)',
+    'object_classes' => array("top", "groupOfNames"),
+    'member_attr'  => 'member',   // name of the member attribute, e.g. uniqueMember
+    'name_attr'    => 'cn',       // attribute to be used as group name
+  ),
+);
+*/
+
+// An ordered array of the ids of the addressbooks that should be searched
+// when populating address autocomplete fields server-side. ex: array('sql','Verisign');
+$rcmail_config['autocomplete_addressbooks'] = array('sql');
+
+// The minimum number of characters required to be typed in an autocomplete field
+// before address books will be searched. Most useful for LDAP directories that
+// may need to do lengthy results building given overly-broad searches
+$rcmail_config['autocomplete_min_length'] = 1;
+
+// Number of parallel autocomplete requests.
+// If there's more than one address book, n parallel (async) requests will be created,
+// where each request will search in one address book. By default (0), all address
+// books are searched in one request.
+$rcmail_config['autocomplete_threads'] = 0;
+
+// Max. numer of entries in autocomplete popup. Default: 15.
+$rcmail_config['autocomplete_max'] = 15;
+
+// show address fields in this order
+// available placeholders: {street}, {locality}, {zipcode}, {country}, {region}
+$rcmail_config['address_template'] = '{street}<br/>{locality} {zipcode}<br/>{country} {region}';
+
+// Matching mode for addressbook search (including autocompletion)
+// 0 - partial (*abc*), default
+// 1 - strict (abc)
+// 2 - prefix (abc*)
+// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode
+$rcmail_config['addressbook_search_mode'] = 0;
+
+// ----------------------------------
+// USER PREFERENCES
+// ----------------------------------
+
+// Use this charset as fallback for message decoding
+//$rcmail_config['default_charset'] = 'ISO-8859-1';
+$rcmail_config['default_charset'] = 'UTF-8';
+
+// skin name: folder from skins/
+$rcmail_config['skin'] = 'elastic';
+
+// show up to X items in messages list view
+$rcmail_config['mail_pagesize'] = 50;
+
+// show up to X items in contacts list view
+$rcmail_config['addressbook_pagesize'] = 50;
+
+// sort contacts by this col (preferably either one of name, firstname, surname)
+$rcmail_config['addressbook_sort_col'] = 'surname';
+
+// the way how contact names are displayed in the list
+// 0: display name
+// 1: (prefix) firstname middlename surname (suffix)
+// 2: (prefix) surname firstname middlename (suffix)
+// 3: (prefix) surname, firstname middlename (suffix)
+$rcmail_config['addressbook_name_listing'] = 0;
+
+// use this timezone to display date/time
+// valid timezone identifers are listed here: php.net/manual/en/timezones.php
+// 'auto' will use the browser's timezone settings
+$rcmail_config['timezone'] = 'auto';
+
+// prefer displaying HTML messages
+$rcmail_config['prefer_html'] = true;
+
+// display remote inline images
+// 0 - Never, always ask
+// 1 - Ask if sender is not in address book
+// 2 - Always show inline images
+$rcmail_config['show_images'] = 0;
+
+// compose html formatted messages by default
+// 0 - never, 1 - always, 2 - on reply to HTML message only 
+$rcmail_config['htmleditor'] = 0;
+
+// show pretty dates as standard
+$rcmail_config['prettydate'] = true;
+
+// save compose message every 300 seconds (5min)
+$rcmail_config['draft_autosave'] = 300;
+
+// default setting if preview pane is enabled
+$rcmail_config['preview_pane'] = false;
+
+// Mark as read when viewed in preview pane (delay in seconds)
+// Set to -1 if messages in preview pane should not be marked as read
+$rcmail_config['preview_pane_mark_read'] = 0;
+
+// Clear Trash on logout
+$rcmail_config['logout_purge'] = false;
+
+// Compact INBOX on logout
+$rcmail_config['logout_expunge'] = false;
+
+// Display attached images below the message body 
+$rcmail_config['inline_images'] = true;
+
+// Encoding of long/non-ascii attachment names:
+// 0 - Full RFC 2231 compatible
+// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default)
+// 2 - Full 2047 compatible
+$rcmail_config['mime_param_folding'] = 1;
+
+// Set true if deleted messages should not be displayed
+// This will make the application run slower
+$rcmail_config['skip_deleted'] = false;
+
+// Set true to Mark deleted messages as read as well as deleted
+// False means that a message's read status is not affected by marking it as deleted
+$rcmail_config['read_when_deleted'] = true;
+
+// Set to true to never delete messages immediately
+// Use 'Purge' to remove messages marked as deleted
+$rcmail_config['flag_for_deletion'] = false;
+
+// Default interval for keep-alive/check-recent requests (in seconds)
+// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime'
+$rcmail_config['keep_alive'] = 60;
+
+// If true all folders will be checked for recent messages
+$rcmail_config['check_all_folders'] = false;
+
+// If true, after message delete/move, the next message will be displayed
+$rcmail_config['display_next'] = false;
+
+// 0 - Do not expand threads 
+// 1 - Expand all threads automatically 
+// 2 - Expand only threads with unread messages 
+$rcmail_config['autoexpand_threads'] = 0;
+
+// When replying place cursor above original message (top posting)
+$rcmail_config['top_posting'] = false;
+
+// When replying strip original signature from message
+$rcmail_config['strip_existing_sig'] = true;
+
+// Show signature:
+// 0 - Never
+// 1 - Always
+// 2 - New messages only
+// 3 - Forwards and Replies only
+$rcmail_config['show_sig'] = 1;
+
+// When replying or forwarding place sender's signature above existing message
+$rcmail_config['sig_above'] = false;
+
+// Use MIME encoding (quoted-printable) for 8bit characters in message body
+$rcmail_config['force_7bit'] = false;
+
+// Defaults of the search field configuration.
+// The array can contain a per-folder list of header fields which should be considered when searching
+// The entry with key '*' stands for all folders which do not have a specific list set.
+// Please note that folder names should to be in sync with $rcmail_config['default_folders']
+$rcmail_config['search_mods'] = null;  // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1));
+
+// Defaults of the addressbook search field configuration.
+$rcmail_config['addressbook_search_mods'] = null;  // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1);
+
+// 'Delete always'
+// This setting reflects if mail should be always deleted
+// when moving to Trash fails. This is necessary in some setups
+// when user is over quota and Trash is included in the quota.
+$rcmail_config['delete_always'] = false;
+
+// Directly delete messages in Junk instead of moving to Trash
+$rcmail_config['delete_junk'] = true;
+
+// Behavior if a received message requests a message delivery notification (read receipt)
+// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask)
+// 3 = send automatically if sender is in addressbook, otherwise ask the user
+// 4 = send automatically if sender is in addressbook, otherwise ignore
+$rcmail_config['mdn_requests'] = 0;
+
+// Return receipt checkbox default state
+$rcmail_config['mdn_default'] = 0;
+
+// Delivery Status Notification checkbox default state
+$rcmail_config['dsn_default'] = 0;
+
+// Place replies in the folder of the message being replied to
+$rcmail_config['reply_same_folder'] = false;
+
+// Sets default mode of Forward feature to "forward as attachment"
+$rcmail_config['forward_attachment'] = false;
+
+// Defines address book (internal index) to which new contacts will be added
+// By default it is the first writeable addressbook.
+// Note: Use '0' for built-in address book.
+$rcmail_config['default_addressbook'] = null;
+
+// Enables spell checking before sending a message.
+$rcmail_config['spellcheck_before_send'] = false;
+
+// Skip alternative email addresses in autocompletion (show one address per contact)
+$rcmail_config['autocomplete_single'] = false;
+
+// Default font for composed HTML message.
+// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New,
+// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana
+$rcmail_config['default_font'] = '';
+
+// end of config file
diff --git a/install/debian/13/roundcube/vesta.php b/install/debian/13/roundcube/vesta.php
new file mode 100644
index 00000000..b3dd167f
--- /dev/null
+++ b/install/debian/13/roundcube/vesta.php
@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * Vesta Control Panel Password Driver
+ *
+ * @version 1.0
+ * @author Serghey Rodin <skid@vestacp.com>
+ */
+class rcube_vesta_password {
+    function save($curpass, $passwd)
+    {
+        $rcmail = rcmail::get_instance();
+        $vesta_host = $rcmail->config->get('password_vesta_host');
+
+        if (empty($vesta_host))
+        {
+            $vesta_host = 'localhost';
+        }
+
+        $vesta_port = $rcmail->config->get('password_vesta_port');
+        if (empty($vesta_port))
+        {
+            $vesta_port = '8083';
+        }
+
+        $postvars = array(
+          'email' => $_SESSION['username'],
+          'password' => $curpass,
+          'new' => $passwd
+        );
+
+        $postdata = http_build_query($postvars);
+
+        $send  = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL;
+        $send .= 'Host: ' . $vesta_host . PHP_EOL;
+        $send .= 'User-Agent: PHP Script' . PHP_EOL;
+        $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL;
+        $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL;
+        $send .= 'Connection: close' . PHP_EOL;
+        $send .= PHP_EOL;
+        $send .= $postdata . PHP_EOL . PHP_EOL;
+
+        //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port);
+        $errno = "";
+        $errstr = "";
+        $context = stream_context_create();
+
+        $result = stream_context_set_option($context, 'ssl', 'verify_peer', false);
+        $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
+        $result = stream_context_set_option($context, 'ssl', 'verify_host', false);
+        $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
+
+        $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context);
+        fputs($fp, $send);
+        $result = fread($fp, 2048);
+        fclose($fp);
+
+        $fp = fopen("/tmp/roundcube.log", 'w');
+        fwrite($fp, "test ok");
+        fwrite($fp, "\n");
+        fclose($fp);
+
+
+        if(strpos($result, 'ok') && !strpos($result, 'error'))
+        {
+            return PASSWORD_SUCCESS;
+        }
+        else {
+            return PASSWORD_ERROR;
+        }
+
+    }
+}
diff --git a/install/debian/13/sudo/admin b/install/debian/13/sudo/admin
new file mode 100644
index 00000000..331fa1f2
--- /dev/null
+++ b/install/debian/13/sudo/admin
@@ -0,0 +1,8 @@
+# Created by vesta installer
+Defaults env_keep="VESTA"
+Defaults:admin !syslog
+Defaults:admin !requiretty
+Defaults:root !requiretty
+
+# sudo is limited to vesta scripts
+admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
diff --git a/install/debian/13/templates/dns/child-ns.tpl b/install/debian/13/templates/dns/child-ns.tpl
new file mode 100644
index 00000000..42c046e4
--- /dev/null
+++ b/install/debian/13/templates/dns/child-ns.tpl
@@ -0,0 +1,14 @@
+ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%'
diff --git a/install/debian/13/templates/dns/default.tpl b/install/debian/13/templates/dns/default.tpl
new file mode 100644
index 00000000..e0a37e62
--- /dev/null
+++ b/install/debian/13/templates/dns/default.tpl
@@ -0,0 +1,18 @@
+ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%'
diff --git a/install/debian/13/templates/dns/gmail.tpl b/install/debian/13/templates/dns/gmail.tpl
new file mode 100644
index 00000000..219c9d24
--- /dev/null
+++ b/install/debian/13/templates/dns/gmail.tpl
@@ -0,0 +1,12 @@
+ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
diff --git a/install/debian/13/templates/dns/office365.tpl b/install/debian/13/templates/dns/office365.tpl
new file mode 100644
index 00000000..dcf556e1
--- /dev/null
+++ b/install/debian/13/templates/dns/office365.tpl
@@ -0,0 +1,22 @@
+ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:spf.protection.outlook.com -all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='13' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='XXXXXXX.mail.protection.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"MS=msXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='16' RECORD='autodiscover' TYPE='CNAME' PRIORITY='' VALUE='autodiscover.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='17' RECORD='sip' TYPE='CNAME' PRIORITY='' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='18' RECORD='lyncdiscover' TYPE='CNAME' PRIORITY='' VALUE='webdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='19' RECORD='enterpriseregistration' TYPE='CNAME' PRIORITY='' VALUE='enterpriseregistration.windows.net.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='20' RECORD='enterpriseenrollment' TYPE='CNAME' PRIORITY='' VALUE='enterpriseenrollment.manage.microsoft.com.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='21' RECORD='_sip._tls' TYPE='SRV' PRIORITY='100 1 443' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='22' RECORD='_sipfederationtls._tcp' TYPE='SRV' PRIORITY='100 1 5061' VALUE='sipfed.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%'
diff --git a/install/debian/13/templates/dns/yandex.tpl b/install/debian/13/templates/dns/yandex.tpl
new file mode 100644
index 00000000..4ce768fe
--- /dev/null
+++ b/install/debian/13/templates/dns/yandex.tpl
@@ -0,0 +1,16 @@
+ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='12' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='domain.mail.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mx.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.yandex.net ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='16' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"yandex-verification: XXXXXXXXXXXXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%'
diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh
new file mode 100644
index 00000000..cbea2de9
--- /dev/null
+++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh
@@ -0,0 +1,133 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php8.4-fpm-$2.sock
+listen.owner = $1
+listen.group = $1
+listen.mode = 0666
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+request_terminate_timeout = 360s
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube
+php_admin_value[upload_max_filesize] = 800M
+php_admin_value[max_execution_time] = 300
+php_admin_value[post_max_size] = 800M
+php_admin_value[memory_limit] = 512M
+php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\"
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf"
+pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf"
+pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf"
+pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf"
+pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    systemctl reset-failed php5.6-fpm
+    systemctl restart php5.6-fpm
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    systemctl reset-failed php7.0-fpm
+    systemctl restart php7.0-fpm
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    systemctl reset-failed php7.1-fpm
+    systemctl restart php7.1-fpm
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    systemctl reset-failed php7.2-fpm
+    systemctl restart php7.2-fpm
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    systemctl reset-failed php7.3-fpm
+    systemctl restart php7.3-fpm
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    systemctl reset-failed php7.4-fpm
+    systemctl restart php7.4-fpm
+fi
+
+if [ -f "$pool_file_80" ]; then
+    rm $pool_file_80
+    systemctl reset-failed php8.0-fpm
+    systemctl restart php8.0-fpm
+fi
+
+if [ -f "$pool_file_81" ]; then
+    rm $pool_file_81
+    systemctl reset-failed php8.1-fpm
+    systemctl restart php8.1-fpm
+fi
+
+if [ -f "$pool_file_82" ]; then
+    rm $pool_file_82
+    systemctl reset-failed php8.2-fpm
+    systemctl restart php8.2-fpm
+fi
+
+if [ -f "$pool_file_83" ]; then
+    rm $pool_file_83
+    systemctl reset-failed php8.3-fpm
+    systemctl restart php8.3-fpm
+fi
+
+write_file=0
+if [ ! -f "$pool_file_84" ]; then
+  write_file=1
+else
+  user_count=$(grep -c "/home/$1/" $pool_file_84)
+  if [ $user_count -eq 0 ]; then
+    write_file=1
+  fi
+fi
+if [ $write_file -eq 1 ]; then
+    echo "$pool_conf" > $pool_file_84
+    systemctl reset-failed php8.4-fpm
+    systemctl restart php8.4-fpm
+fi
+if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then
+    rm /etc/php/8.4/fpm/pool.d/www.conf
+fi
+
+exit 0
diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl
new file mode 100644
index 00000000..91e05b17
--- /dev/null
+++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl
@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%/public
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl
new file mode 100644
index 00000000..94acbf15
--- /dev/null
+++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl
@@ -0,0 +1,30 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%/public
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh
new file mode 100644
index 00000000..cbea2de9
--- /dev/null
+++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh
@@ -0,0 +1,133 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php8.4-fpm-$2.sock
+listen.owner = $1
+listen.group = $1
+listen.mode = 0666
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+request_terminate_timeout = 360s
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube
+php_admin_value[upload_max_filesize] = 800M
+php_admin_value[max_execution_time] = 300
+php_admin_value[post_max_size] = 800M
+php_admin_value[memory_limit] = 512M
+php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\"
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf"
+pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf"
+pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf"
+pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf"
+pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    systemctl reset-failed php5.6-fpm
+    systemctl restart php5.6-fpm
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    systemctl reset-failed php7.0-fpm
+    systemctl restart php7.0-fpm
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    systemctl reset-failed php7.1-fpm
+    systemctl restart php7.1-fpm
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    systemctl reset-failed php7.2-fpm
+    systemctl restart php7.2-fpm
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    systemctl reset-failed php7.3-fpm
+    systemctl restart php7.3-fpm
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    systemctl reset-failed php7.4-fpm
+    systemctl restart php7.4-fpm
+fi
+
+if [ -f "$pool_file_80" ]; then
+    rm $pool_file_80
+    systemctl reset-failed php8.0-fpm
+    systemctl restart php8.0-fpm
+fi
+
+if [ -f "$pool_file_81" ]; then
+    rm $pool_file_81
+    systemctl reset-failed php8.1-fpm
+    systemctl restart php8.1-fpm
+fi
+
+if [ -f "$pool_file_82" ]; then
+    rm $pool_file_82
+    systemctl reset-failed php8.2-fpm
+    systemctl restart php8.2-fpm
+fi
+
+if [ -f "$pool_file_83" ]; then
+    rm $pool_file_83
+    systemctl reset-failed php8.3-fpm
+    systemctl restart php8.3-fpm
+fi
+
+write_file=0
+if [ ! -f "$pool_file_84" ]; then
+  write_file=1
+else
+  user_count=$(grep -c "/home/$1/" $pool_file_84)
+  if [ $user_count -eq 0 ]; then
+    write_file=1
+  fi
+fi
+if [ $write_file -eq 1 ]; then
+    echo "$pool_conf" > $pool_file_84
+    systemctl reset-failed php8.4-fpm
+    systemctl restart php8.4-fpm
+fi
+if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then
+    rm /etc/php/8.4/fpm/pool.d/www.conf
+fi
+
+exit 0
diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl
new file mode 100644
index 00000000..848abf7c
--- /dev/null
+++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl
@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl
new file mode 100644
index 00000000..065c1f89
--- /dev/null
+++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl
@@ -0,0 +1,30 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/install/debian/13/templates/web/awstats/awstats.tpl b/install/debian/13/templates/web/awstats/awstats.tpl
new file mode 100644
index 00000000..6bb51c50
--- /dev/null
+++ b/install/debian/13/templates/web/awstats/awstats.tpl
@@ -0,0 +1,133 @@
+LogFile="/var/log/%web_system%/domains/%domain%.log"
+LogType=W
+LogFormat=1
+LogSeparator=" "
+SiteDomain="%domain_idn%"
+HostAliases="%alias_idn%"
+DirData="%home%/%user%/web/%domain%/stats"
+DirCgi="/vstats"
+DirIcons="/vstats/icon"
+AllowToUpdateStatsFromBrowser=0
+AllowFullYearView=2
+EnableLockForUpdate=1
+DNSStaticCacheFile="dnscache.txt"
+DNSLastUpdateCacheFile="dnscachelastupdate.txt"
+SkipDNSLookupFor=""
+AllowAccessFromWebToAuthenticatedUsersOnly=0
+AllowAccessFromWebToFollowingAuthenticatedUsers=""
+AllowAccessFromWebToFollowingIPAddresses=""
+CreateDirDataIfNotExists=0
+BuildHistoryFormat=text
+BuildReportFormat=html
+SaveDatabaseFilesWithPermissionsForEveryone=0
+PurgeLogFile=0
+ArchiveLogRecords=0
+KeepBackupOfHistoricFiles=1
+DefaultFile="index.php index.html"
+SkipHosts="127.0.0.1"
+SkipUserAgents=""
+SkipFiles=""
+SkipReferrersBlackList=""
+OnlyHosts=""
+OnlyUserAgents=""
+OnlyUsers=""
+OnlyFiles=""
+NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf"
+ValidHTTPCodes="200 304"
+ValidSMTPCodes="1 250"
+AuthenticatedUsersNotCaseSensitive=0
+URLNotCaseSensitive=0
+URLWithAnchor=0
+URLQuerySeparators="?;"
+URLWithQuery=0
+URLWithQueryWithOnlyFollowingParameters=""
+URLWithQueryWithoutFollowingParameters=""
+URLReferrerWithQuery=0
+WarningMessages=1
+ErrorMessages=""
+DebugMessages=0
+NbOfLinesForCorruptedLog=50
+WrapperScript=""
+DecodeUA=0
+MiscTrackerUrl="/js/awstats_misc_tracker.js"
+UseFramesWhenCGI=1
+DetailedReportsOnNewWindows=1
+Expires=3600
+MaxRowsInHTMLOutput=1000
+Lang="auto"
+DirLang="./lang"
+ShowMenu=1
+ShowSummary=UVPHB
+ShowMonthStats=UVPHB
+ShowDaysOfMonthStats=VPHB
+ShowDaysOfWeekStats=PHB
+ShowHoursStats=PHB
+ShowDomainsStats=PHB
+ShowHostsStats=PHBL
+ShowAuthenticatedUsers=0
+ShowRobotsStats=HBL
+ShowWormsStats=0
+ShowEMailSenders=0
+ShowEMailReceivers=0
+ShowSessionsStats=1
+ShowPagesStats=PBEX
+ShowFileTypesStats=HB
+ShowFileSizesStats=0
+ShowDownloadsStats=HB
+ShowOSStats=1
+ShowBrowsersStats=1
+ShowScreenSizeStats=0
+ShowOriginStats=PH
+ShowKeyphrasesStats=1
+ShowKeywordsStats=1
+ShowMiscStats=a
+ShowHTTPErrorsStats=1
+ShowSMTPErrorsStats=0
+ShowClusterStats=0
+AddDataArrayMonthStats=1
+AddDataArrayShowDaysOfMonthStats=1
+AddDataArrayShowDaysOfWeekStats=1
+AddDataArrayShowHoursStats=1
+IncludeInternalLinksInOriginSection=0
+MaxNbOfDomain = 10
+MinHitDomain  = 1
+MaxNbOfHostsShown = 10
+MinHitHost    = 1
+MaxNbOfLoginShown = 10
+MinHitLogin   = 1
+MaxNbOfRobotShown = 10
+MinHitRobot   = 1
+MaxNbOfDownloadsShown = 10
+MinHitDownloads = 1
+MaxNbOfPageShown = 10
+MinHitFile    = 1
+MaxNbOfOsShown = 10
+MinHitOs      = 1
+MaxNbOfBrowsersShown = 10
+MinHitBrowser = 1
+MaxNbOfScreenSizesShown = 5
+MinHitScreenSize = 1
+MaxNbOfWindowSizesShown = 5
+MinHitWindowSize = 1
+MaxNbOfRefererShown = 10
+MinHitRefer   = 1
+MaxNbOfKeyphrasesShown = 10
+MinHitKeyphrase = 1
+MaxNbOfKeywordsShown = 10
+MinHitKeyword = 1
+MaxNbOfEMailsShown = 20
+MinHitEMail   = 1
+FirstDayOfWeek=0
+ShowFlagLinks=""
+ShowLinksOnUrl=1
+UseHTTPSLinkForUrl=""
+MaxLengthOfShownURL=64
+HTMLHeadSection=""
+HTMLEndSection=""
+MetaRobot=0
+Logo="awstats_logo6.png"
+LogoLink="http://awstats.sourceforge.net"
+BarWidth   = 260
+BarHeight  = 90
+StyleSheet=""
+ExtraTrackedRowsLimit=500
diff --git a/install/debian/13/templates/web/awstats/index.tpl b/install/debian/13/templates/web/awstats/index.tpl
new file mode 100644
index 00000000..9df9bb5c
--- /dev/null
+++ b/install/debian/13/templates/web/awstats/index.tpl
@@ -0,0 +1,10 @@
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <title>Awstats log analyzer </title>
+</head>
+<frameset rows="60,*" cols="*">
+    <frame src="nav.html" name="nav" scrolling="no" noresize>
+    <frame src="%month%/index.html" name="stats">
+</frameset>
+</html>
diff --git a/install/debian/13/templates/web/awstats/nav.tpl b/install/debian/13/templates/web/awstats/nav.tpl
new file mode 100644
index 00000000..f29bed68
--- /dev/null
+++ b/install/debian/13/templates/web/awstats/nav.tpl
@@ -0,0 +1,23 @@
+<html>
+<head>
+    <title>Awstats navigation</title>
+    <script language="javascript">
+        function change() {
+            top.stats.location= document.period.select.value + '/';
+        }
+    </script>
+</head>
+<body>
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+<tr>
+    <td><img src="logo.png" alt="vesta"></td>
+    <td><form name="period" action="" method="get">
+        <select name="select" ONCHANGE="change()">
+%select_month%
+        </select>
+    </form>
+    </td>
+</tr>
+</table>
+</body>
+</html>
diff --git a/install/debian/13/templates/web/nginx/caching.sh b/install/debian/13/templates/web/nginx/caching.sh
new file mode 100644
index 00000000..09d8efe7
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/caching.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+user=$1
+domain=$2
+ip=$3
+home=$4
+docroot=$5
+
+str="proxy_cache_path /var/cache/nginx/$domain levels=2" 
+str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" 
+conf='/etc/nginx/conf.d/01_caching_pool.conf'
+if [ -e "$conf" ]; then
+    if [ -z "$(grep "=${domain}:" $conf)" ]; then
+        echo "$str" >> $conf
+    fi
+else
+    echo "$str" >> $conf
+fi
+
diff --git a/install/debian/13/templates/web/nginx/caching.stpl b/install/debian/13/templates/web/nginx/caching.stpl
new file mode 100644
index 00000000..f5c9740f
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/caching.stpl
@@ -0,0 +1,44 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+
+        proxy_cache cache;
+        proxy_cache_valid 15m;
+        proxy_cache_valid 404 1m;
+        proxy_no_cache $no_cache;
+        proxy_cache_bypass $no_cache;
+        proxy_cache_bypass $cookie_session $http_x_update;
+
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            proxy_cache    off;
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    include %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/caching.tpl b/install/debian/13/templates/web/nginx/caching.tpl
new file mode 100644
index 00000000..73de28d5
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/caching.tpl
@@ -0,0 +1,42 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      http://%ip%:%web_port%;
+
+        proxy_cache cache;
+        proxy_cache_valid 15m;
+        proxy_cache_valid 404 1m;
+        proxy_no_cache $no_cache;
+        proxy_cache_bypass $no_cache;
+        proxy_cache_bypass $cookie_session $http_x_update;
+
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            proxy_cache    off;
+            root           %docroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    include %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.stpl b/install/debian/13/templates/web/nginx/force-https-legacy.stpl
new file mode 100644
index 00000000..8e636db3
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/force-https-legacy.stpl
@@ -0,0 +1,40 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.tpl b/install/debian/13/templates/web/nginx/force-https-legacy.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/force-https-legacy.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/install/debian/13/templates/web/nginx/force-https-public.stpl b/install/debian/13/templates/web/nginx/force-https-public.stpl
new file mode 100644
index 00000000..a7609b13
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/force-https-public.stpl
@@ -0,0 +1,40 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%/public;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%/public;
+
+    include %home%/%user%/conf/web/snginx.%domain_idn%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/force-https-public.tpl b/install/debian/13/templates/web/nginx/force-https-public.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/force-https-public.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl
new file mode 100644
index 00000000..2db9a06e
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl
@@ -0,0 +1,64 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /webmail {
+        disable_symlinks off;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           /var/lib/roundcube;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /phpmyadmin {
+        disable_symlinks off;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           /usr/share;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/install/debian/13/templates/web/nginx/force-https.stpl b/install/debian/13/templates/web/nginx/force-https.stpl
new file mode 100644
index 00000000..55f41002
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/force-https.stpl
@@ -0,0 +1,40 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/force-https.tpl b/install/debian/13/templates/web/nginx/force-https.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/force-https.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.sh b/install/debian/13/templates/web/nginx/hosting-legacy.sh
new file mode 100644
index 00000000..eeed37ef
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting-legacy.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# Changing public_html permission
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+chmod 755 $docroot
+
+exit 0
diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.stpl b/install/debian/13/templates/web/nginx/hosting-legacy.stpl
new file mode 100644
index 00000000..efdd3b87
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting-legacy.stpl
@@ -0,0 +1,40 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+    
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.tpl b/install/debian/13/templates/web/nginx/hosting-legacy.tpl
new file mode 100644
index 00000000..a41d4054
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting-legacy.tpl
@@ -0,0 +1,36 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      http://%ip%:%web_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %docroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/hosting-public.stpl b/install/debian/13/templates/web/nginx/hosting-public.stpl
new file mode 100644
index 00000000..a7609b13
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting-public.stpl
@@ -0,0 +1,40 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%/public;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%/public;
+
+    include %home%/%user%/conf/web/snginx.%domain_idn%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/hosting-public.tpl b/install/debian/13/templates/web/nginx/hosting-public.tpl
new file mode 100644
index 00000000..f5d8b327
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting-public.tpl
@@ -0,0 +1,36 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      http://%ip%:%web_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %docroot%/public;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%/public;
+
+    include %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl
new file mode 100644
index 00000000..2db9a06e
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl
@@ -0,0 +1,64 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /webmail {
+        disable_symlinks off;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           /var/lib/roundcube;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /phpmyadmin {
+        disable_symlinks off;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           /usr/share;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl
new file mode 100644
index 00000000..f84f4781
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl
@@ -0,0 +1,60 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      http://%ip%:%web_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %docroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /webmail {
+        disable_symlinks off;
+        proxy_pass      http://%ip%:%web_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           /var/lib/roundcube;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /phpmyadmin {
+        disable_symlinks off;
+        proxy_pass      http://%ip%:%web_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           /usr/share;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/hosting.sh b/install/debian/13/templates/web/nginx/hosting.sh
new file mode 100644
index 00000000..eeed37ef
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# Changing public_html permission
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+chmod 755 $docroot
+
+exit 0
diff --git a/install/debian/13/templates/web/nginx/hosting.stpl b/install/debian/13/templates/web/nginx/hosting.stpl
new file mode 100644
index 00000000..5745311e
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting.stpl
@@ -0,0 +1,40 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/hosting.tpl b/install/debian/13/templates/web/nginx/hosting.tpl
new file mode 100644
index 00000000..61469ad2
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/hosting.tpl
@@ -0,0 +1,36 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      http://%ip%:%web_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %docroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl
new file mode 100644
index 00000000..cf8fad56
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl
@@ -0,0 +1,55 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+        try_files $uri $uri/ /index.php?page=$request_uri;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl
new file mode 100644
index 00000000..f9e90393
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl
@@ -0,0 +1,52 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location / {
+        try_files $uri $uri/ /index.php?page=$request_uri;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl
new file mode 100644
index 00000000..5931f617
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl
@@ -0,0 +1,60 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+        try_files $uri $uri/ /index.php;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location = /index.php {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location ~ \.php$ {
+        return 444;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl
new file mode 100644
index 00000000..d2422be2
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl
@@ -0,0 +1,57 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location / {
+        try_files $uri $uri/ /index.php;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location = /index.php {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location ~ \.php$ {
+        return 444;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl
new file mode 100644
index 00000000..3c2793d1
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl
@@ -0,0 +1,55 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+        try_files $uri $uri/ /index.php;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl
new file mode 100644
index 00000000..54f81b99
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl
@@ -0,0 +1,52 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location / {
+        try_files $uri $uri/ /index.php;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl
new file mode 100644
index 00000000..bb9a727b
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl
@@ -0,0 +1,126 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+    
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+        rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last;
+
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last;
+
+        rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last;
+        rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last;
+        rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last;
+        rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last;
+
+        rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last;
+        rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last;
+        rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last;
+        rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last;
+
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last;
+
+        rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last;
+
+        rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last;
+        rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last;
+
+        rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last;
+        rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last;
+
+        rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last;
+        rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last;
+
+        rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last;
+        rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last;
+        rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last;
+        rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last;
+        rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last;
+        rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last;
+
+        rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last;
+        rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last;
+
+        rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last;
+        rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last;
+        rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last;
+
+        rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last;
+        rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last;
+
+        rewrite "^/favorites(/?)+$" /index.php?do=favorites last;
+        rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last;
+
+        rewrite "^/rules.html$" /index.php?do=rules last;
+        rewrite "^/statistics.html$" /index.php?do=stats last;
+        rewrite "^/addnews.html$" /index.php?do=addnews last;
+        rewrite "^/rss.xml$" /engine/rss.php last;
+        rewrite "^/sitemap.xml$" /uploads/sitemap.xml last;
+
+        if (!-d $request_filename) {
+                rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last;
+                rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last;
+        }
+
+        if (!-f $request_filename) {
+                rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last;
+                rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last;
+                rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last;
+        }
+
+        if (!-f $request_filename) {
+                rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last;
+        }
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl
new file mode 100644
index 00000000..3ea45347
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl
@@ -0,0 +1,123 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location / {
+        rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last;
+
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last;
+
+        rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last;
+        rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last;
+        rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last;
+        rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last;
+
+        rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last;
+        rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last;
+        rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last;
+        rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last;
+
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last;
+
+        rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last;
+        rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last;
+
+        rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last;
+        rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last;
+
+        rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last;
+        rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last;
+
+        rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last;
+        rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last;
+
+        rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last;
+        rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last;
+        rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last;
+        rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last;
+        rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last;
+        rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last;
+
+        rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last;
+        rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last;
+
+        rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last;
+        rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last;
+        rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last;
+
+        rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last;
+        rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last;
+
+        rewrite "^/favorites(/?)+$" /index.php?do=favorites last;
+        rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last;
+
+        rewrite "^/rules.html$" /index.php?do=rules last;
+        rewrite "^/statistics.html$" /index.php?do=stats last;
+        rewrite "^/addnews.html$" /index.php?do=addnews last;
+        rewrite "^/rss.xml$" /engine/rss.php last;
+        rewrite "^/sitemap.xml$" /uploads/sitemap.xml last;
+
+        if (!-d $request_filename) {
+                rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last;
+                rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last;
+        }
+
+        if (!-f $request_filename) {
+                rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last;
+                rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last;
+                rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last;
+        }
+
+        if (!-f $request_filename) {
+                rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last;
+        }
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.stpl b/install/debian/13/templates/web/nginx/php-fpm/default.stpl
new file mode 100644
index 00000000..f9c01e40
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/default.stpl
@@ -0,0 +1,54 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.tpl b/install/debian/13/templates/web/nginx/php-fpm/default.tpl
new file mode 100644
index 00000000..a8909efb
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/default.tpl
@@ -0,0 +1,51 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl
new file mode 100644
index 00000000..a7564705
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl
@@ -0,0 +1,71 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+        index doku.php;
+        try_files $uri $uri/ @dokuwiki;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location ~ ^/lib.*\.(gif|png|ico|jpg)$ {
+        expires 30d;
+    }
+
+    location ^~ /conf/ { return 403; }
+    location ^~ /data/ { return 403; }
+
+    location @dokuwiki {
+        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+        rewrite ^/(.*) /doku.php?id=$1 last;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl
new file mode 100644
index 00000000..0a9a75ed
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl
@@ -0,0 +1,67 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location / {
+        index doku.php;
+        try_files $uri $uri/ @dokuwiki;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location ~ ^/lib.*\.(gif|png|ico|jpg)$ {
+        expires 30d;
+    }
+
+    location ^~ /conf/ { return 403; }
+    location ^~ /data/ { return 403; }
+    location @dokuwiki {
+        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+        rewrite ^/(.*) /doku.php?id=$1 last;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl
new file mode 100644
index 00000000..6e67a4e0
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl
@@ -0,0 +1,94 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(txt|log)$ {
+        allow 192.168.0.0/16;
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+    }
+
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+
+    location ~ ^/sites/[^/]+/files/.*\.php$ {
+        deny all;
+    }
+    
+    location / {
+        try_files $uri @rewrite;
+    }
+
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
+    }
+    
+    location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+    }    
+
+    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+
+    location ~ ^/sites/.*/files/imagecache/ {
+        try_files $uri @rewrite;
+    }    
+
+    location ~ '\.php$|^/update.php' {
+        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass %backend_lsnr%;             
+        include /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl
new file mode 100644
index 00000000..d1096bff
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl
@@ -0,0 +1,91 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(txt|log)$ {
+        allow 192.168.0.0/16;
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+        }
+
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+
+    location ~ ^/sites/[^/]+/files/.*\.php$ {
+        deny all;
+    }
+
+    location / {
+        try_files $uri @rewrite;
+    }
+
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
+    }
+    
+    location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+    }    
+
+    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+
+    location ~ ^/sites/.*/files/imagecache/ {
+        try_files $uri @rewrite;
+    }
+        
+    location ~ '\.php$|^/update.php' {
+        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass %backend_lsnr%;             
+        include /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl
new file mode 100644
index 00000000..32f01a6f
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl
@@ -0,0 +1,94 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(txt|log)$ {
+        allow 192.168.0.0/16;
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+    }
+
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+
+    location ~ ^/sites/[^/]+/files/.*\.php$ {
+        deny all;
+    }
+    
+    location / {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+    }        
+
+    location ~ ^/sites/.*/files/styles/ {
+        try_files $uri @rewrite;
+    }
+
+    location ~ ^(/[a-z\-]+)?/system/files/ {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+    
+    location ~ '\.php$|^/update.php' {
+        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass %backend_lsnr%;
+        include         /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl
new file mode 100644
index 00000000..c9729795
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl
@@ -0,0 +1,91 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(txt|log)$ {
+        allow 192.168.0.0/16;
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+        }
+
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+    
+    location ~ ^/sites/[^/]+/files/.*\.php$ {
+        deny all;
+    }
+    
+    location / {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+    }        
+
+    location ~ ^/sites/.*/files/styles/ {
+        try_files $uri @rewrite;
+    }
+
+    location ~ ^(/[a-z\-]+)?/system/files/ {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+
+    location ~ '\.php$|^/update.php' {
+        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass %backend_lsnr%;
+        include         /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl
new file mode 100644
index 00000000..32f01a6f
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl
@@ -0,0 +1,94 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(txt|log)$ {
+        allow 192.168.0.0/16;
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+    }
+
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+
+    location ~ ^/sites/[^/]+/files/.*\.php$ {
+        deny all;
+    }
+    
+    location / {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+    }        
+
+    location ~ ^/sites/.*/files/styles/ {
+        try_files $uri @rewrite;
+    }
+
+    location ~ ^(/[a-z\-]+)?/system/files/ {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+    
+    location ~ '\.php$|^/update.php' {
+        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass %backend_lsnr%;
+        include         /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl
new file mode 100644
index 00000000..c9729795
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl
@@ -0,0 +1,91 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(txt|log)$ {
+        allow 192.168.0.0/16;
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+        }
+
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+    
+    location ~ ^/sites/[^/]+/files/.*\.php$ {
+        deny all;
+    }
+    
+    location / {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+    }        
+
+    location ~ ^/sites/.*/files/styles/ {
+        try_files $uri @rewrite;
+    }
+
+    location ~ ^(/[a-z\-]+)?/system/files/ {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+
+    location ~ '\.php$|^/update.php' {
+        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass %backend_lsnr%;
+        include         /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl
new file mode 100644
index 00000000..d4f96ee3
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl
@@ -0,0 +1,62 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        # deny running scripts inside writable directories
+        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
+            return 403;
+            error_page 403 /403_error.html;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl
new file mode 100644
index 00000000..91b7a8f1
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl
@@ -0,0 +1,59 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        # deny running scripts inside writable directories
+        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
+            return 403;
+            error_page 403 /403_error.html;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl
new file mode 100644
index 00000000..db0b4dde
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl
@@ -0,0 +1,54 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%/public;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl
new file mode 100644
index 00000000..d14b0173
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl
@@ -0,0 +1,50 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%/public;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.stpl b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl
new file mode 100644
index 00000000..f8ac30c9
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl
@@ -0,0 +1,197 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+
+    root        %sdocroot%/pub;
+    index       index.php;
+    autoindex   off;
+    charset     UTF-8;
+    error_page  404 403 = /errors/404.php;
+    add_header  "X-UA-Compatible" "IE=Edge";
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    # PHP entry point for setup application
+    location ~* ^/setup($|/) {
+        root %sdocroot%;
+
+        location ~ ^/setup/index.php {
+            fastcgi_pass   %backend_lsnr%;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            include        /etc/nginx/fastcgi_params;
+        }
+
+        location ~ ^/setup/(?!pub/). {
+            deny all;
+        }
+
+        location ~ ^/setup/pub/ {
+            add_header X-Frame-Options "SAMEORIGIN";
+        }
+    }
+
+    # PHP entry point for update application
+    location ~* ^/update($|/) {
+        root %sdocroot%;
+
+        location ~ ^/update/index.php {
+            fastcgi_split_path_info ^(/update/index.php)(/.+)$;
+            fastcgi_pass   %backend_lsnr%;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            fastcgi_param  PATH_INFO        $fastcgi_path_info;
+            include        /etc/nginx/fastcgi_params;
+        }
+
+        # Deny everything but index.php
+        location ~ ^/update/(?!pub/). {
+            deny all;
+        }
+
+        location ~ ^/update/pub/ {
+            add_header X-Frame-Options "SAMEORIGIN";
+        }
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location /pub/ {
+        location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
+            deny all;
+        }
+
+        alias %sdocroot%/pub/;
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /static/ {
+        # Uncomment the following line in production mode
+        # expires max;
+
+        # Remove signature of the static files that is used to overcome the browser cache
+        location ~ ^/static/version {
+            rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
+        }
+
+        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+            add_header Cache-Control "public";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires +1y;
+
+            if (!-f $request_filename) {
+                rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+            }
+        }
+
+        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+            add_header Cache-Control "no-store";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires    off;
+
+            if (!-f $request_filename) {
+                rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+            }
+        }
+
+        if (!-f $request_filename) {
+            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+        }
+
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /media/ {
+        try_files $uri $uri/ /get.php?$args;
+
+        location ~ ^/media/theme_customization/.*\.xml {
+            deny all;
+        }
+
+        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+            add_header Cache-Control "public";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires +1y;
+            try_files $uri $uri/ /get.php?$args;
+        }
+
+        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+            add_header Cache-Control "no-store";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires    off;
+            try_files $uri $uri/ /get.php?$args;
+        }
+
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /media/customer/ {
+        deny all;
+    }
+
+    location /media/downloadable/ {
+        deny all;
+    }
+
+    location /media/import/ {
+        deny all;
+    }
+
+    # PHP entry point for main application
+    location ~ (index|get|static|report|404|503)\.php$ {
+        try_files $uri =404;
+
+        fastcgi_pass   %backend_lsnr%;
+        fastcgi_buffers 1024 4k;
+        fastcgi_read_timeout 600s;
+        fastcgi_connect_timeout 600s;
+
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        include        /etc/nginx/fastcgi_params;
+    }
+
+    gzip on;
+    gzip_disable "msie6";
+
+    gzip_comp_level 6;
+    gzip_min_length 1100;
+    gzip_buffers 16 8k;
+    gzip_proxied any;
+    gzip_types
+        text/plain
+        text/css
+        text/js
+        text/xml
+        text/javascript
+        application/javascript
+        application/x-javascript
+        application/json
+        application/xml
+        application/xml+rss
+        image/svg+xml;
+    gzip_vary on;
+
+    # Banned locations (only reached if the earlier PHP entry point regexes don't match)
+    location ~* (\.php$|\.htaccess$|\.git) {
+        deny all;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.tpl b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl
new file mode 100644
index 00000000..3f292fff
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl
@@ -0,0 +1,194 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+
+    root        %docroot%/pub;
+    index       index.php;
+    autoindex   off;
+    charset     UTF-8;
+    error_page  404 403 = /errors/404.php;
+    add_header  "X-UA-Compatible" "IE=Edge";
+
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    # PHP entry point for setup application
+    location ~* ^/setup($|/) {
+        root %docroot%;
+
+        location ~ ^/setup/index.php {
+            fastcgi_pass   %backend_lsnr%;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            include        /etc/nginx/fastcgi_params;
+        }
+
+        location ~ ^/setup/(?!pub/). {
+            deny all;
+        }
+
+        location ~ ^/setup/pub/ {
+            add_header X-Frame-Options "SAMEORIGIN";
+        }
+    }
+
+    # PHP entry point for update application
+    location ~* ^/update($|/) {
+        root %docroot%;
+
+        location ~ ^/update/index.php {
+            fastcgi_split_path_info ^(/update/index.php)(/.+)$;
+            fastcgi_pass   %backend_lsnr%;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            fastcgi_param  PATH_INFO        $fastcgi_path_info;
+            include        /etc/nginx/fastcgi_params;
+        }
+
+        # Deny everything but index.php
+        location ~ ^/update/(?!pub/). {
+            deny all;
+        }
+
+        location ~ ^/update/pub/ {
+            add_header X-Frame-Options "SAMEORIGIN";
+        }
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location /pub/ {
+        location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
+            deny all;
+        }
+
+        alias %docroot%/pub/;
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /static/ {
+        # Uncomment the following line in production mode
+        # expires max;
+
+        # Remove signature of the static files that is used to overcome the browser cache
+        location ~ ^/static/version {
+            rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
+        }
+
+        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+            add_header Cache-Control "public";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires +1y;
+
+            if (!-f $request_filename) {
+                rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+            }
+        }
+
+        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+            add_header Cache-Control "no-store";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires    off;
+
+            if (!-f $request_filename) {
+                rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+            }
+        }
+
+        if (!-f $request_filename) {
+            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+        }
+
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /media/ {
+        try_files $uri $uri/ /get.php?$args;
+
+        location ~ ^/media/theme_customization/.*\.xml {
+            deny all;
+        }
+
+        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+            add_header Cache-Control "public";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires +1y;
+            try_files $uri $uri/ /get.php?$args;
+        }
+
+        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+            add_header Cache-Control "no-store";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires    off;
+            try_files $uri $uri/ /get.php?$args;
+        }
+
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /media/customer/ {
+        deny all;
+    }
+
+    location /media/downloadable/ {
+        deny all;
+    }
+
+    location /media/import/ {
+        deny all;
+    }
+
+    # PHP entry point for main application
+    location ~ (index|get|static|report|404|503)\.php$ {
+        try_files $uri =404;
+
+        fastcgi_pass   %backend_lsnr%;
+        fastcgi_buffers 1024 4k;
+        fastcgi_read_timeout 600s;
+        fastcgi_connect_timeout 600s;
+
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        include        /etc/nginx/fastcgi_params;
+    }
+
+    gzip on;
+    gzip_disable "msie6";
+
+    gzip_comp_level 6;
+    gzip_min_length 1100;
+    gzip_buffers 16 8k;
+    gzip_proxied any;
+    gzip_types
+        text/plain
+        text/css
+        text/js
+        text/xml
+        text/javascript
+        application/javascript
+        application/x-javascript
+        application/json
+        application/xml
+        application/xml+rss
+        image/svg+xml;
+    gzip_vary on;
+
+    # Banned locations (only reached if the earlier PHP entry point regexes don't match)
+    location ~* (\.php$|\.htaccess$|\.git) {
+        deny all;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.stpl b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl
new file mode 100644
index 00000000..420aeb9e
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl
@@ -0,0 +1,68 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+    
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+#   if you need to rewrite www to non-www uncomment bellow
+#   if ($host != '%domain%' ) {
+#       rewrite      ^/(.*)$  https://%domain%/$1  permanent;
+#    }
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ @rewrite;
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+    }
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
+    }
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_pass %backend_lsnr%;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.tpl b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl
new file mode 100644
index 00000000..342d3ecf
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl
@@ -0,0 +1,65 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+#   if you need to rewrite www to non-www uncomment bellow
+#   if ($host != '%domain%' ) {
+#       rewrite      ^/(.*)$  http://%domain%/$1  permanent;
+#    }
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ @rewrite;
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+    }
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
+    }
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_pass %backend_lsnr%;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl
new file mode 100644
index 00000000..8594ec94
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl
@@ -0,0 +1,89 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(txt|log)$ {
+        allow 192.168.0.0/16;
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+    }
+
+    # No no for private
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+
+    # Block access to "hidden" files and directories whose names begin with a
+    # period. This includes directories used by version control systems such
+    # as Subversion or Git to store control files.
+    location ~ (^|/)\. {
+            return 403;
+        }
+
+    location / {
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+            fastcgi_intercept_errors on;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl
new file mode 100644
index 00000000..c20ba648
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl
@@ -0,0 +1,87 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Very rarely should these ever be accessed outside of your lan
+    location ~* \.(txt|log)$ {
+        allow 192.168.0.0/16;
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+        }
+
+    # No no for private
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+
+    # Block access to "hidden" files and directories whose names begin with a
+    # period. This includes directories used by version control systems such
+    # as Subversion or Git to store control files.
+    location ~ (^|/)\. {
+        return 403;
+    }
+
+    location / {
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+            fastcgi_intercept_errors on;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl
new file mode 100644
index 00000000..4bb50383
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl
@@ -0,0 +1,46 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    types {
+            text/html   html htm shtml php php5;
+    }
+
+    location / {
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl
new file mode 100644
index 00000000..7ff8aa1d
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl
@@ -0,0 +1,43 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    types {
+            text/html   html htm shtml php php5;
+    }
+
+    location / {
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl
new file mode 100644
index 00000000..e28afcfc
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl
@@ -0,0 +1,69 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+    proxy_redirect          off;
+
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+
+    proxy_connect_timeout   720;
+    proxy_send_timeout      720;
+    proxy_read_timeout      720;
+    send_timeout            720;
+
+    # Allow "Well-Known URIs" as per RFC 5785
+    location ~* ^/.well-known/ {
+        allow all;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8069;
+    }
+
+    location /longpolling {
+        proxy_pass http://127.0.0.1:8072;
+    }
+    
+    location ~* /web/static/ {
+        proxy_cache_valid 200 60m;
+        proxy_buffering on;
+        expires 864000;
+        proxy_pass http://127.0.0.1:8069;
+    }
+    
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl
new file mode 100644
index 00000000..b1240aae
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl
@@ -0,0 +1,66 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+    
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+    proxy_redirect          off;
+
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+
+    proxy_connect_timeout   720;
+    proxy_send_timeout      720;
+    proxy_read_timeout      720;
+    send_timeout            720;
+
+    # Allow "Well-Known URIs" as per RFC 5785
+    location ~* ^/.well-known/ {
+        allow all;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8069;
+    }
+
+    location /longpolling {
+        proxy_pass http://127.0.0.1:8072;
+    }
+    
+    location ~* /web/static/ {
+        proxy_cache_valid 200 60m;
+        proxy_buffering on;
+        expires 864000;
+        proxy_pass http://127.0.0.1:8069;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl
new file mode 100644
index 00000000..52706d21
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl
@@ -0,0 +1,58 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+        try_files $uri $uri/ @opencart;
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location @opencart {
+        rewrite ^/(.+)$ /index.php?_route_=$1 last;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl
new file mode 100644
index 00000000..d0a9060b
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl
@@ -0,0 +1,54 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+    location / {
+        try_files $uri $uri/ @opencart;
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location @opencart {
+        rewrite ^/(.+)$ /index.php?_route_=$1 last;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl
new file mode 100644
index 00000000..1b803f97
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl
@@ -0,0 +1,84 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+    rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+    rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+
+    error_page 403 = /core/templates/403.php;
+    error_page 404 = /core/templates/404.php;
+
+    location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
+        deny all;
+    }
+
+    location / {
+        # The following 2 rules are only needed with webfinger
+        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+        try_files $uri $uri/ /index.php;
+
+        location ~ \.php(?:$|/) {
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            include         /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+            #fastcgi_param HTTPS on;
+            fastcgi_pass    %backend_lsnr%;
+        }
+    }
+
+    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+        expires     max;
+        # Some basic cache-control for static files to be sent to the browser
+        add_header Pragma public;
+        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+    }
+
+    #error_page  403 /error/404.html;
+    #error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl
new file mode 100644
index 00000000..e3ec31de
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl
@@ -0,0 +1,81 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+            access_log off;
+    }
+
+    rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+    rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+    rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+
+    error_page 403 = /core/templates/403.php;
+    error_page 404 = /core/templates/404.php;
+
+    location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
+        deny all;
+    }
+
+    location / {
+        # The following 2 rules are only needed with webfinger
+        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+        try_files $uri $uri/ /index.php;
+
+        location ~ \.php(?:$|/) {
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            include         /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+            #fastcgi_param HTTPS on;
+            fastcgi_pass    %backend_lsnr%;
+        }
+    }
+
+    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+        expires     max;
+        # Some basic cache-control for static files to be sent to the browser
+        add_header Pragma public;
+        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+    }
+
+    #error_page  403 /error/404.html;
+    #error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl
new file mode 100644
index 00000000..1b299343
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl
@@ -0,0 +1,72 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location = /favicon.ico {
+        try_files /favicon.ico =204;
+    }
+
+    location / {
+        try_files $uri /index.php;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            valid_referers none blocked %domain_idn% %alias_idn%;
+            if ($invalid_referer)  {
+                return 444;
+            }
+            expires     max;
+        }
+
+        location ~* ^/(?:index|piwik)\.php$ {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return 404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    # Any other attempt to access PHP files returns a 404.
+    location ~* ^.+\.php$ {
+        return 404; 
+    }
+
+    # Return a 404 for all text files.
+    location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ {
+            return 404;
+        }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl
new file mode 100644
index 00000000..f94fb7de
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl
@@ -0,0 +1,69 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location = /favicon.ico {
+        try_files /favicon.ico =204;
+    }
+
+    location / {
+        try_files $uri /index.php;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            valid_referers none blocked %domain_idn% %alias_idn%;
+            if ($invalid_referer)  {
+                return 444;
+            }
+            expires     max;
+        }
+
+        location ~* ^/(?:index|piwik)\.php$ {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return 404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    # Any other attempt to access PHP files returns a 404.
+    location ~* ^.+\.php$ {
+            return 404; 
+    }
+
+    # Return a 404 for all text files.
+    location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ {
+            return 404;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl
new file mode 100644
index 00000000..d26ed9f4
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl
@@ -0,0 +1,65 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%/public;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location /installer {
+            try_files $uri $uri/ /installer/index.php?$query_string;
+        }
+
+    location / {
+        try_files $uri $uri/ /index.php;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location = /robots.txt  { access_log off; log_not_found off; }
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location ~ /\.ht        { access_log off; log_not_found off; deny all; }
+    location ~ ~$           { access_log off; log_not_found off; deny all; }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl
new file mode 100644
index 00000000..b92861b0
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl
@@ -0,0 +1,62 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%/public;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location /installer {
+            try_files $uri $uri/ /installer/index.php?$query_string;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location = /robots.txt  { access_log off; log_not_found off; }
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location ~ /\.ht        { access_log off; log_not_found off; deny all; }
+    location ~ ~$           { access_log off; log_not_found off; deny all; }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl
new file mode 100644
index 00000000..0b351000
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl
@@ -0,0 +1,88 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+     location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" {
+        deny all;
+    }
+
+    location ~ /(readme.html|license.txt) {
+        deny all;
+    }
+
+    if (!-f $request_filename){
+        rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ {
+            expires 1d;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
+            include /etc/nginx/fastcgi_params;
+        }
+
+        location /l/ {
+            rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last;
+        }
+
+        location /t/ {
+            rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last;
+        }
+
+        location /w/ {
+            rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last;
+        }
+
+        location /unsubscribe/ {
+            rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last;
+        }
+
+        location /subscribe/ {
+            rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl
new file mode 100644
index 00000000..b27b427d
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl
@@ -0,0 +1,86 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" {
+        deny all;
+    }
+
+    location ~ /(readme.html|license.txt) {
+        deny all;
+    }
+
+    if (!-f $request_filename){
+        rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ {
+            expires 1d;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
+            include /etc/nginx/fastcgi_params;
+        }
+
+        location /l/ {
+            rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last;
+        }
+
+        location /t/ {
+            rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last;
+        }
+
+        location /w/ {
+            rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last;
+        }
+
+        location /unsubscribe/ {
+            rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last;
+        }
+
+        location /subscribe/ {
+            rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl
new file mode 100644
index 00000000..f9c01e40
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl
@@ -0,0 +1,54 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl
new file mode 100644
index 00000000..a8909efb
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl
@@ -0,0 +1,51 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl
new file mode 100644
index 00000000..01dfee5b
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl
@@ -0,0 +1,66 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl
new file mode 100644
index 00000000..bccb8b3d
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl
@@ -0,0 +1,63 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl
new file mode 100644
index 00000000..a5fc46fb
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl
@@ -0,0 +1,71 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+
+        if (!-e $request_filename)
+        {
+            rewrite ^(.+)$ /index.php?q=$1 last;
+        }
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
+} 
diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl
new file mode 100644
index 00000000..39e366b7
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl
@@ -0,0 +1,67 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+        
+        if (!-e $request_filename)
+        {
+            rewrite ^(.+)$ /index.php?q=$1 last;
+        }
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/private-force-https.stpl b/install/debian/13/templates/web/nginx/private-force-https.stpl
new file mode 100644
index 00000000..bf805683
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/private-force-https.stpl
@@ -0,0 +1,40 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        auth_basic           "Restricted area";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/install/debian/13/templates/web/nginx/private-force-https.tpl b/install/debian/13/templates/web/nginx/private-force-https.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/private-force-https.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/install/debian/13/templates/web/nginx/private-hosting.sh b/install/debian/13/templates/web/nginx/private-hosting.sh
new file mode 100644
index 00000000..eeed37ef
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/private-hosting.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# Changing public_html permission
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+chmod 755 $docroot
+
+exit 0
diff --git a/install/debian/13/templates/web/nginx/private-hosting.stpl b/install/debian/13/templates/web/nginx/private-hosting.stpl
new file mode 100644
index 00000000..8e5b3f7b
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/private-hosting.stpl
@@ -0,0 +1,42 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        auth_basic           "Restricted area";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/snginx.%domain_idn%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/private-hosting.tpl b/install/debian/13/templates/web/nginx/private-hosting.tpl
new file mode 100644
index 00000000..a8ee840e
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/private-hosting.tpl
@@ -0,0 +1,38 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        auth_basic           "Restricted area";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+        proxy_pass      http://%ip%:%web_port%;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %docroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
+}
+
diff --git a/install/debian/13/templates/web/nginx/proxy_ip.tpl b/install/debian/13/templates/web/nginx/proxy_ip.tpl
new file mode 100644
index 00000000..ae195617
--- /dev/null
+++ b/install/debian/13/templates/web/nginx/proxy_ip.tpl
@@ -0,0 +1,9 @@
+server {
+    listen       %ip%:%proxy_port% default;
+    server_name  _;
+    #access_log  /var/log/nginx/%ip%.log main;
+    location / {
+        proxy_pass  http://%ip%:%web_port%;
+   }
+}
+
diff --git a/install/debian/13/templates/web/php-fpm/default.tpl b/install/debian/13/templates/web/php-fpm/default.tpl
new file mode 100644
index 00000000..209e1e43
--- /dev/null
+++ b/install/debian/13/templates/web/php-fpm/default.tpl
@@ -0,0 +1,21 @@
+[%backend%]
+listen = 127.0.0.1:%backend_port%
+listen.allowed_clients = 127.0.0.1
+
+user = %user%
+group = %user%
+
+pm = ondemand
+pm.max_children = 4
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/%user%/tmp
+php_admin_value[session.save_path] = /home/%user%/tmp
+
+env[HOSTNAME] = $HOSTNAME
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/%user%/tmp
+env[TMPDIR] = /home/%user%/tmp
+env[TEMP] = /home/%user%/tmp
diff --git a/install/debian/13/templates/web/php-fpm/no-php.tpl b/install/debian/13/templates/web/php-fpm/no-php.tpl
new file mode 100644
index 00000000..047c33ed
--- /dev/null
+++ b/install/debian/13/templates/web/php-fpm/no-php.tpl
@@ -0,0 +1,20 @@
+;[%backend%]
+;listen = /dev/null
+
+;user = %user%
+;group = %user%
+
+;listen.owner = %user%
+;listen.group = www-data
+
+;pm = ondemand
+;pm.max_children = 4
+;pm.max_requests = 4000
+;pm.process_idle_timeout = 10s
+;pm.status_path = /status
+
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /home/%user%/tmp
+;env[TMPDIR] = /home/%user%/tmp
+;env[TEMP] = /home/%user%/tmp
diff --git a/install/debian/13/templates/web/php-fpm/socket.tpl b/install/debian/13/templates/web/php-fpm/socket.tpl
new file mode 100644
index 00000000..a0151084
--- /dev/null
+++ b/install/debian/13/templates/web/php-fpm/socket.tpl
@@ -0,0 +1,24 @@
+[%backend%]
+listen = /var/run/php/%backend%.sock
+listen.allowed_clients = 127.0.0.1
+
+user = %user%
+group = %user%
+
+listen.owner = %user%
+listen.group = www-data
+
+pm = ondemand
+pm.max_children = 4
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/%user%/tmp
+php_admin_value[session.save_path] = /home/%user%/tmp
+
+env[HOSTNAME] = $HOSTNAME
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/%user%/tmp
+env[TMPDIR] = /home/%user%/tmp
+env[TEMP] = /home/%user%/tmp
diff --git a/install/debian/13/templates/web/skel/document_errors/403.html b/install/debian/13/templates/web/skel/document_errors/403.html
new file mode 100644
index 00000000..9c3f6baa
--- /dev/null
+++ b/install/debian/13/templates/web/skel/document_errors/403.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
+    <title>403 &mdash; Forbidden</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <meta name="description" content="You do not have permission to view this"/>
+    <style type="text/css">
+        body {font-size:14px; color:#777777; font-family:arial; text-align:center;}
+        h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;}
+        h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;}
+        p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }
+        div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}
+        a:link {color: #34536A;}
+        a:visited {color: #34536A;}
+        a:active {color: #34536A;}
+        a:hover {color: #34536A;}
+    </style>
+</head>
+
+<body>
+    <p><a href="http://%domain%/">%domain%</a></p>
+
+    <h1>403</h1>
+    <h2>Forbidden</h2>
+    <div>
+        Unfortunately, you do not have permission to view this
+    </div>
+</body>
+
+</html>
diff --git a/install/debian/13/templates/web/skel/document_errors/404.html b/install/debian/13/templates/web/skel/document_errors/404.html
new file mode 100644
index 00000000..2cee7708
--- /dev/null
+++ b/install/debian/13/templates/web/skel/document_errors/404.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
+    <title>404 &mdash; Not Found</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <meta name="description" content="Sorry, page not found"/>
+    <style type="text/css">
+        body {font-size:14px; color:#777777; font-family:arial; text-align:center;}
+        h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;}
+        h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;}
+        p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }
+        div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}
+        a:link {color: #34536A;}
+        a:visited {color: #34536A;}
+        a:active {color: #34536A;}
+        a:hover {color: #34536A;}
+    </style>
+</head>
+
+<body>
+    <p><a href="http://%domain%/">%domain%</a></p>
+    <h1>404</h1>
+    <h2>Page Not Found</h2>
+    <div>
+        It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved.
+        You can start again from the <a href="http://%domain%/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>.
+    </div>
+</body>
+</html>
diff --git a/install/debian/13/templates/web/skel/document_errors/50x.html b/install/debian/13/templates/web/skel/document_errors/50x.html
new file mode 100644
index 00000000..85ba648b
--- /dev/null
+++ b/install/debian/13/templates/web/skel/document_errors/50x.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
+    <title>500 &mdash; Internal Sever Error</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <meta name="description" content="Sorry, something went wrong. Internal Server Error"/>
+    <style type="text/css">
+        body {font-size:14px; color:#777777; font-family:arial; text-align:center;}
+        h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;}
+        h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;}
+        p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }
+        div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}
+        a:link {color: #34536A;}
+        a:visited {color: #34536A;}
+        a:active {color: #34536A;}
+        a:hover {color: #34536A;}
+    </style>
+</head>
+
+<body>
+    <p><a href="http://%domain%/">%domain%</a></p>
+
+    <h1>500</h1>
+    <h2>Internal Server Error</h2>
+    <div>
+        Sorry, something went wrong :(
+    </div>
+</body>
+
+</html>
diff --git a/install/debian/13/templates/web/skel/public_html/index.html b/install/debian/13/templates/web/skel/public_html/index.html
new file mode 100644
index 00000000..c2895cf2
--- /dev/null
+++ b/install/debian/13/templates/web/skel/public_html/index.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
+    <title>%domain% &mdash; Coming Soon</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <meta name="description" content="This is a default index page for a new domain."/>
+    <style type="text/css">
+        body {font-size:10px; color:#777777; font-family:arial; text-align:center;}
+        h1 {font-size:64px; color:#555555; margin: 70px 0 50px 0;}
+        p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }
+        div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}
+        a:link {color: #34536A;}
+        a:visited {color: #34536A;}
+        a:active {color: #34536A;}
+        a:hover {color: #34536A;}
+    </style>
+</head>
+
+<body>
+    <h1>%domain%</h1>
+    <div>
+        <a href="https://www.myvestacp.com/">Powered by myVesta</a>
+    </div>
+</body>
+
+</html>
+
diff --git a/install/debian/13/templates/web/skel/public_html/robots.txt b/install/debian/13/templates/web/skel/public_html/robots.txt
new file mode 100644
index 00000000..00ee83dc
--- /dev/null
+++ b/install/debian/13/templates/web/skel/public_html/robots.txt
@@ -0,0 +1,3 @@
+# vestacp autogenerated robots.txt
+User-agent: *
+Crawl-delay: 10
diff --git a/install/debian/13/templates/web/skel/public_shtml/index.html b/install/debian/13/templates/web/skel/public_shtml/index.html
new file mode 100644
index 00000000..c2895cf2
--- /dev/null
+++ b/install/debian/13/templates/web/skel/public_shtml/index.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
+    <title>%domain% &mdash; Coming Soon</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <meta name="description" content="This is a default index page for a new domain."/>
+    <style type="text/css">
+        body {font-size:10px; color:#777777; font-family:arial; text-align:center;}
+        h1 {font-size:64px; color:#555555; margin: 70px 0 50px 0;}
+        p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }
+        div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}
+        a:link {color: #34536A;}
+        a:visited {color: #34536A;}
+        a:active {color: #34536A;}
+        a:hover {color: #34536A;}
+    </style>
+</head>
+
+<body>
+    <h1>%domain%</h1>
+    <div>
+        <a href="https://www.myvestacp.com/">Powered by myVesta</a>
+    </div>
+</body>
+
+</html>
+
diff --git a/install/debian/13/templates/web/skel/public_shtml/robots.txt b/install/debian/13/templates/web/skel/public_shtml/robots.txt
new file mode 100644
index 00000000..00ee83dc
--- /dev/null
+++ b/install/debian/13/templates/web/skel/public_shtml/robots.txt
@@ -0,0 +1,3 @@
+# vestacp autogenerated robots.txt
+User-agent: *
+Crawl-delay: 10
diff --git a/install/debian/13/templates/web/suspend/.htaccess b/install/debian/13/templates/web/suspend/.htaccess
new file mode 100644
index 00000000..5a6df83f
--- /dev/null
+++ b/install/debian/13/templates/web/suspend/.htaccess
@@ -0,0 +1,2 @@
+ErrorDocument 403 /index.html
+ErrorDocument 404 /index.html
diff --git a/install/debian/13/templates/web/suspend/index.html b/install/debian/13/templates/web/suspend/index.html
new file mode 100644
index 00000000..3815354d
--- /dev/null
+++ b/install/debian/13/templates/web/suspend/index.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
+    <title>Website Suspended</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <meta name="description" content="This website has been suspended."/>
+    <style type="text/css">
+        body {font-size:14px; color:#777777; font-family:arial; text-align:center;}
+        h1 {font-size:84px; color:#99A7AF; margin: 70px 0 0 0;}
+        h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: 15px 0 25px;}
+        p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }
+        div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}
+        a:link {color: #34536A;}
+        a:visited {color: #34536A;}
+        a:active {color: #34536A;}
+        a:hover {color: #34536A;}
+    </style>
+</head>
+<body>
+    <h1>Temporary under construction</h1>
+    <h2>This website is temporary under construction.</h2>
+    <div>
+        We will back again soon.
+    </div>
+</body>
+</html>
diff --git a/install/debian/13/templates/web/webalizer/webalizer.tpl b/install/debian/13/templates/web/webalizer/webalizer.tpl
new file mode 100644
index 00000000..068adcfb
--- /dev/null
+++ b/install/debian/13/templates/web/webalizer/webalizer.tpl
@@ -0,0 +1,110 @@
+HostName         %domain_idn%
+LogFile          /var/log/%web_system%/domains/%domain%.log
+OutputDir        %home%/%user%/web/%domain%/stats
+HistoryName      %home%/%user%/web/%domain%/stats/%domain%.hist
+Incremental      yes
+IncrementalName  %home%/%user%/web/%domain%/stats/%domain%.current
+PageType         htm*
+PageType         cgi
+PageType         php
+PageType         shtml
+DNSCache         /var/lib/webalizer/dns_cache.db
+DNSChildren      10
+Quiet            yes
+FoldSeqErr       yes
+IndexAlias       index.php
+HideURL          *.gif
+HideURL          *.GIF
+HideURL          *.jpg
+HideURL          *.JPG
+HideURL          *.png
+HideURL          *.PNG
+HideURL          *.ra
+SearchEngine     abcsearch.          terms=
+SearchEngine     alexa.              q=
+SearchEngine     alltheweb.          q=
+SearchEngine     alltheweb.          query=
+SearchEngine     alot.               q=
+SearchEngine     altavista.          q=
+SearchEngine     aolsearch.          query=
+SearchEngine     aport.ru            r=
+SearchEngine     ask.                q=
+SearchEngine     atlas.cz            q=
+SearchEngine     bbc.                q=
+SearchEngine     bing.               q=
+SearchEngine     blingo.             q=
+SearchEngine     blogs.yandex.ru     text=
+SearchEngine     btopenworld         query=
+SearchEngine     buscador.ya.com     q=
+SearchEngine     busca.              q=
+SearchEngine     business.           query=
+SearchEngine     centrum.cz          q=
+SearchEngine     chiff.              q=
+SearchEngine     clusty.             query=
+SearchEngine     comcast.            q=
+SearchEngine     crawler.            q=
+SearchEngine     cuil.               q=
+SearchEngine     dmoz.               search=
+SearchEngine     dogpile.com         q=
+SearchEngine     dpxml               qkw=
+SearchEngine     eureka.             searchword=
+SearchEngine     euroseek.           string=
+SearchEngine     exalead.            q=
+SearchEngine     excite              search=
+SearchEngine     ezilon.             q=
+SearchEngine     fastbrowsersearch.  q=
+SearchEngine     feedster.com        q=
+SearchEngine     fireball.de         q=
+SearchEngine     fireball.           keyword=
+SearchEngine     freeserve.          q=
+SearchEngine     gigablast.          q=
+SearchEngine     gogo.ru             q=
+SearchEngine     go.mail.ru          q=
+SearchEngine     google.             q=
+SearchEngine     hakia.              q=
+SearchEngine     hotbot.             query=
+SearchEngine     infoseek.           qt=
+SearchEngine     iwon                searchfor=
+SearchEngine     ixquick.com         query=
+SearchEngine     joeant.             keywords=
+SearchEngine     jyxo.cz             s=
+SearchEngine     looksmart.          key=
+SearchEngine     lycos.              query=
+SearchEngine     mamma.              q=
+SearchEngine     metacrawler         q=
+SearchEngine     msn.                MT=
+SearchEngine     msxml               qkw=
+SearchEngine     mysearch.           searchfor=
+SearchEngine     mywebsearch.        searchfor=
+SearchEngine     netscape.           q=
+SearchEngine     nigma.ru            q=
+SearchEngine     northernlight.      qr=
+SearchEngine     ntlworld.           q=
+SearchEngine     orange.             q=
+SearchEngine     overture.           Keywords=
+SearchEngine     punto.ru            text=
+SearchEngine     rambler.            keyword=
+SearchEngine     search.aol.         q=
+SearchEngine     search.babylon.     q=
+SearchEngine     search.centrum.     phrase=
+SearchEngine     search.conduit.     q=
+SearchEngine     search.earthlink    q=
+SearchEngine     search.icq.         q=
+SearchEngine     search.live.com     q=
+SearchEngine     search.rambler.ru   words=
+SearchEngine     search.winamp.      q=
+SearchEngine     searchy.            q=
+SearchEngine     seznam.cz           w=
+SearchEngine     snap.               query=
+SearchEngine     teoma.              q=
+SearchEngine     teradex.com         q=
+SearchEngine     ukplus              key=
+SearchEngine     verizon.            q=
+SearchEngine     virginmedia.        q=
+SearchEngine     voila.              rdata=
+SearchEngine     webcrawler          searchText=
+SearchEngine     web.search.naver.   query=
+SearchEngine     wisenut             q=
+SearchEngine     yahoo.              p=
+SearchEngine     yandex.             text=
+SearchEngine     yodao.              q=
diff --git a/install/debian/13/vsftpd/vsftpd.conf b/install/debian/13/vsftpd/vsftpd.conf
new file mode 100644
index 00000000..1ca1a992
--- /dev/null
+++ b/install/debian/13/vsftpd/vsftpd.conf
@@ -0,0 +1,26 @@
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+local_umask=022
+anon_umask=022
+anon_upload_enable=NO
+dirmessage_enable=YES
+xferlog_enable=YES
+connect_from_port_20=YES
+xferlog_std_format=YES
+dual_log_enable=YES
+chroot_local_user=YES
+listen=YES
+pam_service_name=vsftpd
+userlist_enable=NO
+tcp_wrappers=YES
+force_dot_files=YES
+ascii_upload_enable=YES
+ascii_download_enable=YES
+#allow_writable_chroot=YES
+allow_writeable_chroot=YES
+seccomp_sandbox=NO
+pasv_enable=YES
+pasv_max_port=12100
+pasv_min_port=12000
+use_localtime=YES
diff --git a/install/debian/8/exim/dnsbl.conf b/install/debian/8/exim/dnsbl.conf
index 5166b255..279bafcd 100644
--- a/install/debian/8/exim/dnsbl.conf
+++ b/install/debian/8/exim/dnsbl.conf
@@ -1,2 +1 @@
 bl.spamcop.net
-zen.spamhaus.org
diff --git a/install/debian/8/templates/web/awstats/awstats.tpl b/install/debian/8/templates/web/awstats/awstats.tpl
index 9a92e0fd..6bb51c50 100755
--- a/install/debian/8/templates/web/awstats/awstats.tpl
+++ b/install/debian/8/templates/web/awstats/awstats.tpl
@@ -24,7 +24,7 @@ PurgeLogFile=0
 ArchiveLogRecords=0
 KeepBackupOfHistoricFiles=1
 DefaultFile="index.php index.html"
-SkipHosts="127.0.0.1
+SkipHosts="127.0.0.1"
 SkipUserAgents=""
 SkipFiles=""
 SkipReferrersBlackList=""
diff --git a/install/debian/9/exim/dnsbl.conf b/install/debian/9/exim/dnsbl.conf
index 5166b255..279bafcd 100644
--- a/install/debian/9/exim/dnsbl.conf
+++ b/install/debian/9/exim/dnsbl.conf
@@ -1,2 +1 @@
 bl.spamcop.net
-zen.spamhaus.org
diff --git a/install/debian/9/templates/web/awstats/awstats.tpl b/install/debian/9/templates/web/awstats/awstats.tpl
index 9a92e0fd..6bb51c50 100755
--- a/install/debian/9/templates/web/awstats/awstats.tpl
+++ b/install/debian/9/templates/web/awstats/awstats.tpl
@@ -24,7 +24,7 @@ PurgeLogFile=0
 ArchiveLogRecords=0
 KeepBackupOfHistoricFiles=1
 DefaultFile="index.php index.html"
-SkipHosts="127.0.0.1
+SkipHosts="127.0.0.1"
 SkipUserAgents=""
 SkipFiles=""
 SkipReferrersBlackList=""
diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh
index e7c9a0a9..98887225 100755
--- a/install/vst-install-debian.sh
+++ b/install/vst-install-debian.sh
@@ -20,14 +20,26 @@ codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
 vestacp="$VESTA/install/$VERSION/$release"
 ARCH="amd64"
 
-if [ "$release" -eq 12 ]; then
+if [ "$release" -eq 13 ]; then
     software="nginx apache2 apache2-utils
         libapache2-mod-fcgid php-fpm php
         php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats
         vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy
         clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core
         roundcube-mysql roundcube-plugins mariadb-server mariadb-common
-        mariadb-client postgresql postgresql-contrib phppgadmin phpmyadmin mc
+        mariadb-client postgresql postgresql-contrib phpmyadmin mc
+        flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota
+        e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils
+        bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl
+        unrar-free vim-common net-tools unzip iptables xxd spamd"
+elif [ "$release" -eq 12 ]; then
+    software="nginx apache2 apache2-utils
+        libapache2-mod-fcgid php-fpm php
+        php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats
+        vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy
+        clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core
+        roundcube-mysql roundcube-plugins mariadb-server mariadb-common
+        mariadb-client postgresql postgresql-contrib phpmyadmin mc
         flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota
         e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils
         bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl
@@ -131,7 +143,11 @@ help() {
 # Defining password-gen function
 gen_pass() {
     MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
-    LENGTH=32
+    if [ -z "$1" ]; then
+        LENGTH=32
+    else
+        LENGTH=$1
+    fi
     while [ ${n:=1} -le $LENGTH ]; do
         PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
         let n+=1
@@ -286,7 +302,7 @@ set_default_value 'postgresql' 'no'
 set_default_value 'mongodb' 'no'
 set_default_value 'exim' 'yes'
 set_default_value 'dovecot' 'yes'
-if [ $memory -lt 1500000 ]; then
+if [ $memory -lt 2500000 ]; then
     set_default_value 'clamd' 'no'
     set_default_value 'spamd' 'no'
 else
@@ -487,10 +503,16 @@ echo -e "\n\n"
 
 # Asking for confirmation to proceed
 if [ "$interactive" = 'yes' ]; then
-    read -p 'Would you like to continue [y/n]: ' answer
-    if [ "$answer" != 'y' ] && [ "$answer" != 'Y'  ]; then
-        echo 'Goodbye'
-        exit 1
+    prompt_to_continue=1;
+    if [ ! -z "$email" ] && [ ! -z "$secret_url" ] && [ ! -z "$port" ] && [ ! -z "$servername" ]; then
+        prompt_to_continue=0;
+    fi
+    if [ $prompt_to_continue -eq 1 ]; then
+        read -p 'Would you like to continue [y/n]: ' answer
+        if [ "$answer" != 'y' ] && [ "$answer" != 'Y'  ]; then
+            echo 'Goodbye'
+            exit 1
+        fi
     fi
 
     # Asking for contact email
@@ -749,31 +771,37 @@ if [ "$mysql" = 'no' ]; then
 fi
 if [ "$mysql8" = 'yes' ]; then
     echo "=== Preparing MySQL 8 apt repo"
-    software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//')
-    software=$(echo "$software" | sed -e 's/exim4//')
-    #software="$software php-mysql roundcube-mysql"
-    echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list
-    echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list
-    echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list
-    echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list
-    echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list
-    echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list
-    echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list
-    echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list
-
-    # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29
-    key="467B942D3A79BD29"
-    readonly key
-    GNUPGHOME="$(mktemp -d)"
-    export GNUPGHOME
-    for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80)
-    do
-        gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break
-    done
-    gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg
-    gpgconf --kill all
-    rm -rf "${GNUPGHOME}"
-    unset GNUPGHOME
+    if [ "$release" -lt 12 ]; then
+	    software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//')
+	    software=$(echo "$software" | sed -e 's/exim4//')
+	    #software="$software php-mysql roundcube-mysql"
+	    echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list
+	    echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list
+	    echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list
+	    echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list
+	    echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list
+	    echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list
+	    echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list
+	    echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list
+	
+	    # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29
+	    key="467B942D3A79BD29"
+	    readonly key
+	    GNUPGHOME="$(mktemp -d)"
+	    export GNUPGHOME
+	    for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80)
+	    do
+	        gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break
+	    done
+	    gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg
+	    gpgconf --kill all
+	    rm -rf "${GNUPGHOME}"
+	    unset GNUPGHOME
+     else
+            # check latest on: https://dev.mysql.com/downloads/repo/apt/
+	    wget https://dev.mysql.com/get/mysql-apt-config_0.8.34-1_all.deb
+            dpkg -i mysql-apt-config_0.8.34-1_all.deb
+     fi
     
     mpass=$(gen_pass)
     debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass"
@@ -1067,6 +1095,22 @@ if [ "$release" -eq 12 ]; then
     ln  -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl
     ln  -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl
 fi
+if [ "$release" -eq 13 ]; then
+    echo "== Symlink missing templates"
+    ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh
+    ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl
+    ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl
+
+    ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh
+    ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl
+    ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl
+    ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/default.sh
+    ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl
+    ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl
+    
+    ln  -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.stpl
+    ln  -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.tpl
+fi
 
 echo "== Set nameservers address"
 sed -i "s/YOURHOSTNAME1/ns1.$servername/" /usr/local/vesta/data/packages/default.pkg
@@ -1118,7 +1162,9 @@ if [ "$nginx" = 'yes' ]; then
     cp -f $vestacp/nginx/nginx.conf /etc/nginx/
     cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/
     cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/
-    cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/
+    if [ "$release" -lt 12 ]; then
+        cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/
+    fi
     cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/
     cp -f $vestacp/logrotate/nginx /etc/logrotate.d/
     
@@ -1127,6 +1173,13 @@ if [ "$nginx" = 'yes' ]; then
     
     echo > /etc/nginx/conf.d/vesta.conf
     mkdir -p /var/log/nginx/domains
+
+    if [ "$apache" = 'yes'  ]; then
+        # SSL fix for Apache 2.4.65+
+        echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf
+        touch /usr/local/vesta/data/upgrades/fixssl.conf
+    fi
+
     #update-rc.d nginx defaults
     #service nginx start
     currentservice='nginx'
@@ -1182,7 +1235,13 @@ fi
 
 if [ "$phpfpm" = 'yes' ]; then
     echo "=== Configure PHP-FPM"
-    if [ "$release" -eq 12 ]; then
+    if [ "$release" -eq 13 ]; then
+        cp -f $vestacp/php-fpm/www.conf /etc/php/8.4/fpm/pool.d/www.conf
+        #update-rc.d php8.4-fpm defaults
+        currentservice='php8.4-fpm'
+        ensure_startup $currentservice
+        ensure_start $currentservice
+    elif [ "$release" -eq 12 ]; then
         cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf
         #update-rc.d php8.2-fpm defaults
         currentservice='php8.2-fpm'
@@ -1364,6 +1423,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then
       bash /root/phpmyadmin/pma.sh
       blowfish=$(gen_pass)
       echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php
+
+      # disable root login
+      echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php
   fi
   if [ "$release" -gt 10 ]; then
       echo "=== Configure phpMyAdmin (Debian11 custom part)"
@@ -1381,6 +1443,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then
       bash /root/phpmyadmin/pma.sh
       blowfish=$(gen_pass)
       echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php
+
+      # disable root login
+      echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php
   fi
 fi
 
@@ -1398,10 +1463,12 @@ if [ "$postgresql" = 'yes' ]; then
     sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
 
     # Configuring phpPgAdmin
-    if [ "$apache" = 'yes' ]; then
-        cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/
+    if [ "$release" -lt 12 ]; then
+        if [ "$apache" = 'yes' ]; then
+            cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/
+        fi
+        cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/
     fi
-    cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/
 fi
 
 
@@ -1422,7 +1489,7 @@ if [ "$named" = 'yes' ]; then
       sed -i "s#/etc/bind/\*\* r,#/etc/bind/\*\* rw,\n  /home/\*\* rwm,#g" /etc/apparmor.d/usr.sbin.named
       # service apparmor status >/dev/null 2>&1
       # if [ $? -ne 0 ]; then
-          service apparmor restart
+          systemctl restart apparmor
       # fi
     fi
     # update-rc.d bind9 defaults
@@ -1455,6 +1522,12 @@ if [ "$exim" = 'yes' ]; then
         sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
     fi
 
+    # Generating SRS KEY - the code is taken from HestiaCP
+    srs=$(gen_pass 16)
+    echo $srs > /etc/exim4/srs.conf
+    chmod 640 /etc/exim4/srs.conf
+    chown root:Debian-exim /etc/exim4/srs.conf
+
     chmod 640 /etc/exim4/exim4.conf.template
     rm -rf /etc/exim4/domains
     mkdir -p /etc/exim4/domains
@@ -1469,7 +1542,8 @@ if [ "$exim" = 'yes' ]; then
     #update-rc.d exim4 defaults
     currentservice='exim4'
     ensure_startup $currentservice
-    ensure_start $currentservice
+    systemctl restart $currentservice
+    # ensure_start $currentservice
 fi
 
 
@@ -1554,6 +1628,15 @@ if [ "$spamd" = 'yes' ]; then
     echo "=== Patching spamassassin dns_server"
     sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf
 
+    echo "== Adding myVesta rules to SpamAssassin"
+    cat <<EOF > /etc/spamassassin/myvesta.cf
+score RCVD_IN_RP_SAFE 0
+score RCVD_IN_RP_CERTIFIED 0
+score SPF_FAIL 3.0
+score SPF_SOFTFAIL 4.0
+score SPF_NONE 4.0
+EOF
+
     wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf
     ensure_startup $currentservice
     systemctl restart $currentservice
@@ -1663,6 +1746,20 @@ if [ "$fail2ban" = 'yes' ]; then
 		chmod 640 /var/log/auth.log
 		chown root:adm /var/log/auth.log
 	fi
+    if [ "$proftpd" = 'yes' ]; then
+        cat <<EOF >> /etc/fail2ban/jail.local
+
+[proftpd]
+enabled = true
+filter = proftpd
+action = vesta[name=FTP]
+port = ftp,ftp-data,ftps,ftps-data
+logpath = %(proftpd_log)s
+backend = %(proftpd_backend)s
+maxretry = 5
+EOF
+    fi
+
     #update-rc.d fail2ban defaults
     currentservice='fail2ban'
     ensure_startup $currentservice
@@ -1822,6 +1919,20 @@ if [ "$release" -eq 12 ]; then
     /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes'
   fi
 fi
+if [ "$release" -eq 13 ]; then
+  if [ -f "/etc/php/8.4/fpm/pool.d/$servername.conf" ]; then
+    echo "== FPM pool.d $servername tweaks"
+    sed -i "/^group =/c\group = www-data" /etc/php/8.4/fpm/pool.d/$servername.conf
+    sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.4/fpm/pool.d/$servername.conf
+    sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.4/fpm/pool.d/$servername.conf
+    sed -i "s|80M|800M|g" /etc/php/8.4/fpm/pool.d/$servername.conf
+    sed -i "s|256M|512M|g" /etc/php/8.4/fpm/pool.d/$servername.conf
+    service php8.4-fpm restart
+    ln -s /var/lib/roundcube /var/lib/roundcube/webmail
+    /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes'
+  fi
+fi
+
 
 echo "== Adding cron jobs"
 command="sudo $VESTA/bin/v-update-sys-queue disk"
@@ -1838,7 +1949,13 @@ command="sudo $VESTA/bin/v-update-user-stats"
 $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
 command="sudo $VESTA/bin/v-update-sys-rrd"
 $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-service cron restart
+command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php"
+$VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command"
+command="sudo $VESTA/bin/v-df-snapshot-make"
+$VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command"
+command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner"
+$VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command"
+systemctl restart cron.service
 
 echo "== Building inititall rrd images"
 $VESTA/bin/v-update-sys-rrd
@@ -1884,6 +2001,9 @@ fi
 if [ "$release" -eq 12 ]; then
   apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap
 fi
+if [ "$release" -eq 13 ]; then
+  apt-get -y install php8.4-apcu php8.4-mbstring php8.4-bcmath php8.4-curl php8.4-gd php8.4-intl php8.4-mysql php8.4-mysqlnd php8.4-pdo php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-zip php8.4-imagick php8.4-imap
+fi
 
 touch /var/log/php-mail.log
 chmod a=rw /var/log/php-mail.log
@@ -1939,6 +2059,13 @@ if [ "$release" -eq 12 ]; then
   service php8.2-fpm restart
 fi
 
+if [ "$release" -eq 13 ]; then
+  echo "=== Patching php8.4"
+  patch /etc/php/8.4/fpm/php.ini < /usr/local/vesta/src/deb/for-download/tools/patches/php8.2.patch
+  update-alternatives --set php /usr/bin/php8.4
+  service php8.4-fpm restart
+fi
+
 # echo "=== Patching rcube_vcard.php"
 # wget -nv https://c.myvestacp.com/tools/patches/rcube_vcard.patch -O /root/rcube_vcard.patch
 # patch /usr/share/roundcube/program/lib/Roundcube/rcube_vcard.php < /root/rcube_vcard.patch
@@ -2016,6 +2143,9 @@ touch /usr/local/vesta/data/upgrades/enable_cookie_httponly
 touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply
 touch /usr/local/vesta/data/upgrades/freshclam_start
 touch /usr/local/vesta/data/upgrades/barracuda_rbl
+touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed
+touch /usr/local/vesta/data/upgrades/v-df-snapshot-make
+touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php
 
 # Secret URL
 secretquery=''
@@ -2030,18 +2160,24 @@ if [ "$port" != "8083" ]; then
     $VESTA/bin/v-change-vesta-port $port
 fi
 
-echo "=== Set URL for phpmyadmin"
 echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf
 if [ "$release" -gt 9 ]; then
     echo "=== Set max_length_of_MySQL_username=80"
+    echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf
 fi
-echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf
 echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf
 echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf
-echo "================================================================"
+echo "=== Adding FileManager license to vesta.conf"
+echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf
 
 # Removing old PHP sessions files
-crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -
+touch /var/spool/cron/crontabs/root
+echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;" >> /var/spool/cron/crontabs/root
+
+if [ -f "/root/.bash_profile" ]; then
+    echo "=== Adding v-cd-www alias to root bash profile"
+    echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile
+fi
 
 #----------------------------------------------------------#
 #                  myVesta Access Info                     #
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh
new file mode 100644
index 00000000..f5e7c6fd
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh
@@ -0,0 +1,126 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php8.3-fpm-$2.sock
+listen.owner = $1
+listen.group = $1
+listen.mode = 0666
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+request_terminate_timeout = 360s
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube
+php_admin_value[upload_max_filesize] = 800M
+php_admin_value[max_execution_time] = 300
+php_admin_value[post_max_size] = 800M
+php_admin_value[memory_limit] = 512M
+php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\"
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf"
+pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf"
+pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf"
+pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    systemctl reset-failed php5.6-fpm
+    systemctl restart php5.6-fpm
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    systemctl reset-failed php7.0-fpm
+    systemctl restart php7.0-fpm
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    systemctl reset-failed php7.1-fpm
+    systemctl restart php7.1-fpm
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    systemctl reset-failed php7.2-fpm
+    systemctl restart php7.2-fpm
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    systemctl reset-failed php7.3-fpm
+    systemctl restart php7.3-fpm
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    systemctl reset-failed php7.4-fpm
+    systemctl restart php7.4-fpm
+fi
+
+if [ -f "$pool_file_80" ]; then
+    rm $pool_file_80
+    systemctl reset-failed php8.0-fpm
+    systemctl restart php8.0-fpm
+fi
+
+if [ -f "$pool_file_81" ]; then
+    rm $pool_file_81
+    systemctl reset-failed php8.1-fpm
+    systemctl restart php8.1-fpm
+fi
+
+if [ -f "$pool_file_82" ]; then
+    rm $pool_file_82
+    systemctl reset-failed php8.2-fpm
+    systemctl restart php8.2-fpm
+fi
+
+write_file=0
+if [ ! -f "$pool_file_83" ]; then
+  write_file=1
+else
+  user_count=$(grep -c "/home/$1/" $pool_file_83)
+  if [ $user_count -eq 0 ]; then
+    write_file=1
+  fi
+fi
+if [ $write_file -eq 1 ]; then
+    echo "$pool_conf" > $pool_file_83
+    systemctl reset-failed php8.3-fpm
+    systemctl restart php8.3-fpm
+fi
+if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then
+    rm /etc/php/8.3/fpm/pool.d/www.conf
+fi
+
+exit 0
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl
new file mode 100644
index 00000000..cceed0ee
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl
@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%/public
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl
new file mode 100644
index 00000000..ac952817
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl
@@ -0,0 +1,30 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%/public
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh
new file mode 100644
index 00000000..f5e7c6fd
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh
@@ -0,0 +1,126 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php8.3-fpm-$2.sock
+listen.owner = $1
+listen.group = $1
+listen.mode = 0666
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+request_terminate_timeout = 360s
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube
+php_admin_value[upload_max_filesize] = 800M
+php_admin_value[max_execution_time] = 300
+php_admin_value[post_max_size] = 800M
+php_admin_value[memory_limit] = 512M
+php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\"
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf"
+pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf"
+pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf"
+pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    systemctl reset-failed php5.6-fpm
+    systemctl restart php5.6-fpm
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    systemctl reset-failed php7.0-fpm
+    systemctl restart php7.0-fpm
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    systemctl reset-failed php7.1-fpm
+    systemctl restart php7.1-fpm
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    systemctl reset-failed php7.2-fpm
+    systemctl restart php7.2-fpm
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    systemctl reset-failed php7.3-fpm
+    systemctl restart php7.3-fpm
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    systemctl reset-failed php7.4-fpm
+    systemctl restart php7.4-fpm
+fi
+
+if [ -f "$pool_file_80" ]; then
+    rm $pool_file_80
+    systemctl reset-failed php8.0-fpm
+    systemctl restart php8.0-fpm
+fi
+
+if [ -f "$pool_file_81" ]; then
+    rm $pool_file_81
+    systemctl reset-failed php8.1-fpm
+    systemctl restart php8.1-fpm
+fi
+
+if [ -f "$pool_file_82" ]; then
+    rm $pool_file_82
+    systemctl reset-failed php8.2-fpm
+    systemctl restart php8.2-fpm
+fi
+
+write_file=0
+if [ ! -f "$pool_file_83" ]; then
+  write_file=1
+else
+  user_count=$(grep -c "/home/$1/" $pool_file_83)
+  if [ $user_count -eq 0 ]; then
+    write_file=1
+  fi
+fi
+if [ $write_file -eq 1 ]; then
+    echo "$pool_conf" > $pool_file_83
+    systemctl reset-failed php8.3-fpm
+    systemctl restart php8.3-fpm
+fi
+if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then
+    rm /etc/php/8.3/fpm/pool.d/www.conf
+fi
+
+exit 0
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl
new file mode 100644
index 00000000..f043bfa8
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl
@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl
new file mode 100644
index 00000000..9b5bf916
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl
@@ -0,0 +1,30 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh
new file mode 100644
index 00000000..cbea2de9
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh
@@ -0,0 +1,133 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php8.4-fpm-$2.sock
+listen.owner = $1
+listen.group = $1
+listen.mode = 0666
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+request_terminate_timeout = 360s
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube
+php_admin_value[upload_max_filesize] = 800M
+php_admin_value[max_execution_time] = 300
+php_admin_value[post_max_size] = 800M
+php_admin_value[memory_limit] = 512M
+php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\"
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf"
+pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf"
+pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf"
+pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf"
+pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    systemctl reset-failed php5.6-fpm
+    systemctl restart php5.6-fpm
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    systemctl reset-failed php7.0-fpm
+    systemctl restart php7.0-fpm
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    systemctl reset-failed php7.1-fpm
+    systemctl restart php7.1-fpm
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    systemctl reset-failed php7.2-fpm
+    systemctl restart php7.2-fpm
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    systemctl reset-failed php7.3-fpm
+    systemctl restart php7.3-fpm
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    systemctl reset-failed php7.4-fpm
+    systemctl restart php7.4-fpm
+fi
+
+if [ -f "$pool_file_80" ]; then
+    rm $pool_file_80
+    systemctl reset-failed php8.0-fpm
+    systemctl restart php8.0-fpm
+fi
+
+if [ -f "$pool_file_81" ]; then
+    rm $pool_file_81
+    systemctl reset-failed php8.1-fpm
+    systemctl restart php8.1-fpm
+fi
+
+if [ -f "$pool_file_82" ]; then
+    rm $pool_file_82
+    systemctl reset-failed php8.2-fpm
+    systemctl restart php8.2-fpm
+fi
+
+if [ -f "$pool_file_83" ]; then
+    rm $pool_file_83
+    systemctl reset-failed php8.3-fpm
+    systemctl restart php8.3-fpm
+fi
+
+write_file=0
+if [ ! -f "$pool_file_84" ]; then
+  write_file=1
+else
+  user_count=$(grep -c "/home/$1/" $pool_file_84)
+  if [ $user_count -eq 0 ]; then
+    write_file=1
+  fi
+fi
+if [ $write_file -eq 1 ]; then
+    echo "$pool_conf" > $pool_file_84
+    systemctl reset-failed php8.4-fpm
+    systemctl restart php8.4-fpm
+fi
+if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then
+    rm /etc/php/8.4/fpm/pool.d/www.conf
+fi
+
+exit 0
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl
new file mode 100644
index 00000000..91e05b17
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl
@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%/public
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl
new file mode 100644
index 00000000..94acbf15
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl
@@ -0,0 +1,30 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%/public
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh
new file mode 100644
index 00000000..cbea2de9
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh
@@ -0,0 +1,133 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php8.4-fpm-$2.sock
+listen.owner = $1
+listen.group = $1
+listen.mode = 0666
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+request_terminate_timeout = 360s
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube
+php_admin_value[upload_max_filesize] = 800M
+php_admin_value[max_execution_time] = 300
+php_admin_value[post_max_size] = 800M
+php_admin_value[memory_limit] = 512M
+php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\"
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf"
+pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf"
+pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf"
+pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf"
+pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    systemctl reset-failed php5.6-fpm
+    systemctl restart php5.6-fpm
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    systemctl reset-failed php7.0-fpm
+    systemctl restart php7.0-fpm
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    systemctl reset-failed php7.1-fpm
+    systemctl restart php7.1-fpm
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    systemctl reset-failed php7.2-fpm
+    systemctl restart php7.2-fpm
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    systemctl reset-failed php7.3-fpm
+    systemctl restart php7.3-fpm
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    systemctl reset-failed php7.4-fpm
+    systemctl restart php7.4-fpm
+fi
+
+if [ -f "$pool_file_80" ]; then
+    rm $pool_file_80
+    systemctl reset-failed php8.0-fpm
+    systemctl restart php8.0-fpm
+fi
+
+if [ -f "$pool_file_81" ]; then
+    rm $pool_file_81
+    systemctl reset-failed php8.1-fpm
+    systemctl restart php8.1-fpm
+fi
+
+if [ -f "$pool_file_82" ]; then
+    rm $pool_file_82
+    systemctl reset-failed php8.2-fpm
+    systemctl restart php8.2-fpm
+fi
+
+if [ -f "$pool_file_83" ]; then
+    rm $pool_file_83
+    systemctl reset-failed php8.3-fpm
+    systemctl restart php8.3-fpm
+fi
+
+write_file=0
+if [ ! -f "$pool_file_84" ]; then
+  write_file=1
+else
+  user_count=$(grep -c "/home/$1/" $pool_file_84)
+  if [ $user_count -eq 0 ]; then
+    write_file=1
+  fi
+fi
+if [ $write_file -eq 1 ]; then
+    echo "$pool_conf" > $pool_file_84
+    systemctl reset-failed php8.4-fpm
+    systemctl restart php8.4-fpm
+fi
+if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then
+    rm /etc/php/8.4/fpm/pool.d/www.conf
+fi
+
+exit 0
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl
new file mode 100644
index 00000000..848abf7c
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl
@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl
new file mode 100644
index 00000000..065c1f89
--- /dev/null
+++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl
@@ -0,0 +1,30 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf*
+
+</VirtualHost>
+
diff --git a/src/deb/for-download/tools/default-pool.d/8.3/www.conf b/src/deb/for-download/tools/default-pool.d/8.3/www.conf
new file mode 100644
index 00000000..f18939a3
--- /dev/null
+++ b/src/deb/for-download/tools/default-pool.d/8.3/www.conf
@@ -0,0 +1,490 @@
+; Start a new pool named 'www'.
+; the variable $pool can be used in any directive and will be replaced by the
+; pool name ('www' here)
+[www]
+
+; Per pool prefix
+; It only applies on the following directives:
+; - 'access.log'
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /usr) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+
+; Unix user/group of the child processes. This can be used only if the master
+; process running user is root. It is set after the child process is created.
+; The user and group can be specified either by their name or by their numeric
+; IDs.
+; Note: If the user is root, the executable needs to be started with
+;       --allow-to-run-as-root option to work.
+; Default Values: The user is set to master process running user by default.
+;                 If the group is not set, the user's group is used.
+user = www-data
+group = www-data
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /run/php/php8.3-fpm.sock
+
+; Set listen(2) backlog.
+; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
+;listen.backlog = 511
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions. The owner
+; and group can be specified either by name or by their numeric IDs.
+; Default Values: Owner is set to the master process running user. If the group
+;                 is not set, the owner's group is used. Mode is set to 0660.
+listen.owner = www-data
+listen.group = www-data
+;listen.mode = 0660
+
+; When POSIX Access Control Lists are supported you can set them using
+; these options, value is a comma separated list of user/group names.
+; When set, listen.owner and listen.group are ignored
+;listen.acl_users =
+;listen.acl_groups =
+
+; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+; must be separated by a comma. If this value is left blank, connections will be
+; accepted from any ip address.
+; Default Value: any
+;listen.allowed_clients = 127.0.0.1
+
+; Set the associated the route table (FIB). FreeBSD only
+; Default Value: -1
+;listen.setfib = 1
+
+; Specify the nice(2) priority to apply to the pool processes (only if set)
+; The value can vary from -19 (highest priority) to 20 (lower priority)
+; Note: - It will only work if the FPM master process is launched as root
+;       - The pool processes will inherit the master process priority
+;         unless it specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
+; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
+; or group is different than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static  - a fixed number (pm.max_children) of child processes;
+;   dynamic - the number of child processes are set dynamically based on the
+;             following directives. With this process management, there will be
+;             always at least 1 children.
+;             pm.max_children      - the maximum number of children that can
+;                                    be alive at the same time.
+;             pm.start_servers     - the number of children created on startup.
+;             pm.min_spare_servers - the minimum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is less than this
+;                                    number then some children will be created.
+;             pm.max_spare_servers - the maximum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is greater than this
+;                                    number then some children will be killed.
+;             pm.max_spawn_rate    - the maximum number of rate to spawn child
+;                                    processes at once.
+;  ondemand - no children are created at startup. Children will be forked when
+;             new requests will connect. The following parameter are used:
+;             pm.max_children           - the maximum number of children that
+;                                         can be alive at the same time.
+;             pm.process_idle_timeout   - The number of seconds after which
+;                                         an idle process will be killed.
+; Note: This value is mandatory.
+pm = dynamic
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 5
+
+; The number of child processes created on startup.
+; Note: Used only when pm is set to 'dynamic'
+; Default Value: (min_spare_servers + max_spare_servers) / 2
+pm.start_servers = 2
+
+; The desired minimum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.min_spare_servers = 1
+
+; The desired maximum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.max_spare_servers = 3
+
+; The number of rate to spawn child processes at once.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+; Default Value: 32
+;pm.max_spawn_rate = 32
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+;pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+;pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page. It shows the following information:
+;   pool                 - the name of the pool;
+;   process manager      - static, dynamic or ondemand;
+;   start time           - the date and time FPM has started;
+;   start since          - number of seconds since FPM has started;
+;   accepted conn        - the number of request accepted by the pool;
+;   listen queue         - the number of request in the queue of pending
+;                          connections (see backlog in listen(2));
+;   max listen queue     - the maximum number of requests in the queue
+;                          of pending connections since FPM has started;
+;   listen queue len     - the size of the socket queue of pending connections;
+;   idle processes       - the number of idle processes;
+;   active processes     - the number of active processes;
+;   total processes      - the number of idle + active processes;
+;   max active processes - the maximum number of active processes since FPM
+;                          has started;
+;   max children reached - number of times, the process limit has been reached,
+;                          when pm tries to start more children (works only for
+;                          pm 'dynamic' and 'ondemand');
+; Value are updated in real time.
+; Example output:
+;   pool:                 www
+;   process manager:      static
+;   start time:           01/Jul/2011:17:53:49 +0200
+;   start since:          62636
+;   accepted conn:        190460
+;   listen queue:         0
+;   max listen queue:     1
+;   listen queue len:     42
+;   idle processes:       4
+;   active processes:     11
+;   total processes:      15
+;   max active processes: 12
+;   max children reached: 0
+;
+; By default the status page output is formatted as text/plain. Passing either
+; 'html', 'xml' or 'json' in the query string will return the corresponding
+; output syntax. Example:
+;   http://www.foo.bar/status
+;   http://www.foo.bar/status?json
+;   http://www.foo.bar/status?html
+;   http://www.foo.bar/status?xml
+;
+; By default the status page only outputs short status. Passing 'full' in the
+; query string will also return status for each pool process.
+; Example:
+;   http://www.foo.bar/status?full
+;   http://www.foo.bar/status?json&full
+;   http://www.foo.bar/status?html&full
+;   http://www.foo.bar/status?xml&full
+; The Full status returns for each process:
+;   pid                  - the PID of the process;
+;   state                - the state of the process (Idle, Running, ...);
+;   start time           - the date and time the process has started;
+;   start since          - the number of seconds since the process has started;
+;   requests             - the number of requests the process has served;
+;   request duration     - the duration in µs of the requests;
+;   request method       - the request method (GET, POST, ...);
+;   request URI          - the request URI with the query string;
+;   content length       - the content length of the request (only with POST);
+;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
+;   script               - the main script called (or '-' if not set);
+;   last request cpu     - the %cpu the last request consumed
+;                          it's always 0 if the process is not in Idle state
+;                          because CPU calculation is done when the request
+;                          processing has terminated;
+;   last request memory  - the max amount of memory the last request consumed
+;                          it's always 0 if the process is not in Idle state
+;                          because memory calculation is done when the request
+;                          processing has terminated;
+; If the process is in Idle state, then informations are related to the
+; last request the process has served. Otherwise informations are related to
+; the current request being served.
+; Example output:
+;   ************************
+;   pid:                  31330
+;   state:                Running
+;   start time:           01/Jul/2011:17:53:49 +0200
+;   start since:          63087
+;   requests:             12808
+;   request duration:     1250261
+;   request method:       GET
+;   request URI:          /test_mem.php?N=10000
+;   content length:       0
+;   user:                 -
+;   script:               /home/fat/web/docs/php/test_mem.php
+;   last request cpu:     0.00
+;   last request memory:  0
+;
+; Note: There is a real-time FPM status monitoring sample web page available
+;       It's available in: /usr/share/php/8.3/fpm/status.html
+;
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+;pm.status_path = /status
+
+; The address on which to accept FastCGI status request. This creates a new
+; invisible pool that can handle requests independently. This is useful
+; if the main pool is busy with long running requests because it is still possible
+; to get the status before finishing the long running requests.
+;
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Default Value: value of the listen option
+;pm.status_listen = 127.0.0.1:9001
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+;ping.path = /ping
+
+; This directive may be used to customize the response of a ping request. The
+; response is formatted as text/plain with a 200 response code.
+; Default Value: pong
+;ping.response = pong
+
+; The access log file
+; Default: not set
+;access.log = log/$pool.access.log
+
+; The access log format.
+; The following syntax is allowed
+;  %%: the '%' character
+;  %C: %CPU used by the request
+;      it can accept the following format:
+;      - %{user}C for user CPU only
+;      - %{system}C for system CPU only
+;      - %{total}C  for user + system CPU (default)
+;  %d: time taken to serve the request
+;      it can accept the following format:
+;      - %{seconds}d (default)
+;      - %{milliseconds}d
+;      - %{milli}d
+;      - %{microseconds}d
+;      - %{micro}d
+;  %e: an environment variable (same as $_ENV or $_SERVER)
+;      it must be associated with embraces to specify the name of the env
+;      variable. Some examples:
+;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
+;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
+;  %f: script filename
+;  %l: content-length of the request (for POST request only)
+;  %m: request method
+;  %M: peak of memory allocated by PHP
+;      it can accept the following format:
+;      - %{bytes}M (default)
+;      - %{kilobytes}M
+;      - %{kilo}M
+;      - %{megabytes}M
+;      - %{mega}M
+;  %n: pool name
+;  %o: output header
+;      it must be associated with embraces to specify the name of the header:
+;      - %{Content-Type}o
+;      - %{X-Powered-By}o
+;      - %{Transfert-Encoding}o
+;      - ....
+;  %p: PID of the child that serviced the request
+;  %P: PID of the parent of the child that serviced the request
+;  %q: the query string
+;  %Q: the '?' character if query string exists
+;  %r: the request URI (without the query string, see %q and %Q)
+;  %R: remote IP address
+;  %s: status (response code)
+;  %t: server time the request was received
+;      it can accept a strftime(3) format:
+;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+;  %T: time the log has been written (the request has finished)
+;      it can accept a strftime(3) format:
+;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+;  %u: remote user
+;
+; Default: "%R - %u %t \"%m %r\" %s"
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
+
+; A list of request_uri values which should be filtered from the access log.
+;
+; As a security precuation, this setting will be ignored if:
+;     - the request method is not GET or HEAD; or
+;     - there is a request body; or
+;     - there are query parameters; or
+;     - the response code is outwith the successful range of 200 to 299
+;
+; Note: The paths are matched against the output of the access.format tag "%r".
+;       On common configurations, this may look more like SCRIPT_NAME than the
+;       expected pre-rewrite URI.
+;
+; Default Value: not set
+;access.suppress_path[] = /ping
+;access.suppress_path[] = /health_check.php
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+;slowlog = log/$pool.log.slow
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; Depth of slow log stack trace.
+; Default Value: 20
+;request_slowlog_trace_depth = 20
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_terminate_timeout = 0
+
+; The timeout set by 'request_terminate_timeout' ini option is not engaged after
+; application calls 'fastcgi_finish_request' or when application has finished and
+; shutdown functions are being called (registered via register_shutdown_function).
+; This option will enable timeout limit to be applied unconditionally
+; even in such cases.
+; Default Value: no
+;request_terminate_timeout_track_finished = no
+
+; Set open file descriptor rlimit.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Chroot to this directory at the start. This value must be defined as an
+; absolute path. When this value is not set, chroot is not used.
+; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
+; of its subdirectories. If the pool prefix is not set, the global prefix
+; will be used instead.
+; Note: chrooting is a great security feature and should be used whenever
+;       possible. However, all PHP paths will be relative to the chroot
+;       (error_log, sessions.save_path, ...).
+; Default Value: not set
+;chroot =
+
+; Chdir to this directory at the start.
+; Note: relative path can be used.
+; Default Value: current directory or / when chroot
+;chdir = /var/www
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environment, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Decorate worker output with prefix and suffix containing information about
+; the child that writes to the log and if stdout or stderr is used as well as
+; log level and time. This options is used only if catch_workers_output is yes.
+; Settings to "no" will output data as written to the stdout or stderr.
+; Default value: yes
+;decorate_workers_output = no
+
+; Clear environment in FPM workers
+; Prevents arbitrary environment variables from reaching FPM worker processes
+; by clearing the environment in workers before env vars specified in this
+; pool configuration are added.
+; Setting to "no" will make all environment variables available to PHP code
+; via getenv(), $_ENV and $_SERVER.
+; Default Value: yes
+;clear_env = no
+
+; Limits the extensions of the main script FPM will allow to parse. This can
+; prevent configuration mistakes on the web server side. You should only limit
+; FPM to .php extensions to prevent malicious users to use other extensions to
+; execute php code.
+; Note: set an empty value to allow all extensions.
+; Default Value: .php
+;security.limit_extensions = .php .php3 .php4 .php5 .php7
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+;   php_value/php_flag             - you can set classic ini defines which can
+;                                    be overwritten from PHP call 'ini_set'.
+;   php_admin_value/php_admin_flag - these directives won't be overwritten by
+;                                     PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr)
+
+; Default Value: nothing is defined by default except the values in php.ini and
+;                specified at startup with the -d argument
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M
diff --git a/src/deb/for-download/tools/imapsync/create-mail-sync.sh b/src/deb/for-download/tools/imapsync/create-mail-sync.sh
index e325754e..94762505 100644
--- a/src/deb/for-download/tools/imapsync/create-mail-sync.sh
+++ b/src/deb/for-download/tools/imapsync/create-mail-sync.sh
@@ -35,18 +35,35 @@ fi
 
 TESTOPT=""
 if [[ $TEST -eq 1 ]]; then
-	TESTOPT="--justlogin"
+    TESTOPT="--justlogin"
 fi
 
 if [ ! -d "accounts" ]; then
     mkdir accounts
 fi
 if [ -f "accounts/$EMAIL" ]; then
-	echo "********* $EMAIL ALREADY EXISTS !!! ************"
+    echo "********* EMAIL $EMAIL ALREADY EXISTS !!! ************"
     exit 1;
     exit
 fi
 
+euser=$(echo $EMAIL | cut -d '@' -f 1)
+domain=$(echo $EMAIL | cut -d '@' -f 2)
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+if [ "$user" != "" ]; then
+    echo "=== Email '$EMAIL' has username email part '$euser', domain is '$domain', and belongs to myVesta account: $user"
+    if [ ! -d "/home/$user/mail/$domain" ]; then
+        echo "======= Creating '$domail' in MAIL section"
+        /usr/local/vesta/bin/v-add-mail-domain "$user" "$domain"
+    fi
+    if [ ! -d "/home/$user/mail/$domain/$euser" ]; then
+        echo "======= Creating '$euser' mail account for domain '$domain'"
+        /usr/local/vesta/bin/v-add-mail-account "$user" "$domain" "$euser" "$PASS2"
+        echo ""
+    fi
+fi
+
+
 echo "Writing to: accounts/$EMAIL"
 echo "#!/bin/bash
 
@@ -67,21 +84,20 @@ exit;
 chmod a=rwx accounts/$EMAIL
 
 if [[ $TEST -eq 0 ]]; then
-	exit 0;
+    exit 0;
 fi
 
 accounts/$EMAIL
 RET=$?
 
 if [ $RET -eq 0 ]; then
-	# echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST"
-	sed -i "s/--justlogin//g" accounts/$EMAIL
-	echo "--- OK! ---"
-	echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log
+    # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST"
+    sed -i "s/--justlogin//g" accounts/$EMAIL
+    echo "--- OK! ---"
+    echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log
 else
-	echo "********* $EMAIL ERROR !!! [ret: $RET ] ************"
-	echo "********* $EMAIL ERROR !!! [ret: $RET ] ************"
-	echo "********* $EMAIL ERROR !!! [ret: $RET ] ************"
-	rm accounts/$EMAIL
+    echo "********* $EMAIL ERROR !!! [ret: $RET ] ************"
+    rm accounts/$EMAIL
+    read -p "=== Press ENTER to continue ===" entered
 fi
 exit $RET;
diff --git a/src/deb/for-download/tools/imapsync/import-from-file.sh b/src/deb/for-download/tools/imapsync/import-from-file.sh
new file mode 100644
index 00000000..ac0c42f4
--- /dev/null
+++ b/src/deb/for-download/tools/imapsync/import-from-file.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+#
+# This script reads email and password=s in following format:
+# email1 pass
+# email2 pass
+# email3 pass
+
+# The first parameter is the text file from which we read emails and passwords
+# The second parameter is SMTP Hostname
+# The third parameter is domain if lines contains only username part
+
+
+host=''
+if [ $# -gt 1 ]; then
+    host=$2
+else
+    echo "Usage: ./import-from-file.sh 'FILE' 'SMTPHOST' ['DOMAIN']"
+    exit 1;
+fi
+
+domain=''
+if [ $# -gt 2 ]; then
+    domain=$3
+fi
+
+end_of_file=0
+while [[ $end_of_file == 0 ]]; do
+
+  read -r line
+  end_of_file=$?
+
+  if [ "$line" == "" ]; then
+    if [[ $end_of_file == 1 ]]; then
+      echo "===EOF==="
+      break;
+    fi
+    continue
+  fi
+
+  email=$(echo "$line" | awk '{print $1}')
+  pass=$(echo "$line" | awk '{print $2}')
+
+  if [[ $email != *"@"* ]]; then
+    email="$email@$domain"
+  fi
+
+  echo "Extracted: '$email' = '$pass'"
+
+  ./create-mail-sync.sh "$host" "$email" "$pass"
+
+  if [[ $end_of_file == 1 ]]; then
+    echo "===EOF==="
+    break;
+  fi
+
+done < $1
diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh
index 8838e0ab..0f6a343a 100644
--- a/src/deb/for-download/tools/install-new-roundcube.sh
+++ b/src/deb/for-download/tools/install-new-roundcube.sh
@@ -3,7 +3,7 @@
 USER='webmail'
 DOMAIN='' # enter domain or subdomain
 
-VERSION='1.6.1'
+VERSION='1.6.6'
 DOWNLOAD="https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz"
 
 LOGINMESSAGE1='Click here for NEW Webmail'
diff --git a/src/deb/for-download/tools/install-rocket-nginx.sh b/src/deb/for-download/tools/install-rocket-nginx.sh
index 20364f80..ca1f8b2a 100644
--- a/src/deb/for-download/tools/install-rocket-nginx.sh
+++ b/src/deb/for-download/tools/install-rocket-nginx.sh
@@ -1,5 +1,12 @@
 #!/bin/bash
 
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl
+
 echo "Updating apt, please wait..."
 apt-get update > /dev/null 2>&1
 
@@ -17,9 +24,6 @@ fi
 cd rocket-nginx
 cp rocket-nginx.ini.disabled rocket-nginx.ini
 php rocket-parser.php
-/usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}'
-
-wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl
-wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl
-wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl
-wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl
+if [ -f "/etc/nginx/rocket-nginx/conf.d/default.conf" ]; then
+    /usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}'
+fi
diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh
index 88528e92..aa1b7353 100644
--- a/src/deb/for-download/tools/multi-php-install.sh
+++ b/src/deb/for-download/tools/multi-php-install.sh
@@ -13,6 +13,8 @@ inst_74=0
 inst_80=0
 inst_81=0
 inst_82=0
+inst_83=0
+inst_84=0
 
 #######################################################################
 
@@ -56,8 +58,14 @@ fi
 if [ $# -gt 9 ]; then
     inst_82=${10}
 fi
+if [ $# -gt 10 ]; then
+    inst_83=${11}
+fi
+if [ $# -gt 11 ]; then
+    inst_84=${12}
+fi
 
-if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ]; then
+if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ] || [ $inst_84 -eq 1 ]; then
     inst_repo=1
 fi
 
@@ -87,6 +95,8 @@ echo "inst_74=$inst_74"
 echo "inst_80=$inst_80"
 echo "inst_81=$inst_81"
 echo "inst_82=$inst_82"
+echo "inst_83=$inst_83"
+echo "inst_84=$inst_84"
 echo "wait_to_press_enter=$wait_to_press_enter"
 
 press_enter "=== Press enter to continue ==============================================================================="
@@ -95,16 +105,12 @@ apt update
 if [ "$inst_repo" -eq 1 ]; then
     press_enter "=== Press enter to install sury.org repo ==============================================================================="
     apt -y install apt-transport-https ca-certificates
-    wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
-    if [ $debian_version -eq 8 ]; then
-      sh -c 'echo "deb https://packages.sury.org/php/ jessie main" > /etc/apt/sources.list.d/php.list'
-    fi
-    if [ $debian_version -eq 9 ]; then
-      sh -c 'echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/php.list'
-    fi
-    if [ $debian_version -eq 10 ]; then
-      sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list'
+    if [ $debian_version -ge 11 ]; then
+      wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
     fi
+    # if [ $debian_version -eq 10 ]; then
+    #   sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list'
+    # fi
     if [ $debian_version -eq 11 ]; then
       sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list'
     fi
@@ -112,7 +118,7 @@ if [ "$inst_repo" -eq 1 ]; then
       sh -c 'echo "deb https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php.list'
     fi
     apt update
-    apt upgrade -y
+    # apt upgrade -y
     press_enter "=== Press enter to continue ==============================================================================="
 fi
 
@@ -344,9 +350,63 @@ if [ "$inst_82" -eq 1 ]; then
     press_enter "=== PHP 8.2 installed, press enter to continue ==============================================================================="
 fi
 
+if [ "$inst_83" -eq 1 ]; then
+    press_enter "=== Press enter to install PHP 8.3 ==============================================================================="
+    apt -y install php8.3-mbstring php8.3-bcmath php8.3-cli php8.3-curl php8.3-fpm php8.3-gd php8.3-intl php8.3-mysql php8.3-soap php8.3-xml php8.3-zip php8.3-memcache php8.3-memcached php8.3-imagick
+    update-rc.d php8.3-fpm defaults
+    a2enconf php8.3-fpm
+    a2dismod php8.3
+    apt-get -y remove libapache2-mod-php8.3
+    systemctl restart apache2
+    cp -r /etc/php/8.3/ /root/vst_install_backups/php8.3/
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.stpl
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.tpl
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.stpl
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.tpl
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh
+    chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh
+    chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh
+    echo "=== Patching php.ini for php8.3"
+    wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.3.patch
+    patch /etc/php/8.3/fpm/php.ini < /root/php8.3.patch
+    if [ $memory -gt 9999999 ]; then
+        sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.3/fpm/php.ini
+    fi
+    service php8.3-fpm restart
+    press_enter "=== PHP 8.3 installed, press enter to continue ==============================================================================="
+fi
 
-apt update > /dev/null 2>&1
-apt upgrade -y > /dev/null 2>&1
+if [ "$inst_84" -eq 1 ]; then
+    press_enter "=== Press enter to install PHP 8.4 ==============================================================================="
+    apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick
+    update-rc.d php8.4-fpm defaults
+    a2enconf php8.4-fpm
+    a2dismod php8.4
+    apt-get -y remove libapache2-mod-php8.4
+    systemctl restart apache2
+    cp -r /etc/php/8.4/ /root/vst_install_backups/php8.4/
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.stpl
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.tpl
+    wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh
+    chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh
+    chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh
+    echo "=== Patching php.ini for php8.4"
+    wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.4.patch
+    patch /etc/php/8.4/fpm/php.ini < /root/php8.4.patch
+    if [ $memory -gt 9999999 ]; then
+        sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.4/fpm/php.ini
+    fi
+    service php8.4-fpm restart
+    press_enter "=== PHP 8.4 installed, press enter to continue ==============================================================================="
+fi
+
+
+# apt update > /dev/null 2>&1
+# apt upgrade -y > /dev/null 2>&1
 
 if [ $debian_version -ge 10 ]; then
     a2dismod ruid2 > /dev/null 2>&1
@@ -360,8 +420,44 @@ if [ $debian_version -ge 10 ]; then
     a2dismod php8.0 > /dev/null 2>&1
     a2dismod php8.1 > /dev/null 2>&1
     a2dismod php8.2 > /dev/null 2>&1
+    a2dismod php8.3 > /dev/null 2>&1
+    a2dismod php8.4 > /dev/null 2>&1
     a2dismod mpm_prefork > /dev/null 2>&1
     a2enmod mpm_event > /dev/null 2>&1
     apt-get -y remove libapache2-mod-php* > /dev/null 2>&1
     service apache2 restart
 fi
+
+if [ -f "/usr/share/phpgate/phpgate.php" ]; then
+    echo "=== upgrading phpgate"
+    /usr/local/vesta/bin/v-commander 'm' 'inst pgw' 'q'
+    echo "=== upgrading phpgate done."
+    echo ""
+fi
+
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    echo "=== upgrading tailf_apache_error.php"
+    wget -nv http://dl.myvestacp.com/vesta/tailf.php -O /usr/local/bin/tailf.php
+    wget -nv http://dl.myvestacp.com/vesta/tailf_apache_error.php -O /usr/local/bin/tailf_apache_error.php
+    wget -nv http://dl.myvestacp.com/vesta/see-apache-processlist-once.sh -O /usr/local/bin/see-apache-processlist-once.sh
+    wget -nv http://dl.myvestacp.com/vesta/see-mysql-processlist-once.sh -O /usr/local/bin/see-mysql-processlist-once.sh
+    chmod u+x /usr/local/bin/see-apache-processlist-once.sh
+    chmod u+x /usr/local/bin/see-mysql-processlist-once.sh
+    
+    # ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error"
+    # echo $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
+    kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
+    sleep 1
+    # ps -Af | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error"
+    # sleep 1
+    nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log &
+    echo "=== upgrading tailf_apache_error.php done."
+    sleep 3
+    echo ""
+fi
+
+# Fixing php.ini files to have the correct disable_functions line
+/usr/local/vesta/bin/v-fix-php-ini-disable-functions
+
+echo "Everything done."
+echo ""
diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl
new file mode 100644
index 00000000..7597746c
--- /dev/null
+++ b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl
@@ -0,0 +1,56 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    # #ssl_on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+
+        # BEGIN SMUSH-WEBP
+        location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" {
+          root           %sdocroot%;
+          add_header Vary Accept;
+          expires        max;
+          set $image_path $2;
+          if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") {
+            break;
+          }
+          if ($http_accept !~* "webp") {
+            break;
+          }
+          # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp;
+          try_files /wp-content/smush-webp/$image_path.webp $uri =404;
+        }
+        # END SMUSH-WEBP
+
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
+
diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl
new file mode 100644
index 00000000..7e408254
--- /dev/null
+++ b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl
@@ -0,0 +1,52 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        proxy_pass      http://%ip%:%web_port%;
+
+        # BEGIN SMUSH-WEBP
+        location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" {
+          root           %sdocroot%;
+          add_header Vary Accept;
+          expires        max;
+          set $image_path $2;
+          if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") {
+            break;
+          }
+          if ($http_accept !~* "webp") {
+            break;
+          }
+          # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp;
+          try_files /wp-content/smush-webp/$image_path.webp $uri =404;
+        }
+        # END SMUSH-WEBP
+
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %docroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
+
diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl
new file mode 100644
index 00000000..3bed6ce3
--- /dev/null
+++ b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl
@@ -0,0 +1,87 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    http2 on;
+    server_name %domain_idn% %alias_idn%;
+    root           %sdocroot%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    set $cache_uri $request_uri;
+    set $caching 'ON';
+
+    # POST requests and urls with a query string should always go to PHP
+    if ($request_method = POST) {
+    	set $caching 'OFF';
+    }
+
+    if ($query_string ~* "(fb_action_ids=|fb_action_types=|fb_source=|fbclid=|utm_source=|utm_campaign=|utm_medium=|utm_expid=|utm_term=|utm_content=|utm_id=|utm_source_platform=|utm_creative_format=|utm_marketing_tactic=|_ga=|gclid=|campaignid=|adgroupid=|adid=|gbraid=|wbraid=|_gl=|gclsrc=|gdfms=|gdftrk=|gdffi=|_ke=|_kx=|trk_contact=|trk_msg=|trk_module=|trk_sid=|mc_cid=|mc_eid=|mkwid=|pcrid=|mtm_source=|mtm_medium=|mtm_campaign=|mtm_keyword=|mtm_cid=|mtm_content=|msclkid=|epik=|pp=|pk_source=|pk_medium=|pk_campaign=|pk_keyword=|pk_cid=|pk_content=|redirect_log_mongo_id=|redirect_mongo_id=|sb_referer_host=)") {
+        set $query_string_cachable 1;
+    }
+
+    if ($query_string != "") {
+        set $query_string_cacheable 1$query_string_cacheable;
+    }   
+
+    if ($query_string_cacheable = 11) {
+        set $caching 'ON';
+    }
+
+    if ($query_string_cacheable = 1) {
+        set $caching 'OFF';
+    }
+
+    # Don't cache uris containing the following segments
+    if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0–9_-]+-sitemap([0–9]+)?.xml)") {
+	set $caching 'OFF';
+    }
+    
+    # Don't use the cache for logged-in users or recent commenters
+    if ($http_cookie ~* "comment_author|wordpress_[a-f0–9]+|wp-postpass|wordpress_logged_in") {
+	set $caching 'OFF';
+    }
+    
+    if ($caching = 'ON') {
+    	set $cachefile "/wp-content/cache/supercache/$http_host/$cache_uri/index-https.html";   
+    	set $cachestatus 'HIT'; 
+    }
+
+    if ($caching = 'OFF') {
+       set $cachestatus 'MISS';
+    }
+    
+    add_header X-Cache-Status $cachestatus;
+    add_header X-Cache-File $cachefile;
+
+    location / {
+        try_files $cachefile @fallback;
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            root           %sdocroot%;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+            # try_files      $uri @fallback;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl
index d66f80be..f49e99dc 100644
--- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl
+++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl
@@ -1,53 +1,54 @@
-server {
-    listen      %ip%:%proxy_ssl_port%;
-    server_name %domain_idn% %alias_idn%;
-    ssl         on;
-    ssl_certificate      %ssl_pem%;
-    ssl_certificate_key  %ssl_key%;
-    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
-    
-    # test %port_num%
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
-    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
-    root %sdocroot%/public;
-    index index.html;
-
-    location / {
-        proxy_pass      http://localhost:3000;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host $host;
-        proxy_cache_bypass $http_upgrade;
-
-
-        # try_files $uri $uri/ @rewrites;
-
-        location ~* ^.+\.(%proxy_extentions%)$ {
-            access_log     /var/log/%web_system%/domains/%domain%.log combined;
-            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
-            expires        max;
-        }
-    }
-
-    location @rewrites {
-      rewrite ^(.+)$ /index.html last;
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    server_name %domain_idn% %alias_idn%;
+    # ssl         on;
+    # http2 on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+    
+    # test %port_num%
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+    root %sdocroot%/public;
+    index index.html;
+
+    location / {
+        proxy_pass      http://localhost:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+
+
+        # try_files $uri $uri/ @rewrites;
+
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+        }
+    }
+
+    location @rewrites {
+      rewrite ^(.+)$ /index.html last;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+
     location ~ /\.ht    {return 404;}
-    location ~ /\.env   {return 404;}
-    location ~ /\.svn/  {return 404;}
-    location ~ /\.git/  {return 404;}
-    location ~ /\.hg/   {return 404;}
-    location ~ /\.bzr/  {return 404;}
-
-    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
-    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
 }
\ No newline at end of file
diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl
index 27dd354b..1387a879 100644
--- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl
+++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl
@@ -1,7 +1,8 @@
 server {
-    listen      %ip%:%proxy_ssl_port%;
+    listen      %ip%:%proxy_ssl_port% ssl;
     server_name %domain_idn% %alias_idn%;
-    ssl         on;
+    # ssl         on;
+    # http2 on;
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl
index d66f80be..f49e99dc 100644
--- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl
+++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl
@@ -1,53 +1,54 @@
-server {
-    listen      %ip%:%proxy_ssl_port%;
-    server_name %domain_idn% %alias_idn%;
-    ssl         on;
-    ssl_certificate      %ssl_pem%;
-    ssl_certificate_key  %ssl_key%;
-    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
-    
-    # test %port_num%
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
-    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
-    root %sdocroot%/public;
-    index index.html;
-
-    location / {
-        proxy_pass      http://localhost:3000;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host $host;
-        proxy_cache_bypass $http_upgrade;
-
-
-        # try_files $uri $uri/ @rewrites;
-
-        location ~* ^.+\.(%proxy_extentions%)$ {
-            access_log     /var/log/%web_system%/domains/%domain%.log combined;
-            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
-            expires        max;
-        }
-    }
-
-    location @rewrites {
-      rewrite ^(.+)$ /index.html last;
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-
+server {
+    listen      %ip%:%proxy_ssl_port% ssl;
+    server_name %domain_idn% %alias_idn%;
+    # ssl         on;
+    # http2 on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+    
+    # test %port_num%
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+    root %sdocroot%/public;
+    index index.html;
+
+    location / {
+        proxy_pass      http://localhost:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+
+
+        # try_files $uri $uri/ @rewrites;
+
+        location ~* ^.+\.(%proxy_extentions%)$ {
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+            expires        max;
+        }
+    }
+
+    location @rewrites {
+      rewrite ^(.+)$ /index.html last;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+
     location ~ /\.ht    {return 404;}
-    location ~ /\.env   {return 404;}
-    location ~ /\.svn/  {return 404;}
-    location ~ /\.git/  {return 404;}
-    location ~ /\.hg/   {return 404;}
-    location ~ /\.bzr/  {return 404;}
-
-    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
-    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
 }
\ No newline at end of file
diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl
index d8a23009..70fa2866 100644
--- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl
+++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl
@@ -1,7 +1,8 @@
 server {
-    listen      %ip%:%proxy_ssl_port%;
+    listen      %ip%:%proxy_ssl_port% ssl;
     server_name %domain_idn% %alias_idn%;
-    ssl         on;
+    # ssl         on;
+    # http2 on;
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl
index a6a0b744..415b6f9c 100644
--- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl
+++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl
@@ -1,7 +1,8 @@
 server {
-    listen      %ip%:%proxy_ssl_port%;
+    listen      %ip%:%proxy_ssl_port% ssl;
     server_name %domain_idn% %alias_idn%;
-    ssl         on;
+    # ssl         on;
+    # http2 on;
     ssl_certificate      %ssl_pem%;
     ssl_certificate_key  %ssl_key%;
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
diff --git a/src/deb/for-download/tools/patches/exim_forwarding.patch b/src/deb/for-download/tools/patches/exim_forwarding.patch
index 1fa6d408..dcefe327 100644
--- a/src/deb/for-download/tools/patches/exim_forwarding.patch
+++ b/src/deb/for-download/tools/patches/exim_forwarding.patch
@@ -6,7 +6,7 @@
   
 +  warn    !authenticated = *
 +          hosts          = !+relay_from_hosts
-+          condition     = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}}
++          condition     = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
 +          set acl_m3    = yes
 +
    deny    message       = Restricted characters in address
diff --git a/src/deb/for-download/tools/patches/fix-fpm-poold.sh b/src/deb/for-download/tools/patches/fix-fpm-poold.sh
index 94566768..311ef9cd 100644
--- a/src/deb/for-download/tools/patches/fix-fpm-poold.sh
+++ b/src/deb/for-download/tools/patches/fix-fpm-poold.sh
@@ -16,10 +16,10 @@ if [ -d "/etc/php" ]; then
     find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
     find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
 
-    OLDVAL='pm.max_children = 8'
+    OLDVAL='pm.max_children = '
     NEWVAL='pm.max_children = 3'
-    find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
-    find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g"
+    find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g"
+    find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g"
 
     OLDVAL='request_terminate_timeout = '
     NEWVAL='request_terminate_timeout = 360s'
diff --git a/src/deb/for-download/tools/patches/php8.2.patch b/src/deb/for-download/tools/patches/php8.2.patch
index 1083a720..ed127499 100644
--- a/src/deb/for-download/tools/patches/php8.2.patch
+++ b/src/deb/for-download/tools/patches/php8.2.patch
@@ -5,7 +5,7 @@
  ; It receives a comma-delimited list of function names.
  ; https://php.net/disable-functions
 -disable_functions = 
-+ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen
++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen
  
  ; This directive allows you to disable certain classes.
  ; It receives a comma-delimited list of class names.
diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl
index d770ac6a..1f67154e 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl
@@ -7,7 +7,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 8;
+        limit_conn addr 9;
+        limit_conn zone_site 25;
         limit_req zone=two burst=14 delay=7;
         proxy_pass      https://%ip%:%web_ssl_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl
index a2f7f9f2..dfd00270 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl
@@ -7,7 +7,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 4;
+        limit_conn addr 7;
+        limit_conn zone_site 20;
         limit_req zone=two burst=14 delay=7;
         proxy_pass      https://%ip%:%web_ssl_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl
index 6118fa82..6d632713 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl
@@ -7,7 +7,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 3;
+        limit_conn addr 5;
+        limit_conn zone_site 15;
         limit_req zone=one burst=14 delay=7;
         proxy_pass      https://%ip%:%web_ssl_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl
new file mode 100644
index 00000000..5c3f22ac
--- /dev/null
+++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl
@@ -0,0 +1,95 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    # ssl         on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 10;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=28 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 48;
+        limit_conn zone_site 60;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %sdocroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl
new file mode 100644
index 00000000..b263d6b5
--- /dev/null
+++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl
@@ -0,0 +1,95 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    # ssl         on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 5;
+        limit_conn zone_site 15;
+        limit_req zone=one burst=14 delay=7;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 24;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=40 delay=7;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=one burst=40 delay=7;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %sdocroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl
index b4468a6a..db6ab623 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl
@@ -7,7 +7,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 2;
+        limit_conn addr 3;
+        limit_conn zone_site 10;
         limit_req zone=one burst=7 delay=3;
         proxy_pass      https://%ip%:%web_ssl_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl
index df269ad4..8435a72b 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl
@@ -7,7 +7,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 8;
+        limit_conn addr 9;
+        limit_conn zone_site 25;
         limit_req zone=two burst=14 delay=7;
         proxy_pass      https://%ip%:%web_ssl_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl
index 13657bd3..2cc5c781 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl
@@ -4,7 +4,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 8;
+        limit_conn addr 9;
+        limit_conn zone_site 25;
         limit_req zone=two burst=14 delay=7;
         proxy_pass      http://%ip%:%web_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl
index 8e0a0f5a..856ebd56 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl
@@ -7,7 +7,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 4;
+        limit_conn addr 7;
+        limit_conn zone_site 20;
         limit_req zone=two burst=14 delay=7;
         proxy_pass      https://%ip%:%web_ssl_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl
index a4035844..5bf3fbf8 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl
@@ -4,7 +4,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 4;
+        limit_conn addr 7;
+        limit_conn zone_site 20;
         limit_req zone=two burst=14 delay=7;
         proxy_pass      http://%ip%:%web_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl
index 9649671d..5d42830f 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl
@@ -7,7 +7,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 3;
+        limit_conn addr 5;
+        limit_conn zone_site 15;
         limit_req zone=one burst=14 delay=7;
         proxy_pass      https://%ip%:%web_ssl_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl
index 9e0edcf8..e57dbd1a 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl
@@ -4,7 +4,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 3;
+        limit_conn addr 5;
+        limit_conn zone_site 15;
         limit_req zone=one burst=14 delay=7;
         proxy_pass      http://%ip%:%web_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl
new file mode 100644
index 00000000..5c3f22ac
--- /dev/null
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl
@@ -0,0 +1,95 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    # ssl         on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 10;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=28 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 48;
+        limit_conn zone_site 60;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %sdocroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl
new file mode 100644
index 00000000..44f6162c
--- /dev/null
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl
@@ -0,0 +1,92 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 10;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=28 delay=14;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 48;
+        limit_conn zone_site 60;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=80 delay=14;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 16;
+        limit_conn zone_site 30;
+        limit_req zone=wfone burst=240;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %docroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
+
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl
new file mode 100644
index 00000000..b263d6b5
--- /dev/null
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl
@@ -0,0 +1,95 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    # ssl         on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 5;
+        limit_conn zone_site 15;
+        limit_req zone=one burst=14 delay=7;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 24;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=40 delay=7;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=one burst=40 delay=7;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %sdocroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl
new file mode 100644
index 00000000..7203b88c
--- /dev/null
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl
@@ -0,0 +1,92 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    location / {
+        error_page 418 = @wordfence_lh;
+        error_page 419 = @wordfence_route;
+        error_page 420 = @wordfence_sync;
+
+        if ($request_uri ~ "^/\?wordfence_lh") { return 418; }
+        if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; }
+        if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; }
+
+        limit_conn addr 5;
+        limit_conn zone_site 15;
+        limit_req zone=one burst=14 delay=7;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-admin/ {
+        limit_conn addr 24;
+        limit_conn zone_site 30;
+        limit_req zone=one burst=40 delay=7;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-json/ {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=one burst=40 delay=7;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_lh {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_route {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location @wordfence_sync {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location /wp-json/wordfence/ {
+        limit_conn addr 8;
+        limit_conn zone_site 15;
+        limit_req zone=wfone burst=120;
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~* ^.+\.(%proxy_extentions%)$ {
+        root           %docroot%;
+        access_log     /var/log/%web_system%/domains/%domain%.log combined;
+        access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
+        expires        max;
+        # try_files      $uri @fallback;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      http://%ip%:%web_port%;
+    }
+
+    location ~ /wp-config.php    {return 404;}
+    location ~ /xmlrpc.php       {return 404;}
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/nginx.%domain%.conf*;
+}
+
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl
index 21acb34b..42bc195b 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl
@@ -7,7 +7,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 2;
+        limit_conn addr 3;
+        limit_conn zone_site 10;
         limit_req zone=one burst=7 delay=3;
         proxy_pass      https://%ip%:%web_ssl_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl
index 9438e532..177a71c6 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl
+++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl
@@ -4,7 +4,8 @@ server {
     error_log  /var/log/%web_system%/domains/%domain%.error.log error;
 
     location / {
-        limit_conn addr 2;
+        limit_conn addr 3;
+        limit_conn zone_site 10;
         limit_req zone=one burst=7 delay=3;
         proxy_pass      http://%ip%:%web_port%;
     }
diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh
index 8710008c..8f4d4e88 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh
+++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh
@@ -12,7 +12,7 @@
 
 grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf)
 if [ "$grepc" -eq 0 ]; then
-    sed -i 's|server_names_hash_bucket_size   512;|server_names_hash_bucket_size   512;\n    limit_conn_zone $binary_remote_addr zone=addr:1m;\n    limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n    limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n    limit_conn_log_level error;\n    limit_req_log_level error;\n    limit_conn_status 429;\n    limit_req_status 429;|g' /etc/nginx/nginx.conf
+    sed -i 's|server_names_hash_bucket_size   512;|server_names_hash_bucket_size   512;\n    limit_conn_zone $binary_remote_addr zone=addr:1m;\n    limit_conn_zone $server_name zone=zone_site:1m;\n    limit_req_zone $scheme zone=wfone:1m rate=1r/s;\n    limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n    limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n    limit_conn_log_level error;\n    limit_req_log_level error;\n    limit_conn_status 429;\n    limit_req_status 429;|g' /etc/nginx/nginx.conf
     echo "=== Added rate_limit to nginx.conf"
 fi
 
@@ -22,6 +22,18 @@ if [ "$grepc" -eq 1 ]; then
     echo "=== Decrease addr zone to 1mb to nginx.conf"
 fi
 
+grepc=$(grep -c 'zone=zone_site:1m' /etc/nginx/nginx.conf)
+if [ "$grepc" -eq 0 ]; then
+    sed -i 's| zone=addr:1m;| zone=addr:1m;\n    limit_conn_zone $server_name zone=zone_site:1m;|g' /etc/nginx/nginx.conf
+    echo "=== Added rate_limit 'zone_site' to nginx.conf"
+fi
+
+grepc=$(grep -c 'zone=wfone:1m' /etc/nginx/nginx.conf)
+if [ "$grepc" -eq 0 ]; then
+    sed -i 's| zone=addr:1m;| zone=addr:1m;\n    limit_req_zone $scheme zone=wfone:1m rate=1r/s;|g' /etc/nginx/nginx.conf
+    echo "=== Added rate_limit 'wfone' to nginx.conf"
+fi
+
 grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf)
 if [ "$grepc" -eq 1 ]; then
     sed -i 's|zone=one:10m|zone=one:1m|g' /etc/nginx/nginx.conf
@@ -54,4 +66,14 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-burst
 wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl
 wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl
 
-service nginx restart
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl
+
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl
+wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl
+
+systemctl restart nginx
diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl
new file mode 100644
index 00000000..2a6a7671
--- /dev/null
+++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl
@@ -0,0 +1,73 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
+
+    root           %sdocroot%;
+
+    # Serve WebP if browser supports it
+    location ~* ^/wp-content/.*\.(png|jpe?g)$ {
+        add_header Vary Accept;
+        expires 365d;
+    
+        if ($http_accept !~* "webp") {
+            break;
+        }
+    
+        try_files
+            /wp-content/webp-express/webp-images/doc-root/$uri.webp
+            $uri.webp
+            @webp_on_demand;
+    }
+    
+    # Route .webp requests to converter if not found
+    location @webp_on_demand {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+    
+    # Allow .webp passthrough (trigger php fallback if not found)
+    location ~* ^/wp-content/.*\.(png|jpe?g)\.webp$ {
+        try_files
+            $uri
+            @webp_realizer;
+    }
+    
+    location @webp_realizer {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+    
+    # Allow PHP access to WebP Express WOD handler
+    location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    # Rocket-Nginx configuration
+    include rocket-nginx/conf.d/default.conf;
+
+    location / {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location @fallback {
+        proxy_pass      https://%ip%:%web_ssl_port%;
+    }
+
+    location ~ /\.ht    {return 404;}
+    location ~ /\.env   {return 404;}
+    location ~ /\.svn/  {return 404;}
+    location ~ /\.git/  {return 404;}
+    location ~ /\.hg/   {return 404;}
+    location ~ /\.bzr/  {return 404;}
+
+    disable_symlinks if_not_owner from=%docroot%;
+
+    include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
+}
diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl
new file mode 100644
index 00000000..5a463370
--- /dev/null
+++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl
@@ -0,0 +1,8 @@
+server {
+    listen      %ip%:%proxy_port%;
+    server_name %domain_idn% %alias_idn%;
+    location / {
+        rewrite ^(.*) https://$host$1 permanent;
+    }
+include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
+}
diff --git a/src/deb/ioncube/copyright b/src/deb/ioncube/copyright
index bd92bd81..c62257d2 100644
--- a/src/deb/ioncube/copyright
+++ b/src/deb/ioncube/copyright
@@ -1,243 +1,243 @@
-LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE
-OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com)
-
-YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE
-LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP
-LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT.  IF YOU
-DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY
-AND/OR USE THE LOADER SOFTWARE.
-
-DEFINITIONS
-
-The following definitions shall apply in this document:
-
-LOADER shall mean the ionCube PHP Loader software package or collection 
-of Loaders, including any modifications or upgrades to the software, used for
-executing PHP scripts previously encoded with the ionCube PHP Encoder
-software to render them non-humanly readable, and any associated
-documentation or electronic or online materials relating to the software.
-
-ENCODER shall mean any ionCube PHP Encoder software or service used for the
-purpose of producing non-humanly readable encoded files from PHP scripts.
-
-ENCODED FILE shall mean a non-humanly readable file produced by the 
-Encoder and being derived from humanly readable PHP script source.
-
-PROVIDER shall mean ionCube Ltd.
-
-USER/YOU shall mean any entity who has downloaded or obtained through any
-other means a version of the Loader software.
-
-
-1 LICENSE ENTITLEMENT 
-
-1.1 The Loader is provided without charge.  Title to the Loader does not pass
-to the user in any circumstances.  The Loader is supplied as object code.
-
-1.2 The provider grants a personal, non-transferable, non-exclusive licence to
-use the Loader in accordance with the terms and conditions of this Licence
-Agreement.
-
-1.3 The installation or downloading and use of the Loader entitles the user
-to install and use the Loader for its own internal lawful purposes.
-
-
-2 DISTRIBUTION 
-
-2.1 The Loader may be freely distributed to third parties alone or as 
-part of a distribution containing other items provided that this license
-is also included. 
-
-2.2 The Loader may under no circumstances be branded as another product, 
-whether distributed or not. 
-
-2.3 Distribution as part of a commercial product is permitted provided such
-distribution is in accordance with clauses 2.1 and 2.2 with respect to the 
-Loader.
-
-
-3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION 
-
-Except insofar as the user is permitted to do so in accordance with applicable
-law:
-
-3.1 Any analysis of the Loader and embedded data by any means and by
-any entity whether human or otherwise and including but without limitation to
-discover details of internal operation, to reverse engineer, to de-compile
-object code, or to modify for the purposes of modifying behaviour is
-forbidden.
-
-3.2 Any analysis of encoded files by any means and by any entity whether human
-or otherwise and including but without limitation to discover details of file
-format or for the purposes of modifying behaviour or scope of their usage is
-forbidden.
-
-
-4 WARRANTY
-
-THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED 
-WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE
-DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED
-OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN
-CONJUNCTION WITH ANY OTHER PRODUCT.  
-
-
-5 LIMITATION OF LIABILITY 
-
-5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY
-PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER
-CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE
-AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS
-EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS.  THE PROVIDER EXCLUDES ALL
-WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING
-FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR
-OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY
-LAW.
-
-5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT
-ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS
-A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS
-OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER.  WHILST THE
-PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH
-DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS
-TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET.
-
-5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS
-LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE
-PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT.
-
-5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY
-E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY
-THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING
-TRANSMISSION.
-
-
-6 BUG FIXING AND PRODUCT SUPPORT 
-
-6.1 The provider will use reasonable endeavours to provide support to users.
-The provider will at their discretion only provide support for the latest
-release.
-
-6.2 Support comprises of fault reporting via tickets and fault diagnosis,
-recommendations on workarounds, and where reasonably possible a timely
-resolution.
-
-6.3 The user accepts that on occasion the ability of the provider to meet
-anticipated or published support schedules may be impaired due to, but without
-limitation, Internet service provider failures or software failures that
-affect the ability to communicate for an indeterminate period.
-
-6.4 The provider reserves the right to refuse to provide support at any time.
-
-6.5 The provider wishes to maintain and offer a product of the highest
-possible quality, and accordingly may from time to time and at its discretion
-make product changes for the purpose of correcting behaviour in variance to
-the published specification or the user's reasonable expectations. 
-
-6.6 The provider reserves the right to charge for support where the user does
-not have a valid support plan in place, or where the support offered exceeds
-the scope of the active support plan.
-
-
-7 PRODUCT UPGRADES
-
-7.1 The provider may from time to time release product upgrades. These will
-be provided free of charge and attempts made to provide a timely notification
-to customers of the existence of any new release.
-
-
-8 ERRORS AND OMISSIONS
-
-Whilst reasonable endeavours are made to ensure the accuracy of documentation
-concerning the details of the Loader, the user accepts the possibility of
-inaccuracies in information presented in any format, including email
-communications and online services. The provider shall under no circumstances
-be liable for any events that arise as a result of unintentional inaccuracies
-or omissions.
-
-
-9 USER INDEMNITY
-
-You agree to fully indemnify, defend and hold the provider harmless
-immediately upon demand from and against all actions, liability, claims,
-losses, damages, costs and expenses (including legal/attorney fees) incurred
-by the provider arising directly or indirectly as a result of your breach of
-this Licence Agreement.
-
-
-10 INTELLECTUAL PROPERTY RIGHTS
-
-10.1 The user acknowledges that the Loader and associated documentation and
-materials contain proprietary information of the provider and are and shall
-remain the exclusive property of the provider and/or its licensors and all
-title, copyright, trade marks, trade names, patents and other intellectual
-property rights therein of whatever nature shall remain the sole property of
-the provider and/or its licensors.
-
-10.2 No title to or rights of ownership, copyright or other intellectual
-property in the Loader is transferred to the user (other than the licence
-rights expressly granted in this Licence Agreement).
-
-
-11 TERMINATION
-
-11.1 The provider reserves the right to terminate this Licence Agreement
-immediately by notice in writing against the user if the user is in breach of
-any terms and conditions of this Licence Agreement.
-
-11.2 Termination of this Licence Agreement for any reason shall be without
-prejudice to any other rights or remedies of the provider which may have
-arisen on or before the date of termination under this Licence Agreement or in
-law.
-
-11.3 The provisions of the following clauses shall survive any termination of
-this agreement; clause 3, 5, 10 and 13.
-
-
-12 GENERAL
-
-12.1 The provider reserves the right to transfer or assign all or any of its
-rights and duties and responsibilities set out in this Licence Agreement to
-another party.
-
-12.2 Headings have been included for convenience only and will not be used in
-construing any provision of this Licence Agreement.
-
-12.3 No delay or failure by the provider to exercise any powers, rights or
-remedies under this Licence Agreement will operate as a waiver of them nor
-will any single or partial exercise of any such powers, rights or remedies
-include any other or further exercise of them.
-
-12.4 If any part of this Licence Agreement is found by a court of competent
-jurisdiction or other competent authority to be invalid, unlawful or
-unenforceable then such part shall be severed from the remainder of this
-Licence Agreement which will continue to be valid and enforceable to the
-fullest extent permitted by applicable law.
-
-12.5 This Licence Agreement including the documents or other sources referred
-to herein supersede all prior representations, understandings and agreements
-between the user and the provider relating to the Loader and sets forth the
-entire agreement and understanding between the user and the provider relating
-to the Loader.
-
-12.6 Nothing in this Licence Agreement shall be deemed to constitute a
-partnership between you and the provider nor constitute either party being an
-agent of the other party.
-
-12.7 This Agreement does not create any rights or benefits enforceable by any
-person not a party to it (within the meaning of the U.K.Contracts (Rights of
-Third Parties) Act 1999) except that a person who under clause 12.1 is a
-permitted successor or assignee of the rights or benefits of the provider may
-enforce such rights or benefits.
-
-
-13 GOVERNING LAW AND JURISDICTION
-
-This License Agreement and any issues relating thereto shall be construed and
-interpreted in accordance with the laws of England and subject to the
-exclusive jurisdiction of the English courts.
-
-Copyright (c) 2002-2017 ionCube Ltd.          Last revised 23-April-2015
+LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE
+OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com)
+
+YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE
+LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP
+LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT.  IF YOU
+DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY
+AND/OR USE THE LOADER SOFTWARE.
+
+DEFINITIONS
+
+The following definitions shall apply in this document:
+
+LOADER shall mean the ionCube PHP Loader software package or collection 
+of Loaders, including any modifications or upgrades to the software, used for
+executing PHP scripts previously encoded with the ionCube PHP Encoder
+software to render them non-humanly readable, and any associated
+documentation or electronic or online materials relating to the software.
+
+ENCODER shall mean any ionCube PHP Encoder software or service used for the
+purpose of producing non-humanly readable encoded files from PHP scripts.
+
+ENCODED FILE shall mean a non-humanly readable file produced by the 
+Encoder and being derived from humanly readable PHP script source.
+
+PROVIDER shall mean ionCube Ltd.
+
+USER/YOU shall mean any entity who has downloaded or obtained through any
+other means a version of the Loader software.
+
+
+1 LICENSE ENTITLEMENT 
+
+1.1 The Loader is provided without charge.  Title to the Loader does not pass
+to the user in any circumstances.  The Loader is supplied as object code.
+
+1.2 The provider grants a personal, non-transferable, non-exclusive licence to
+use the Loader in accordance with the terms and conditions of this Licence
+Agreement.
+
+1.3 The installation or downloading and use of the Loader entitles the user
+to install and use the Loader for its own internal lawful purposes.
+
+
+2 DISTRIBUTION 
+
+2.1 The Loader may be freely distributed to third parties alone or as 
+part of a distribution containing other items provided that this license
+is also included. 
+
+2.2 The Loader may under no circumstances be branded as another product, 
+whether distributed or not. 
+
+2.3 Distribution as part of a commercial product is permitted provided such
+distribution is in accordance with clauses 2.1 and 2.2 with respect to the 
+Loader.
+
+
+3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION 
+
+Except insofar as the user is permitted to do so in accordance with applicable
+law:
+
+3.1 Any analysis of the Loader and embedded data by any means and by
+any entity whether human or otherwise and including but without limitation to
+discover details of internal operation, to reverse engineer, to de-compile
+object code, or to modify for the purposes of modifying behaviour is
+forbidden.
+
+3.2 Any analysis of encoded files by any means and by any entity whether human
+or otherwise and including but without limitation to discover details of file
+format or for the purposes of modifying behaviour or scope of their usage is
+forbidden.
+
+
+4 WARRANTY
+
+THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED 
+WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE
+DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED
+OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN
+CONJUNCTION WITH ANY OTHER PRODUCT.  
+
+
+5 LIMITATION OF LIABILITY 
+
+5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY
+PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER
+CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE
+AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS
+EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS.  THE PROVIDER EXCLUDES ALL
+WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING
+FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR
+OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY
+LAW.
+
+5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT
+ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS
+A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS
+OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER.  WHILST THE
+PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH
+DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS
+TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET.
+
+5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS
+LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE
+PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT.
+
+5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY
+E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY
+THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING
+TRANSMISSION.
+
+
+6 BUG FIXING AND PRODUCT SUPPORT 
+
+6.1 The provider will use reasonable endeavours to provide support to users.
+The provider will at their discretion only provide support for the latest
+release.
+
+6.2 Support comprises of fault reporting via tickets and fault diagnosis,
+recommendations on workarounds, and where reasonably possible a timely
+resolution.
+
+6.3 The user accepts that on occasion the ability of the provider to meet
+anticipated or published support schedules may be impaired due to, but without
+limitation, Internet service provider failures or software failures that
+affect the ability to communicate for an indeterminate period.
+
+6.4 The provider reserves the right to refuse to provide support at any time.
+
+6.5 The provider wishes to maintain and offer a product of the highest
+possible quality, and accordingly may from time to time and at its discretion
+make product changes for the purpose of correcting behaviour in variance to
+the published specification or the user's reasonable expectations. 
+
+6.6 The provider reserves the right to charge for support where the user does
+not have a valid support plan in place, or where the support offered exceeds
+the scope of the active support plan.
+
+
+7 PRODUCT UPGRADES
+
+7.1 The provider may from time to time release product upgrades. These will
+be provided free of charge and attempts made to provide a timely notification
+to customers of the existence of any new release.
+
+
+8 ERRORS AND OMISSIONS
+
+Whilst reasonable endeavours are made to ensure the accuracy of documentation
+concerning the details of the Loader, the user accepts the possibility of
+inaccuracies in information presented in any format, including email
+communications and online services. The provider shall under no circumstances
+be liable for any events that arise as a result of unintentional inaccuracies
+or omissions.
+
+
+9 USER INDEMNITY
+
+You agree to fully indemnify, defend and hold the provider harmless
+immediately upon demand from and against all actions, liability, claims,
+losses, damages, costs and expenses (including legal/attorney fees) incurred
+by the provider arising directly or indirectly as a result of your breach of
+this Licence Agreement.
+
+
+10 INTELLECTUAL PROPERTY RIGHTS
+
+10.1 The user acknowledges that the Loader and associated documentation and
+materials contain proprietary information of the provider and are and shall
+remain the exclusive property of the provider and/or its licensors and all
+title, copyright, trade marks, trade names, patents and other intellectual
+property rights therein of whatever nature shall remain the sole property of
+the provider and/or its licensors.
+
+10.2 No title to or rights of ownership, copyright or other intellectual
+property in the Loader is transferred to the user (other than the licence
+rights expressly granted in this Licence Agreement).
+
+
+11 TERMINATION
+
+11.1 The provider reserves the right to terminate this Licence Agreement
+immediately by notice in writing against the user if the user is in breach of
+any terms and conditions of this Licence Agreement.
+
+11.2 Termination of this Licence Agreement for any reason shall be without
+prejudice to any other rights or remedies of the provider which may have
+arisen on or before the date of termination under this Licence Agreement or in
+law.
+
+11.3 The provisions of the following clauses shall survive any termination of
+this agreement; clause 3, 5, 10 and 13.
+
+
+12 GENERAL
+
+12.1 The provider reserves the right to transfer or assign all or any of its
+rights and duties and responsibilities set out in this Licence Agreement to
+another party.
+
+12.2 Headings have been included for convenience only and will not be used in
+construing any provision of this Licence Agreement.
+
+12.3 No delay or failure by the provider to exercise any powers, rights or
+remedies under this Licence Agreement will operate as a waiver of them nor
+will any single or partial exercise of any such powers, rights or remedies
+include any other or further exercise of them.
+
+12.4 If any part of this Licence Agreement is found by a court of competent
+jurisdiction or other competent authority to be invalid, unlawful or
+unenforceable then such part shall be severed from the remainder of this
+Licence Agreement which will continue to be valid and enforceable to the
+fullest extent permitted by applicable law.
+
+12.5 This Licence Agreement including the documents or other sources referred
+to herein supersede all prior representations, understandings and agreements
+between the user and the provider relating to the Loader and sets forth the
+entire agreement and understanding between the user and the provider relating
+to the Loader.
+
+12.6 Nothing in this Licence Agreement shall be deemed to constitute a
+partnership between you and the provider nor constitute either party being an
+agent of the other party.
+
+12.7 This Agreement does not create any rights or benefits enforceable by any
+person not a party to it (within the meaning of the U.K.Contracts (Rights of
+Third Parties) Act 1999) except that a person who under clause 12.1 is a
+permitted successor or assignee of the rights or benefits of the provider may
+enforce such rights or benefits.
+
+
+13 GOVERNING LAW AND JURISDICTION
+
+This License Agreement and any issues relating thereto shall be construed and
+interpreted in accordance with the laws of England and subject to the
+exclusive jurisdiction of the English courts.
+
+Copyright (c) 2002-2017 ionCube Ltd.          Last revised 23-April-2015
diff --git a/src/deb/latest.txt b/src/deb/latest.txt
index 8ebe40d1..dcb1761c 100644
--- a/src/deb/latest.txt
+++ b/src/deb/latest.txt
@@ -1 +1 @@
-vesta-0.9.9-0-4
+vesta-0.9.9-0-13
\ No newline at end of file
diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst
index 09195d4c..186f54d5 100755
--- a/src/deb/vesta/postinst
+++ b/src/deb/vesta/postinst
@@ -21,12 +21,155 @@ if [ ! -d "/usr/local/vesta/data/upgrades" ]; then
     mkdir -p /usr/local/vesta/data/upgrades
 fi
 
+VESTA="/usr/local/vesta"
+
 # show changelog after update
-# echo "1" > /usr/local/vesta/data/upgrades/show_changelog
-# chmod a=rw /usr/local/vesta/data/upgrades/show_changelog
+echo "1" > /usr/local/vesta/data/upgrades/show_changelog
+chmod a=rw /usr/local/vesta/data/upgrades/show_changelog
+
+# SSL fix for Apache 2.4.65+
+if [ ! -f "/usr/local/vesta/data/upgrades/fixssl.conf" ]; then
+    if [ "$release" -ge 11 ]; then
+        if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then
+            echo "== Fixing SSL for Apache 2.4.65+"
+            echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf
+            touch /usr/local/vesta/data/upgrades/fixssl.conf
+            nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')    
+            if [ $nginx_running -eq 1 ]; then
+                echo "== Restarting Nginx"
+                systemctl restart nginx
+            fi
+        fi
+    fi
+fi
+
+# Adding cron job for disk usage snapshot
+if [ ! -f "/usr/local/vesta/data/upgrades/v-df-snapshot-make" ]; then
+    if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then
+        echo "== Adding cron job for disk usage snapshot"
+        command="sudo $VESTA/bin/v-df-snapshot-make"
+        $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command"
+        touch /usr/local/vesta/data/upgrades/v-df-snapshot-make
+        systemctl restart cron.service
+    fi
+    if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then
+        echo "== Adding cron job for disk usage snapshot logs cleaner"
+        command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner"
+        $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command"
+        touch /usr/local/vesta/data/upgrades/v-df-snapshot-make
+        systemctl restart cron.service
+    fi
+fi
+
+# Fixing PHP and .env permissions and ownership for all websites
+if [ ! -f "/usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php" ]; then
+    # Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php"
+    if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then
+        if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then
+            echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php"
+            sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf
+            sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin
+            sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf
+            sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin
+            systemctl restart cron.service
+        fi
+    fi
+    echo "== Fixing PHP and .env permissions and ownership for all websites"
+    command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php"
+    $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command"
+    touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php
+    systemctl restart cron.service
+fi
+
+if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then
+    echo "== Adding FileManager license to vesta.conf"
+    echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf
+fi
+
+if [ -f "/root/.bash_profile" ]; then
+    if ! grep -q "v-cd-www" /root/.bash_profile; then
+        echo "== Adding v-cd-www alias to root bash profile"
+        echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile
+    fi
+fi
+
+# Adding myVesta rules to SpamAssassin
+if [ -d "/etc/spamassassin" ]; then
+    spamassassin_modified=0
+    if [ ! -f "/etc/spamassassin/myvesta.cf" ]; then
+        touch /etc/spamassassin/myvesta.cf
+    fi
+    if ! grep -q 'RCVD_IN_RP_SAFE' /etc/spamassassin/myvesta.cf; then
+        echo "== Adding RCVD_IN_RP_ myVesta rules to SpamAssassin"
+        echo 'score RCVD_IN_RP_SAFE 0' >> /etc/spamassassin/myvesta.cf
+        echo 'score RCVD_IN_RP_CERTIFIED 0' >> /etc/spamassassin/myvesta.cf
+        spamassassin_modified=1
+    fi
+    if ! grep -q 'SPF_FAIL' /etc/spamassassin/myvesta.cf; then
+        echo "== Adding SPF_FAIL myVesta rules to SpamAssassin"
+    cat <<EOF >> /etc/spamassassin/myvesta.cf
+score SPF_FAIL 3.0
+score SPF_SOFTFAIL 4.0
+score SPF_NONE 4.0
+EOF
+        spamassassin_modified=1
+    fi
+
+    if [ $spamassassin_modified -eq 1 ]; then
+        spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running')
+        if [ $spamassassin_running -eq 1 ]; then
+            echo "== Restarting SpamAssassin"
+            if [ "$release" -lt 12 ]; then
+                    systemctl restart spamassassin.service
+                else
+                    systemctl restart spamd.service
+            fi
+        fi
+    fi
+fi
+
+# Adding ProFTPD to Fail2Ban
+if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then
+    if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then
+        echo "== Adding ProFTPD to Fail2Ban"
+        cat <<EOF >> /etc/fail2ban/jail.local
+
+[proftpd]
+enabled = true
+filter = proftpd
+action = vesta[name=FTP]
+port = ftp,ftp-data,ftps,ftps-data
+logpath = %(proftpd_log)s
+backend = %(proftpd_backend)s
+maxretry = 5
+EOF
+        fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')    
+        if [ $fail2ban_running -eq 1 ]; then
+            echo "== Restarting Fail2Ban"
+            systemctl restart fail2ban
+        fi
+    fi
+fi
+
+# Removing SpamHaus DNSBL
+if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then
+    sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf
+    touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed
+fi
+
+# Fixing 'dh key too small' in dovecot
+if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then
+    if grep -q 'dh key too small' /var/log/dovecot.log.1; then
+        if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then
+            echo "== Fixing 'dh key too small' in dovecot"
+            echo "ssl_dh=</usr/share/dovecot/dh.pem" >> /etc/dovecot/conf.d/10-ssl.conf
+            systemctl restart dovecot
+        fi
+    fi
+fi
 
 # Patching exim4.conf for: smtputf8_advertise_hosts
-if [ "$release" -gt 10 ]; then
+if [ "$release" -ge 11 ]; then
     if [ -f "/etc/exim4/exim4.conf.template" ]; then
         if ! grep -q 'smtputf8_advertise_hosts' /etc/exim4/exim4.conf.template; then
             echo 'Patching exim4.conf for: smtputf8_advertise_hosts'
@@ -47,7 +190,7 @@ if [ -f "/etc/exim4/exim4.conf.template" ]; then
 fi
 
 # Making sure yescrypt is disabled
-if [ "$release" -eq 11 ]; then
+if [ "$release" -ge 11 ]; then
     sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password
 fi
 
@@ -66,25 +209,34 @@ if [ "$release" -eq 11 ]; then
 					ADD="  hosts_try_fastopen = \!\*.l.google.com"
 					sed -i "s#$FIND#$FIND\n$ADD#g" /etc/exim4/exim4.conf.template
 					systemctl restart exim4
-					
-					sed -i "s/net.ipv4.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf
-					echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
 		fi
 	fi
 fi
 
+if [ "$release" -ge 11 ]; then
+    check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf)
+    if [ "$check_grep" -gt 0 ]; then
+        echo "=== Removing net.ipv4.tcp_window_scaling"
+        sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf
+        echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+    fi
+fi
 
 # Adding Barracuda RBL to SpamAssassin
 if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then
     spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin')
-    spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin' | grep -c 'running')
+    spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running')
     if [ $spamassassin_installed -eq 1 ]; then
         echo "== Adding Barracuda RBL to SpamAssassin"
         wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf
     fi
     if [ $spamassassin_running -eq 1 ]; then
         echo "== Restarting SpamAssassin"
-        systemctl restart spamassassin
+        if [ "$release" -lt 12 ]; then
+            systemctl restart spamassassin.service
+        else
+            systemctl restart spamd.service
+        fi
     fi
     touch /usr/local/vesta/data/upgrades/barracuda_rbl
 fi
@@ -141,7 +293,11 @@ if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then
         echo "== Enabling TLS for ProFTPD FTPS"
         wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf
         sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf
-        systemctl restart proftpd
+        proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running')    
+        if [ $proftpd_running -eq 1 ]; then
+            echo "== Restarting ProFTPD"
+            systemctl restart proftpd
+        fi
     fi
   fi
 fi
diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh
index a80316d9..2d0e4874 100644
--- a/src/deb/vesta_compile.sh
+++ b/src/deb/vesta_compile.sh
@@ -7,8 +7,8 @@
 build_deb_package=1
 add_deb_to_apt_repo=0
 
-TARGET_DEB_NAME='bookworm'
-TARGET_DEB_VER='12'
+TARGET_DEB_NAME='trixie'
+TARGET_DEB_VER='13'
 
 run_apt_update_and_install=1
 wait_to_press_enter=1
@@ -31,8 +31,8 @@ fi
 
 MAINTAINER_EMAIL='info@myvestacp.com'
 
-TARGET_DEB_NAME_MAIN='bookworm'
-TARGET_DEB_VER_MAIN='12'
+TARGET_DEB_NAME_MAIN='trixie'
+TARGET_DEB_VER_MAIN='13'
 
 # Set compiling directory
 BUILD_DIR="/usr/src/$TARGET_DEB_NAME"
@@ -58,11 +58,12 @@ BUILD_DATE=$(date +"%d-%b-%Y")
 
 # Set Version for compiling
 VESTA_V=$VESTA_VER"_amd64"
-NGINX_V='1.25.1'
-OPENSSL_V='1.1.1u'
+
+NGINX_V='1.29.1'
+PHP_V='8.4.11'
+OPENSSL_V='1.1.1w'
 PCRE_V='8.45'
-ZLIB_V='1.2.13'
-PHP_V='5.6.40'
+ZLIB_V='1.3.1'
 
 # Generate Links for sourcecode
 NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz'
@@ -73,7 +74,7 @@ OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz'
 PCRE='https://sourceforge.net/projects/pcre/files/pcre/'$PCRE_V'/pcre-'$PCRE_V'.tar.gz/download'
 # Zlib moved archives to Github
 ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz'
-PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz'
+PHP='https://www.php.net/distributions/php-'$PHP_V'.tar.gz'
 
 # Set package dependencies for compiling
 release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
@@ -81,7 +82,7 @@ release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
 if [ "$release" -lt 12 ]; then
     SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync'
 else
-    SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync'
+    SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync libsqlite3-dev libonig-dev'
 fi
 
 function press_enter {
@@ -130,6 +131,9 @@ if [ $run_apt_update_and_install -eq 1 ]; then
   if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then
       ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl
   fi
+  if [ ! -e /usr/local/include/curl ] && [ "$release" -eq 13 ]; then
+      ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl
+  fi
   press_enter "=== Press enter to continue ==============================================================================="
 fi
 
@@ -258,6 +262,7 @@ EOF
     press_enter "*** please copy above generated key to your clipboard and then paste it after pressing enter now ***"
     vi $PATH_OF_APT_REPO_ROOT/deb_signing.key
     cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/deb_signing.key
+    cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/13/deb_signing.key
     cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/12/deb_signing.key
     cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/11/deb_signing.key
     cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/10/deb_signing.key
@@ -448,6 +453,34 @@ if [ "$CWEB_B" = true ]; then
   tar -czf dovecot.tar.gz dovecot/
   echo "=== All done for Debian12"
   ##########
+  cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/13
+  
+  if [ -f "packages.tar.gz" ]; then
+    rm packages.tar.gz
+  fi
+  tar -czf packages.tar.gz packages/
+  
+  if [ -f "templates.tar.gz" ]; then
+    rm templates.tar.gz
+  fi
+  tar -czf templates.tar.gz templates/
+  
+  if [ -f "firewall.tar.gz" ]; then
+    rm firewall.tar.gz
+  fi
+  tar -czf firewall.tar.gz firewall/
+  
+  if [ -f "fail2ban.tar.gz" ]; then
+    rm fail2ban.tar.gz
+  fi
+  tar -czf fail2ban.tar.gz fail2ban/
+  
+  if [ -f "dovecot.tar.gz" ]; then
+    rm dovecot.tar.gz
+  fi
+  tar -czf dovecot.tar.gz dovecot/
+  echo "=== All done for Debian13"
+  ##########
   
   cp /root/vesta/install/vst-install-debian.sh $PATH_OF_C_WEB_FOLDER_ROOT/vst-install-debian.sh
 
@@ -498,7 +531,7 @@ if [ "$NGINX_B" = true ]; then
               --with-openssl-opt=no-weak-ssl-ciphers \
               --with-openssl-opt=no-ssl3 \
               --with-pcre=../pcre-$PCRE_V \
-                  --with-pcre-jit \
+              --with-pcre-jit \
               --with-zlib=../zlib-$ZLIB_V
       
       # Check install directory and remove if exists
@@ -593,11 +626,10 @@ if [ "$PHP_B" = true ]; then
                   --with-zlib \
                   --with-fpm-user=admin \
                   --with-fpm-group=admin \
-                  --with-mysql \
                   --with-mysqli \
                   --with-curl \
                   --enable-mbstring \
-				  --with-mysql-sock=/var/run/mysqld/mysqld.sock
+                  --with-mysql-sock=/var/run/mysqld/mysqld.sock
       
       # Check install directory and remove if exists
       if [ -d $INSTALL_DIR/php ]; then
@@ -605,7 +637,7 @@ if [ "$PHP_B" = true ]; then
       fi
     
       press_enter "=== Press enter to compile PHP ==============================================================================="
-      
+
       make && make install
       
       press_enter "=== Press enter to continue ==============================================================================="
diff --git a/web/add/dns/index.php b/web/add/dns/index.php
index 7c18faab..b9e47abe 100644
--- a/web/add/dns/index.php
+++ b/web/add/dns/index.php
@@ -80,7 +80,7 @@ if (!empty($_POST['ok'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
+        $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain']));
         unset($v_domain);
     }
 }
@@ -128,7 +128,7 @@ if (!empty($_POST['ok_rec'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain]));
+        $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain']));
         unset($v_domain);
         unset($v_rec);
         unset($v_val);
diff --git a/web/add/mail/index.php b/web/add/mail/index.php
index c761139c..6a8b6e9f 100644
--- a/web/add/mail/index.php
+++ b/web/add/mail/index.php
@@ -186,7 +186,7 @@ if (!empty($_POST['ok_acc'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]));
+        $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']));
         $_SESSION['ok_msg'] .= " / <a style=\"text-decoration: underline; color: #9c8cff;\" href=".$webmail." target='_blank'>" . __('open webmail') . "</a>";
         unset($v_account);
         unset($v_password);
diff --git a/web/add/web/index.php b/web/add/web/index.php
index d77b8f40..e11cff23 100644
--- a/web/add/web/index.php
+++ b/web/add/web/index.php
@@ -323,7 +323,7 @@ if (!empty($_POST['ok'])) {
         }
 
         if (!empty($_SESSION['error_msg']) && $domain_added) {
-            $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
+            $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain']));
             $_SESSION['flash_error_msg'] = $_SESSION['error_msg'];
             $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain']));
             header('Location: ' . $url);
diff --git a/web/css/styles.min.css b/web/css/styles.min.css
index 374b458c..d84a6a85 100644
--- a/web/css/styles.min.css
+++ b/web/css/styles.min.css
@@ -4236,3 +4236,29 @@ div.ui-dialog + div div{
   padding: 5px 10px !important;
   border-radius: 13px;
 }
+
+.get-ip-info-btn {
+    cursor: pointer;
+    margin-left: 10px;
+}
+.get-ip-info-btn:hover {
+    color: #000000;
+}
+.get-ip-info-btn + .get-ip-info-result {
+    margin: 10px 0;
+}
+.get-ip-info-btn + .get-ip-info-result dl dt {
+    font-weight: bold;
+}
+.get-ip-info-btn + .get-ip-info-result dl dd {
+    margin: 0 0 10px 0;
+}
+.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-triangle {
+    color: red;
+}
+.get-ip-info-btn + .get-ip-info-result dl .fa-check-circle {
+    color: green;
+}
+.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-circle {
+    color: orange;
+}
diff --git a/web/edit/server/index.php b/web/edit/server/index.php
index 49c577d8..eed4baab 100644
--- a/web/edit/server/index.php
+++ b/web/edit/server/index.php
@@ -339,7 +339,8 @@ if (!empty($_POST['save'])) {
             $v_backup_username = escapeshellarg($_POST['v_backup_username']);
             $v_backup_password = escapeshellarg($_POST['v_backup_password']);
             $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
-            exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var);
+            $v_backup_port = escapeshellarg($_POST['v_backup_port']);
+            exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath." ".$v_backup_port, $output, $return_var);
             check_return_code($return_var,$output);
             unset($output);
             if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
@@ -347,12 +348,12 @@ if (!empty($_POST['save'])) {
             if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
             if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
             if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
+            if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port'];
             $v_backup_new = 'yes';
             $v_backup_adv = 'yes';
             $v_backup_remote_adv = 'yes';
         }
     }
-
     // Change remote backup host type
     if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
diff --git a/web/inc/i18n/en.php b/web/inc/i18n/en.php
index 39c3bfff..09ae210f 100644
--- a/web/inc/i18n/en.php
+++ b/web/inc/i18n/en.php
@@ -377,6 +377,7 @@ $LANG['en'] = array(
     'ErrorLog' => 'ErrorLog',
     'Download AccessLog' => 'Download AccessLog',
     'Download ErrorLog' => 'Download ErrorLog',
+    'Continent' => 'Continent',
     'Country' => 'Country',
     '2 letter code' => '2 letter code',
     'State / Province' => 'State / Province',
diff --git a/web/inc/main.php b/web/inc/main.php
index 26df863e..f13e4142 100644
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -38,8 +38,13 @@ if(!isset($_SESSION['user_combined_ip'])){
     $_SESSION['user_combined_ip'] = $user_combined_ip;
 }
 
+$SKIP_IP_CHECK = false;
+if (isset($_SESSION['DISABLE_IP_CHECK']) && $_SESSION['DISABLE_IP_CHECK'] == 'yes') {
+    $SKIP_IP_CHECK = true;
+}
+
 // Checking user to use session from the same IP he has been logged in
-if($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){
+if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $SKIP_IP_CHECK==false) {
     session_destroy();
     session_start();
     $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 3dcdb0ae..d21a4322 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -59,7 +59,7 @@ function prevent_post_csrf ($hard_check=false) {
             if (isset($_SERVER['HTTP_ORIGIN']) == false) return;
         } else {
             if (isset($_SERVER['HTTP_HOST']) == false) $_SERVER['HTTP_HOST'] = '';
-            if (isset($_SERVER['SERVER_PORT']) == false) $_SERVER['HTTP_PORT'] = '';
+            if (isset($_SERVER['SERVER_PORT']) == false) $_SERVER['SERVER_PORT'] = '';
             if (isset($_SERVER['HTTP_ORIGIN']) == false) $_SERVER['HTTP_ORIGIN'] = '';
         }
         $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
diff --git a/web/js/app.js b/web/js/app.js
index 9ba909a5..978b7d09 100644
--- a/web/js/app.js
+++ b/web/js/app.js
@@ -1072,3 +1072,42 @@ function elementHideShow(elementToHideOrShow){
     el.style.display = el.style.display === 'none' ? 'block' : 'none';
 }
 
+(function($) {
+    $(document).ready(function() {
+        $('.get-ip-info-btn').click(function() {
+            var token = $('#token').attr('token');
+            var index = $(this).attr('data-index');
+            var btn_el = $('.get-ip-info-btn[data-index="' + index + '"]');
+            var result_el = $('.get-ip-info-btn[data-index="' + index + '"] + .get-ip-info-result');
+            var ip = btn_el.attr('data-ip');
+            
+            var url_params = new URLSearchParams(window.location.search);
+            var clear_cache = url_params.get('clear_cache');
+            
+            if (!$.trim(result_el.html())) {
+                result_el.html('<i class="fas fa-spin fa-2x fa-spinner"></i>');
+
+                $.ajax({
+                    method: "POST",
+                    url: "/list/firewall/banlist/ip_info.php",
+                    data: { ip: ip, clear_cache: clear_cache, token: token },
+                    cache: false,
+                    error: function(jqXHR, textStatus, errorThrown) {
+                        result_el.html('<strong>GENERAL ERROR</strong><br>' + errorThrown);
+                    },
+                    success: function(result_data) {
+                        if (btn_el.find('i').hasClass('fa-times')) {
+                            result_el.html(result_data);
+                        }
+                    }
+                });
+                
+                btn_el.find('i').removeClass('fa-search').addClass('fa-times');
+            }
+            else {
+                result_el.html('');
+                btn_el.find('i').removeClass('fa-times').addClass('fa-search');
+            }
+        });
+    });
+})(jQuery);
diff --git a/web/list/firewall/banlist/ip_info.php b/web/list/firewall/banlist/ip_info.php
new file mode 100644
index 00000000..e7888a75
--- /dev/null
+++ b/web/list/firewall/banlist/ip_info.php
@@ -0,0 +1,164 @@
+<?
+error_reporting(NULL);
+session_start();
+
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+if (!function_exists('str_contains')) {
+    function str_contains($haystack, $needle)
+    {
+        return $needle !== '' && mb_strpos($haystack, $needle) !== false;
+    }
+}
+
+// cidrMatch() based on https://stackoverflow.com/a/14535823
+function cidrMatch($ip, $range)
+{
+    if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) return false;
+    list($subnet, $bits) = explode('/', $range);
+    $ip = substr(ipToBinary($ip), 0, $bits);
+    $subnet = substr(ipToBinary($subnet), 0, $bits);
+    return ($ip == $subnet);
+}
+
+// ipToBinary based on https://stackoverflow.com/a/14535823
+function ipToBinary($ip)
+{
+    $ipbin = '';
+    $ips = explode(".", $ip);
+    foreach ($ips as $iptmp) {
+        $ipbin .= sprintf("%08b", $iptmp);
+    }
+    return $ipbin;
+}
+
+function fetchURL($url, &$info = [])
+{
+    $curl_handle = curl_init();
+    curl_setopt($curl_handle, CURLOPT_FOLLOWLOCATION, true);
+    curl_setopt($curl_handle, CURLOPT_ENCODING, 'gzip, deflate');
+    curl_setopt($curl_handle, CURLOPT_URL, $url);
+    curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 10);
+    curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
+    $data = curl_exec($curl_handle);
+    $info = curl_getinfo($curl_handle);
+    curl_close($curl_handle);
+    return $data;
+}
+
+function parseCacheEntries($strEntries)
+{
+    $parsed = [];
+    $entries = explode("\n", $strEntries);
+    if ($entries) {
+        foreach ($entries as $entry) {
+            list($entry,) = explode("#", $entry);
+            list($entry,) = explode(";", $entry);
+            $entry = trim($entry);
+            if (!empty($entry)) $parsed[] = $entry;
+        }
+    }
+    return $parsed;
+}
+
+function checkIP($ip)
+{
+    $check_results = [];
+    $lists = [
+        'BDEALL' => 'http://lists.blocklist.de/lists/all.txt',
+        'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php',
+        'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt',
+        'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt',
+        'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt',
+        'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt',
+        'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py',
+    ];
+    $today = date('Y-m-d');
+
+    foreach ($lists as $code => $url) {
+        $cache_tag = 'ip-blacklist-' . $code . '-cache';
+
+        // init cache
+        if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => ''];
+
+        // invalidate cache if clear_cache parameter is 1
+        if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01';
+
+        // if cache is not updated, fetch new data and save to cache
+        if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) {
+            $new_cache_data = fetchURL($url, $url_result);
+            if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data);
+            $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']];
+        }
+
+        // check ip 
+        $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) {
+            if (str_contains($item, '/')) return cidrMatch($ip, $item);
+            if ($ip == $item) return true;
+            return false;
+        });
+
+        $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false;
+        $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated'];
+        $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code'];
+    }
+
+    return $check_results;
+}
+
+// Check token
+if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
+    die("Wrong token");
+}
+
+$ip = $_REQUEST['ip'];
+
+// Validate IP format
+if (filter_var($ip, FILTER_VALIDATE_IP) === false) {
+    die('<strong>GENERAL ERROR</strong><br>BAD_IP_FORMAT');
+}
+
+// Query host
+$host = gethostbyaddr($ip);
+
+// Query blocklists
+$result_blocklists = '';
+$ip_check = checkIP($ip);
+if ($ip_check) {
+    foreach ($ip_check as $list_code => $list_results) {
+        $result_blocklists .= '<div title="'.$list_results['updated'].' / '.$list_results['http_code'].'">';
+        $result_blocklists .= $list_results['found'] ? '<i class="fas fa-fw fa-exclamation-triangle"></i>' : '<i class="fas fa-fw fa-check-circle"></i>';
+        $result_blocklists .= '&nbsp;<span>'.$list_code.'</span>&nbsp;';
+        $result_blocklists .= $list_results['http_code'] == '200' ? '' : '<i class="fas fa-fw fa-exclamation-circle"></i>';
+        $result_blocklists .= '</div>';
+    }
+}
+
+// Query location
+$url = 'https://api.db-ip.com/v2/free/'.$ip;
+$result = fetchURL($url);
+$result_array = json_decode($result, true);
+if (!is_array($result_array)) {
+    die('<strong>GENERAL ERROR</strong><br>BAD_JSON');
+}
+if (!empty($result_array['errorCode'])) {
+    die('<strong>GENERAL ERROR</strong><br>'.$result_array['errorCode']);
+}
+
+// Output
+echo "
+<dl>
+    <dt>".__('Host')."</dt>
+    <dd>".$host."</dd>
+    <dt>".__('Banlist')."</dt>
+    <dd>".$result_blocklists."</dd>
+    <dt>".__('Continent')."</dt>
+    <dd>".$result_array['continentName']." [".$result_array['continentCode']."]</dd>
+    <dt>".__('Country')."</dt>
+    <dd>".$result_array['countryName']." [".$result_array['countryCode']."]</dd>
+    <dt>".__('State / Province')."</dt>
+    <dd>".$result_array['stateProv']." [".$result_array['stateProvCode']."]</dd>
+    <dt>".__('City / Locality')."</dt>
+    <dd>".$result_array['city']."</dd>
+</dl>
+";
diff --git a/web/list/user/index.php b/web/list/user/index.php
index da708edc..4e5ac369 100644
--- a/web/list/user/index.php
+++ b/web/list/user/index.php
@@ -22,7 +22,7 @@ if ($user == 'admin') {
         if ($show_changelog_value_int==1) {
             $changelog='';
             $changelog_arr=file("/usr/local/vesta/Changelog.md");
-            for ($i=0; $i<30; $i++) {
+            for ($i=0; $i<100; $i++) {
                 if (trim($changelog_arr[$i])=="") break;
                 if ($i>1) $changelog.="\n";
                 $changelog.=$changelog_arr[$i];
diff --git a/web/login/index.php b/web/login/index.php
index 18841344..5de05451 100644
--- a/web/login/index.php
+++ b/web/login/index.php
@@ -1,5 +1,7 @@
 <?php
 
+if ($_SERVER['REQUEST_METHOD']=='HEAD') exit; // Prevent recreation of token by shitty browser add-ons
+
 define('NO_AUTH_REQUIRED',true);
 
 
diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html
index b5da08de..888b081f 100644
--- a/web/templates/admin/edit_server.html
+++ b/web/templates/admin/edit_server.html
@@ -641,6 +641,17 @@
                                                             <br><br>
                                                         </td>
                                                     </tr>
+                                                    <tr>
+                                                        <td class="vst-text">
+                                                            <?php print __('Port') ?>
+                                                        </td>
+                                                    </tr>
+                                                    <tr>
+                                                        <td>
+                                                            <input type="text" size="20" class="vst-input" name="v_backup_port" value="<?=trim($v_backup_port, "'")?>">
+                                                            <br><br>
+                                                        </td>
+                                                    </tr>
                                                     <tr>
                                                         <td class="vst-text">
                                                             <?php print __('Username') ?>
diff --git a/web/templates/admin/list_firewall_banlist.html b/web/templates/admin/list_firewall_banlist.html
index 72153940..3bc8ccb2 100644
--- a/web/templates/admin/list_firewall_banlist.html
+++ b/web/templates/admin/list_firewall_banlist.html
@@ -80,7 +80,7 @@
             <div class="clearfix l-unit__stat-col--left wide"><b><?=$data[$key]['DATE']?></b> &nbsp; <?=$data[$key]['TIME']?> </div>
             <div class="clearfix l-unit__stat-col--left"></div>
             <div class="clearfix l-unit__stat-col--left wide-3"><b><?=__($value['CHAIN'])?></b></div>
-            <div class="clearfix l-unit__stat-col--left"><b><?=$ip?></b></div>
+            <div class="clearfix l-unit__stat-col--left"><b><?=$ip?></b><a class="get-ip-info-btn" data-index="<?=$i?>" data-ip="<?=$ip?>"><i class="fas fa-search"></i></a><div class="get-ip-info-result"></div></div>
           </div>
           <!-- /.l-unit__stats -->
         </div>
diff --git a/web/templates/admin/list_user.html b/web/templates/admin/list_user.html
index 066513ee..0bcbddd7 100644
--- a/web/templates/admin/list_user.html
+++ b/web/templates/admin/list_user.html
@@ -81,7 +81,7 @@
               </div>
               <div class="io-box-left-items io-4-homepage-block">
                 <a href="https://forum.myvestacp.com/viewtopic.php?t=814" target="_blank">Donate</a>
-                <span class="io-description">Buy us a coffe</span>
+                <span class="io-description">Buy us a coffee</span>
               </div>
               <div class="io-box-left-items io-5-homepage-block">
                 <a href="https://wiki.myvestacp.com/" target="_blank">Wiki</a>
diff --git a/web/templates/file_manager/main.php b/web/templates/file_manager/main.php
index 2e82f811..dd9095f7 100644
--- a/web/templates/file_manager/main.php
+++ b/web/templates/file_manager/main.php
@@ -19,6 +19,7 @@
     <a href="#" class="to-shortcuts">
         <i class="l-icon-shortcuts"></i>
     </a>
+    <div style="float: right; margin-right: 15px;position: fixed;z-index: 100;right: 0px;color: #fff;top: 10px;" title="Developed and donated by VestaCP.com">©</div>
 
     <div id="main">
         <div class="window active">
diff --git a/web/templates/header.html b/web/templates/header.html
index 7f317f94..37905032 100644
--- a/web/templates/header.html
+++ b/web/templates/header.html
@@ -4,7 +4,7 @@
   <meta charset="utf-8">
   <link rel="icon" href="/images/favicon.ico" type="image/x-icon">
   <title>myVesta - <?=__($TAB)?></title>
-  <link rel="stylesheet" href="/css/styles.min.css?1446554112">
+  <link rel="stylesheet" href="/css/styles.min.css?1446554113">
   <link type="text/css" href="/css/jquery-custom-dialogs.css" rel="stylesheet" />
   <link href="/css/fonts/font_sans_pro.css" rel="stylesheet">
   <link href="/css/fonts/font_lobster.css" rel="stylesheet">
diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php
index 48f40b23..ce8863bb 100755
--- a/web/upload/UploadHandler.php
+++ b/web/upload/UploadHandler.php
@@ -1096,7 +1096,7 @@ class UploadHandler
         }
         if (count($failed_versions)) {
             $file->error = $this->get_error_message('image_resize')
-                    .' ('.implode($failed_versions,', ').')';
+                    .' ('.implode(', ', $failed_versions).')';
         }
         // Free memory:
         $this->destroy_image_object($file_path);